标签：scapy pkt IP Scapy Two 192.168 Program print 数据包

【Scapy】
【使用scapy处理数据包】

scapy的使用

from scapy.all import *
from scapy.layers.inet import *

pac = dir(scapy.layers)
print(pac) #执行代码后，会输出Scapy中的各层

['builtins', 'cached', 'doc', 'file', 'loader', 'name', 'package', 'path', 'spec', 'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi', 'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip', 'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']

print(explore(scapy.layers.l2)) #查看各种二层协议

查看协议类的属性

在使用Scapy构造数据包时，需要填入数据包的字段，这些字段就是类的属性。Scapy目前使用频率比较高的类是Ether类、IP类、TCP类和UDP类。

可以使用 ls(类名) 函数来查看类拥有的属性，如果不带参数显示的是Scapy支持的协议类。

print(explore(scapy.packet.ls(Ether)))

print(explore(scapy.packet.ls(IP)))

print(explore(scapy.packet.ls(TCP)))

print(explore(scapy.packet.ls(UDP)))

构造数据包

Scapy具有强大的数据包构造功能，利用Scapy可以直观、灵活地构造各种数据包，甚至可以根据需要自定义网络协议。在构造数据包的时候，它遵循网络协议分层的思想，以参数化赋值的方式进行。

简单构造：

pkt = IP()/TCP() #该包的结构包含IP部分和TCP部分

构造数据包：

pkt = IP(src="192.168.56.1",dst="192.168.56.100") /TCP()

Scapy 中的分层结构

OSI 模型中的下层协议在前，以/隔开

Ether()/IP()/TCP()

Ether 类用于设置发送方和接收方的 MAC 地址

构造 HTTP、ICMP 包

数据包的查看：

数据包发送：

WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead

Begin emission:

Finished sending 1 packets.

...*

Received 4 packets, got 1 answers, remaining 0 packets

IP / ICMP 192.168.56.1 > 192.168.56.100 echo-request 0 ==> IP / ICMP 192.168.56.100 > 192.168.56.1 echo-reply 0

数据包的接收：

响应状态:

常用函数：

过滤的语句：

host 192.168.1.1

dst host 192.168.1.1

src port 8080

以太网（MAC 地址）源地址或者目的地址为 11：22：33：44：55：66

ether host 11:22:33:44:55:66

源 MAC 为 11:22:33:44:55:66 的数据包

ether src 11:22:33:44:55:66

源地址在 192.168.1.0/24 网段的数据包

src net 192.168.1.0/24

还可以使用 and、or、not 组合过滤

host 192.168.1.1 and port 8080

在IP地址为192.168.56.1的主机上ping 192.168.56.100，抓取ICMP的报文并输出10个ICMP的报文：

from scapy.all import *
from scapy.layers.inet import *

from scapy.layers.inet6 import *

from scapy.all import sniff

print(dir(scapy.layers))

print(explore(scapy.packet.ls(Ether)))

print(explore(scapy.packet.ls(UDP)))

构造数据包，必须/分层

pkt = Ether(src="00:80:c2:00:00:14",dst="ff:ff:ff:ff:ff:ff")/IP(src="192.168.56.1",dst="192.168.56.100")/TCP()

pkt.show()

res = sr1(pkt)

res.show()

ls(pkt)

print(pkt.summary())

wrpcap("text.cap",pkt)

textcap = rdpcap("text.cap")

textcap.show()

print(conf.ifaces)

print(conf.route)

i = traceroute(["202.96.134.133"])

print(i)

pkt = IP(src="192.168.56.1",dst="192.168.56.100")/ICMP()

wrpcap("text2.cap",sr1(pkt))

def callback(pkt):
print(pkt.summary)
wrpcap("test.cap",pkt)

sniff(filter="icmp and 192.168.56.100",iface="VirtualBox Host-Only Ethernet Adapter #2",prn=callback,count=100)

导入二三四层方法

from scapy.all import *
from scapy.layers.inet6 import *

应用层

from scapy.layers.inet import *
print(dir(scapy.layers))

['builtins', 'cached', 'doc', 'file', 'loader', 'name', 'package', 'path', 'spec',

'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi',

'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip',

'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny',

'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']

构造包时查看支持的报文(ipv4)：

print(explore(scapy.layers.inet))

Class |Name

--------------------------|-------------------------------------------

ICMP |ICMP

ICMPerror |ICMP in ICMP

IP |IP

IPOption |IP Option

IPOption_Address_Extension|IP Option Address Extension

IPOption_EOL |IP Option End of Options List

IPOption_LSRR |IP Option Loose Source and Record Route

IPOption_MTU_Probe |IP Option MTU Probe

IPOption_MTU_Reply |IP Option MTU Reply

IPOption_NOP |IP Option No Operation

IPOption_RR |IP Option Record Route

IPOption_Router_Alert |IP Option Router Alert

IPOption_SDBM |IP Option Selective Directed Broadcast Mode

IPOption_SSRR |IP Option Strict Source and Record Route

IPOption_Security |IP Option Security

IPOption_Stream_Id |IP Option Stream ID

IPOption_Timestamp |IP Option Timestamp

IPOption_Traceroute |IP Option Traceroute

IPerror |IP in ICMP

TCP |TCP

TCPAOValue |

TCPerror |TCP in ICMP

UDP |UDP

UDPerror |UDP in ICMP

None

查看报头 Ether：二层，IP：三层,IPv6,IPv4，

print(ls(Ether))

print(ls(IPv6))

print(ls(IP))

version : BitField (4 bits) = ('4')

ihl : BitField (4 bits) = ('None')

tos : XByteField = ('0')

len : ShortField = ('None')

id : ShortField = ('1')

flags : FlagsField = ('<Flag 0 ()>')

frag : BitField (13 bits) = ('0')

ttl : ByteField = ('64')

proto : ByteEnumField = ('0')

chksum : XShortField = ('None')

src : SourceIPField = ('None')

dst : DestIPField = ('None')

options : PacketListField = ('[]')

