首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全工具>嗅探器>软件详细
软件名称:  packetStorm1.2.rar
文件类型:  
界面语言:  简体中文
软件类型:  国产软件
运行环境:  WinNT/2K/Xp
授权方式:  共享软件
软件大小:  27K
软件等级:  ★★★★☆
发布时间:  2006-02-08
官方网址: shanleiguang@he.chinamobile.co 作者:vitter
演示网址:
软件说明:  
简单的协议分析脚本,可用于学习TCP/IP协议和Perl编程。

      //--\\       //           __          //--\
     //   //      //   /==    //           //___/
    //---//\ /-- //== /-- =/= \\__ =/= /-/ /\\   /\/\
    /    //-\\__// \_/__  /_     ///__/_/_/  \\_//\/\\
  _/                         ___//             //    \\

#帮助菜单
C:\Perl\scripts\Packetstorm>packetStorm.pl -?

    >>packetStorm.pl, V1.3
        -?|-h|--help        print help #打印帮助
        -l|--list_device    list supported device #列出系统支持的设备
        -v|--verbose        print more information #打印更多数据
        -p|--promisc        enable promisc #使用混杂模式
        -n|--counter        capture counter #抓包数量
        -t|--pretty_table   enable pretty table #使用文本表格方式打印结果
        -d|--device         select device #选择抓包设备
        -e|--eth_type       eth_type, arp or ip(default) #设置帧协议类型,arp 或ip
        -i|--ip_proto       ip_proto, icmp udp or tcp(default) #设置三层协议类型
           --arp_spa        ARP, source protocol address #以下为各协议支持的Caputer Filters
           --arp_tpa        ARP, target protocol address
           --arp_pa         ARP, src/target protocol address
           --arp_opcode     ARP, opcode, 1(Request) 2(Reply)
           --src_ip         IP, source ip
           --dest_ip        IP, destination ip
           --host           IP, src/dest ip
           --icmp_type      ICMP, icmp type
           --src_port       TCP/UDP, source port
           --dest_port      TCP/UDP, destination port
           --port           TCP/UDP, src/dest port
           --tcp_flag       TCP, tcp flag
                by shanleiguang@he.chinamobile.com, 2006/01

#列出当前系统支持的网络设备
C:\Perl\scripts\Packetstorm>packetStorm.pl -l

    +-----------------------------------------------------------------------------------+
    | Supported Devices                                                                 |
    +---+------+------------------------------------------------------------------------+
    | 1 | dev  | \Device\NPF_GenericDialupAdapter                                       |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Generic dialup adapter                                                 |
    +---+------+------------------------------------------------------------------------+
    | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |
    +---+------+------------------------------------------------------------------------+

#选择2号设备,分析ARP协议包
C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 --eth_type arp

    +-----------------------------------------------------------------------------------+
    | Selected Device                                                                   |
    +---+------+------------------------------------------------------------------------+
    | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |
    +---+------+------------------------------------------------------------------------+

2006/02/07 11:14:44 , packets are storming...

[1]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.58, ARP_REQUEST
[2]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.40, ARP_REQUEST
[3]. 08:00:46:CD:DE:A3->00:00:00:00:00:00, xxx.xxx.xxx.60->xxx.xxx.xxx.34, ARP_REQUEST
[4]. 00:11:F9:C8:59:F1->08:00:46:CD:DE:A3, xxx.xxx.xxx.34->xxx.xxx.xxx.60, ARP_REPLY

#选择2号设备,将设备设置到promisc模式,分析ARP协议包,打印更多数据、采用表格方式输出
C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vpt --eth_type arp

    +-----------------------------------------------------------------------------------+
    | Selected Device                                                                   |
    +---+------+------------------------------------------------------------------------+
    | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |
    +---+------+------------------------------------------------------------------------+

2006/02/07 11:31:08 , packets are storming...

