张少驰 zhangsc at
Fri Nov 2 11:30:38 CET 2001

   First I'm sorry for sending this letter to your box without obtaining your permission,I beg your pardon. I have a question about Python.Now I am worrying about it very very much!!! I can't sleep well,time is passing fast,but I can't solve this problem on time! So I hope you could help me. I have asked so many people,even help at and python-help at ,but they all can't solve my question.I think you are the only expert which can help me.I beg you help me! My system is Red Hat Linux 7.0 .My python's version is 1.5.2.The question is  that How to collect information about DNS using Python language? How to listen data  packages  about DNS on network and from the data packages,How can seperate IP address and relevant region name? 
My computer works in a LAN which contains many computers,LAN's struct is HUB.My computer isn't the default DNS.My computer's IP is, the DNS is 202.118.x.x. 
I have compiled a program,it follows:

import socket, struct
import os

# IP header byte format (equiv of a C struct)
# get from /usr/include/netinet/ip.h:
#   vers/hdrlen
#   TOS byte (not used often)
#   total_len
#   ident    (internal use)
#   offset   (internal use for partial packets)
#   ttl
#   proto    (ICMP, ARP, TCP, UDP, etc.)
#   chk_sum
#   src_addr
#   dst_addr
IPheader      = '!bbhhhbbhll'
IPheader_len  = struct.calcsize(IPheader)
# UDP header byte format (equiv of a C struct)
# get from /usr/include/netinet/udp.h:
#   src_port
#   dst_port
#   data_len
#   chk_sum
UDPheader     = '!HHHH'
UDPheader_len = struct.calcsize(UDPheader)

os.system("ifconfig eth0 promisc")

# we open a RAW socket instead of STREAM or DGRAM
# when they say "raw," they mean raw - you need to read an exact
# ammount of data, packets are not formed until later
ipsock = socket.socket(socket.AF_INET, 

while 1:
  # I get both headers here, but this is buggy:
  # better to get each header
  # at a time
  recvpack = ipsock.recv(IPheader_len + UDPheader_len)
  ipdata = struct.unpack(IPheader, recvpack[:IPheader_len])
  # we should now have a tuple of values
  # we should perform a checksum, but that's left for later
  if ipdata[6] == socket.IPPROTO_UDP: # is the protocol UDP?
    # get the UDP header decoded (it starts after the IP header)
    udpdata = struct.unpack(UDPheader, recvpack[IPheader_len:])
    # src or dst port is DNS?
    if udpdata[0] == 53 or udpdata[1] == 53: #I think DNS uses 53th port
      # now we get the real (DNS) data, the length is in the
      # UDP header
      ulen = udpdata[2]
      data = ipsock.recv(ulen-24)
      # now we process the data, the IP addresses are in 'ipdata'
      # the ports are in 'upddata', and the DNS request/responce
      # is in 'data' itself
      ##process_packet(ipdata, udpdata, data)
      # instead, for now, just print it
      srcaddr = "%i.%i.%i.%i" %(ipdata[8]>>24 & 255,ipdata[8]>>16 & 255,
                                ipdata[8]>>8 &255,ipdata[8] & 255)
      destaddr = "%i.%i.%i.%i" %(ipdata[9]>>24 & 255,ipdata[9]>>16 & 255,
                                 ipdata[9]>>8 &255,ipdata[9] & 255)
      print 'packet from %s:%d to %s:%d' % (
        srcaddr,udpdata[0],  # source addr & port
        dstaddr,udpdata[1]   # destination addr & port

I run this program,but udpdata[0] or udpdata[1] is never equal to 53,I can't receive DNS packages.Why?
How to do to solve it? Which functions of Python do I need to use and how do I use them? Where can I get relevant information about DNS with Python? What are Internet address?  Where can I get free source code? Could you help me to correct my program and make it to work?
        I'm looking forward to receiving your help letter!
                                Thank you !!!!!!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Python-list mailing list