None

print('-----------------------------------------------')

构造数据包(松散模式，无MAC，遍历网卡)，无提示：

packet_instance = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()

Send packets at layer 3 and return only the first answer

res = sr1(packet_instance)

多行打印

print('sr1 func:', res.summary())

print('-----------------------------------------------')
print(ls(ICMP))

type +code 就是80，默认为request包

IP / ICMP 192.168.56.10 > 192.168.56.1 echo-reply 0

-----------------------------------------------

type : ByteEnumField = ('8')

code : MultiEnumField (Depends on 8) = ('0')

print('-----------------------------------------------')
pkt = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()

Send and receive packets at layer 3

包含通的和不通的。

res = sr(pkt)
print('sr func:', res)

(<Results: TCP:0 UDP:0 ICMP:1 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)

查看pkt：

print(pkt.summary)
print(pkt.show())

数据包存储在文件中（写）

wrpcap('icmp1.cap', pkt)
print(rdpcap('icmp1.cap'))

trace查看路由,注意是列表。

a = traceroute(['www.huawei.com'])

print('intfaces:', conf.ifaces)

intfaces: Source Index Name MAC IPv4 IPv6

libpcap 11 Realtek Gaming GbE Family Controller c8:5a:cf:b2:cf:b9 169.254.71.47 fe80::1d46:113a:7d0a:32d4

192.168.31.92 libpcap 16 Bluetooth Device (Personal Area Network) 4c:d5:77:2f:f1:7a 169.254.196.2 fe80::228a:9928:1d88:26cc

libpcap 18 VirtualBox Host-Only Ethernet Adapter 0a:00:27:00:00:12 192.168.56.1 fe80::1417:553d:3311:fb5

def callback(pkt):
print(pkt.summary())

路由过滤：

pkt = sniff(filter='udp',prn=callback, count=9)
wrpcap('icmp2.cap',pkt)

PcapWriter

sniff(filter='udp and src host 192.168.56.10')

print(get_if_list())
print(conf.ifaces)

标签：scapy,pkt,IP,Scapy,Two,192.168,Program,print,数据包
From： https://www.cnblogs.com/heydom/p/18458096

The Network Program Log Two (Scapy)

查看协议类的属性

构造数据包

以太网（MAC 地址）源地址或者目的地址为 11：22：33：44：55：66

源 MAC 为 11:22:33:44:55:66 的数据包

源地址在 192.168.1.0/24 网段的数据包

还可以使用 and、or、not 组合过滤

from scapy.layers.inet6 import *

print(dir(scapy.layers))

print(explore(scapy.packet.ls(Ether)))

print(explore(scapy.packet.ls(UDP)))

构造数据包，必须/分层

pkt = Ether(src="00:80:c2:00:00:14",dst="ff:ff:ff:ff:ff:ff")/IP(src="192.168.56.1",dst="192.168.56.100")/TCP()

pkt.show()

res = sr1(pkt)

res.show()

ls(pkt)

print(pkt.summary())

wrpcap("text.cap",pkt)

textcap = rdpcap("text.cap")

textcap.show()

print(conf.ifaces)

print(conf.route)

i = traceroute(["202.96.134.133"])

print(i)

pkt = IP(src="192.168.56.1",dst="192.168.56.100")/ICMP()

wrpcap("text2.cap",sr1(pkt))

导入 二三四 层方法

应用层

['builtins', 'cached', 'doc', 'file', 'loader', 'name', 'package', 'path', 'spec',

'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi',

'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip',

'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny',

'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']

构造包时查看支持的报文(ipv4)：

Class |Name

--------------------------|-------------------------------------------

ICMP |ICMP

ICMPerror |ICMP in ICMP

IP |IP

IPOption |IP Option

IPOption_Address_Extension|IP Option Address Extension

IPOption_EOL |IP Option End of Options List

IPOption_LSRR |IP Option Loose Source and Record Route

IPOption_MTU_Probe |IP Option MTU Probe

IPOption_MTU_Reply |IP Option MTU Reply

IPOption_NOP |IP Option No Operation

IPOption_RR |IP Option Record Route

IPOption_Router_Alert |IP Option Router Alert

IPOption_SDBM |IP Option Selective Directed Broadcast Mode

IPOption_SSRR |IP Option Strict Source and Record Route

IPOption_Security |IP Option Security

IPOption_Stream_Id |IP Option Stream ID

IPOption_Timestamp |IP Option Timestamp

IPOption_Traceroute |IP Option Traceroute

IPerror |IP in ICMP

TCP |TCP

TCPAOValue |

TCPerror |TCP in ICMP

UDP |UDP

UDPerror |UDP in ICMP

None

查看报头 Ether：二层，IP：三层,IPv6,IPv4，

print(ls(Ether))

print(ls(IPv6))

version : BitField (4 bits) = ('4')

ihl : BitField (4 bits) = ('None')

tos : XByteField = ('0')

len : ShortField = ('None')

id : ShortField = ('1')

flags : FlagsField = ('<Flag 0 ()>')

frag : BitField (13 bits) = ('0')

ttl : ByteField = ('64')

proto : ByteEnumField = ('0')

chksum : XShortField = ('None')

src : SourceIPField = ('None')

dst : DestIPField = ('None')

options : PacketListField = ('[]')

None

构造数据包(松散模式，无MAC，遍历网卡)，无提示：

导入二三四层方法