=No.1===========================================================================
    +----------------------------------------------+
    | Ethernet Frame Header                        |
    +-------------------+-------------------+------+
    | src_mac           | dest_mac          | type |
    +-------------------+-------------------+------+
    | 00:E0:FC:47:85:45 | FF:FF:FF:FF:FF:FF | 2054 |
    +-------------------+-------------------+------+
    +------------------------------------------------------+
    | ARP Header                                           |
    +--------+-------------------+-----+-------------------+
    | sha    | 00:E0:FC:47:85:45 | tha | 00:00:00:00:00:00 |
    +--------+-------------------+-----+-------------------+
    | spa    | xxx.xxx.xxx.33    | tpa | xxx.xxx.xxx.40    |
    +--------+-------------------+-----+-------------------+
    | opcode | ARP_REQUEST       | -   | -                 |
    +--------+-------------------+-----+-------------------+

... ....

#设置抓包总数为4,打印源地址或目的地址为xxx.xxx.xxx.33的ICMP消息
C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -n 4 -vp --ip_proto icmp host xxx.xxx.xxx.33

    +-----------------------------------------------------------------------------------+
    | Selected Device                                                                   |
    +---+------+------------------------------------------------------------------------+
    | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |
    +---+------+------------------------------------------------------------------------+

2006/02/07 11:31:52 , packets are storming...

[1]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0
     data:abcdefghijklmnopqrstuvwabcdefghi
[2]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0
     data:abcdefghijklmnopqrstuvwabcdefghi
[3]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0
     data:abcdefghijklmnopqrstuvwabcdefghi
[4]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0
     data:abcdefghijklmnopqrstuvwabcdefghi

#分析端口为80有关的TCP数据包,并解析HTTP请求和响应
C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --port 80

    +-----------------------------------------------------------------------------------+
    | Selected Device                                                                   |
    +---+------+------------------------------------------------------------------------+
    | 2 | dev  | \Device\NPF_{5981D162-D83C-4E2E-9057-3C1420D0D650}                     |
    +---+------+------------------------------------------------------------------------+
    |   | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler)  |
    +---+------+------------------------------------------------------------------------+

2006/02/07 11:32:28 , packets are storming...

[1]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)
     flags:2(SYN), seq:1803756956, ack:0
[2]. 64.233.189.104:80->xxx.xxx.xxx.60:1461, proto:6(TCP)
     flags:18(ACK|SYN), seq:3270740938, ack:1803756957
     ? (Unknown code)

[3]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)
     flags:16(ACK), seq:1803756957, ack:3270740939
[4]. xxx.xxx.xxx.60:1461->64.233.189.104:80, proto:6(TCP)
     flags:24(ACK|PSH), seq:1803756957, ack:3270740939
     GET /intl/zh-CN/ HTTP/1.1
     Connection: Keep-Alive
     Accept: */*
     Accept-Encoding: gzip, deflate
     Accept-Language: zh-cn
     Host: www.google.com
     User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
     Cookie: rememberme=true; SID=DQAAAG0AAABo695dhiPsrgNSPcjGe5QC9Lu9zghZ2fYaqGluOEgt-hDchwjTLWd80w
kzmIS0laQfP2lHARL07ftgnlJWGB3QcekxL2me_RYeTS5bYVA9Oy3icUWk3eMrZFkkKhi9jY8IvTwO2QRqgOenSwxi6Z0C; PREF
=ID=c169eba93e0c57bd:NW=1:TM=1139126941:LM=1139126941:GM=1:S=1N_Yf11M0uzWcd6J


#分析目的端口为23的TCP数据包,并使用Telnet协议进行解析和打印(注意用户名和密码!)
C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --dest_port 23

....

By shanleiguang@he.chinamobile.com, 2006/01
下载地址: 进入下载地址列表
下载说明: ☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热门软件
·可以说是最好的嗅探器——Sniffe
·libpcap-0.8.3.tar.gz
·arpspoof.3.1.src.zip
·ARPSniffer
·SQLServerSniffer.rar
·arpspoof.2.1.zip
·scripts 2 exe.rar
·Iris4.00.2
·arpsniffer.c.txt
·packetStorm.rar
·tcpdump-3.8.3.tar.tar
  相关软件
·arpspoof.2.1.zip
·packetStorm.rar
·libpcap-0.8.3.tar.gz
·tcpdump-3.8.3.tar.tar
·arpsniffer.c.txt
·Iris4.00.2
·SQLServerSniffer.rar
·可以说是最好的嗅探器——Sniffe
·ARPSniffer
·arpspoof.3.1.src.zip
·scripts 2 exe.rar
 
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved