【Scapy】
【使用scapy处理数据包】
scapy的使用
from scapy.all import *
from scapy.layers.inet import *
pac = dir(scapy.layers)
print(pac) #执行代码后,会输出Scapy中的各层
['builtins', 'cached', 'doc', 'file', 'loader', 'name', 'package', 'path', 'spec', 'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi', 'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip', 'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']
print(explore(scapy.layers.l2)) #查看各种二层协议
查看协议类的属性
在使用Scapy构造数据包时,需要填入数据包的字段,这些字段就是类的属性。Scapy目前使用频率比较高的类是Ether类、IP类、TCP类和UDP类。
可以使用 ls(类名) 函数来查看类拥有的属性,如果不带参数显示的是Scapy支持的协议类。
print(explore(scapy.packet.ls(Ether)))
print(explore(scapy.packet.ls(IP)))
print(explore(scapy.packet.ls(TCP)))
print(explore(scapy.packet.ls(UDP)))
构造数据包
Scapy具有强大的数据包构造功能,利用Scapy可以直观、灵活地构造各种数据包,甚至可以根据需要自定义网络协议。在构造数据包的时候,它遵循网络协议分层的思想,以参数化赋值的方式进行。
简单构造:
pkt = IP()/TCP() #该包的结构包含IP部分和TCP部分
构造数据包:
pkt = IP(src="192.168.56.1",dst="192.168.56.100") /TCP()
Scapy 中的分层结构
OSI 模型中的下层协议在前,以/隔开
Ether()/IP()/TCP()
Ether 类用于设置发送方和接收方的 MAC 地址
构造 HTTP、ICMP 包
数据包的查看:
数据包发送:
WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead
Begin emission:
Finished sending 1 packets.
...*
Received 4 packets, got 1 answers, remaining 0 packets
IP / ICMP 192.168.56.1 > 192.168.56.100 echo-request 0 ==> IP / ICMP 192.168.56.100 > 192.168.56.1 echo-reply 0
数据包的接收:
响应状态:
常用函数:
过滤的语句:
host 192.168.1.1
dst host 192.168.1.1
src port 8080
以太网(MAC 地址)源地址或者目的地址为 11:22:33:44:55:66
ether host 11:22:33:44:55:66
源 MAC 为 11:22:33:44:55:66 的数据包
ether src 11:22:33:44:55:66
源地址在 192.168.1.0/24 网段的数据包
src net 192.168.1.0/24
还可以使用 and、or、not 组合过滤
host 192.168.1.1 and port 8080
在IP地址为192.168.56.1的主机上ping 192.168.56.100,抓取ICMP的报文并输出10个ICMP的报文:
from scapy.all import *
from scapy.layers.inet import *
from scapy.layers.inet6 import *
from scapy.all import sniff
print(dir(scapy.layers))
print(explore(scapy.packet.ls(Ether)))
print(explore(scapy.packet.ls(UDP)))
构造数据包,必须/分层
pkt = Ether(src="00:80:c2:00:00:14",dst="ff:ff:ff:ff:ff:ff")/IP(src="192.168.56.1",dst="192.168.56.100")/TCP()
pkt.show()
res = sr1(pkt)
res.show()
ls(pkt)
print(pkt.summary())
wrpcap("text.cap",pkt)
textcap = rdpcap("text.cap")
textcap.show()
print(conf.ifaces)
print(conf.route)
i = traceroute(["202.96.134.133"])
print(i)
pkt = IP(src="192.168.56.1",dst="192.168.56.100")/ICMP()
wrpcap("text2.cap",sr1(pkt))
def callback(pkt):
print(pkt.summary)
wrpcap("test.cap",pkt)
sniff(filter="icmp and 192.168.56.100",iface="VirtualBox Host-Only Ethernet Adapter #2",prn=callback,count=100)
导入 二三四 层方法
from scapy.all import *
from scapy.layers.inet6 import *
应用层
from scapy.layers.inet import *
print(dir(scapy.layers))
['builtins', 'cached', 'doc', 'file', 'loader', 'name', 'package', 'path', 'spec',
'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi',
'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip',
'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny',
'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']
构造包时查看支持的报文(ipv4):
print(explore(scapy.layers.inet))
Class |Name
--------------------------|-------------------------------------------
ICMP |ICMP
ICMPerror |ICMP in ICMP
IP |IP
IPOption |IP Option
IPOption_Address_Extension|IP Option Address Extension
IPOption_EOL |IP Option End of Options List
IPOption_LSRR |IP Option Loose Source and Record Route
IPOption_MTU_Probe |IP Option MTU Probe
IPOption_MTU_Reply |IP Option MTU Reply
IPOption_NOP |IP Option No Operation
IPOption_RR |IP Option Record Route
IPOption_Router_Alert |IP Option Router Alert
IPOption_SDBM |IP Option Selective Directed Broadcast Mode
IPOption_SSRR |IP Option Strict Source and Record Route
IPOption_Security |IP Option Security
IPOption_Stream_Id |IP Option Stream ID
IPOption_Timestamp |IP Option Timestamp
IPOption_Traceroute |IP Option Traceroute
IPerror |IP in ICMP
TCP |TCP
TCPAOValue |
TCPerror |TCP in ICMP
UDP |UDP
UDPerror |UDP in ICMP
None
查看报头 Ether:二层,IP:三层,IPv6,IPv4,
print(ls(Ether))
print(ls(IPv6))
print(ls(IP))
version : BitField (4 bits) = ('4')
ihl : BitField (4 bits) = ('None')
tos : XByteField = ('0')
len : ShortField = ('None')
id : ShortField = ('1')
flags : FlagsField = ('<Flag 0 ()>')
frag : BitField (13 bits) = ('0')
ttl : ByteField = ('64')
proto : ByteEnumField = ('0')
chksum : XShortField = ('None')
src : SourceIPField = ('None')
dst : DestIPField = ('None')
options : PacketListField = ('[]')
None
print('-----------------------------------------------')
构造数据包(松散模式,无MAC,遍历网卡),无提示:
packet_instance = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()
Send packets at layer 3 and return only the first answer
res = sr1(packet_instance)
多行打印
print('sr1 func:', res.summary())
print('-----------------------------------------------')
print(ls(ICMP))
type +code 就是80,默认为request包
IP / ICMP 192.168.56.10 > 192.168.56.1 echo-reply 0
-----------------------------------------------
type : ByteEnumField = ('8')
code : MultiEnumField (Depends on 8) = ('0')
print('-----------------------------------------------')
pkt = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()
Send and receive packets at layer 3
包含通的和不通的。
res = sr(pkt)
print('sr func:', res)
(<Results: TCP:0 UDP:0 ICMP:1 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)
查看pkt:
print(pkt.summary)
print(pkt.show())
数据包存储在文件中(写)
wrpcap('icmp1.cap', pkt)
print(rdpcap('icmp1.cap'))
trace查看路由,注意是列表。
a = traceroute(['www.huawei.com'])
print('intfaces:', conf.ifaces)
intfaces: Source Index Name MAC IPv4 IPv6
libpcap 11 Realtek Gaming GbE Family Controller c8:5a:cf:b2:cf:b9 169.254.71.47 fe80::1d46:113a:7d0a:32d4
192.168.31.92
libpcap 16 Bluetooth Device (Personal Area Network) 4c:d5:77:2f:f1:7a 169.254.196.2 fe80::228a:9928:1d88:26cc
libpcap 18 VirtualBox Host-Only Ethernet Adapter 0a:00:27:00:00:12 192.168.56.1 fe80::1417:553d:3311:fb5
def callback(pkt):
print(pkt.summary())
路由过滤:
pkt = sniff(filter='udp',prn=callback, count=9)
wrpcap('icmp2.cap',pkt)
PcapWriter
sniff(filter='udp and src host 192.168.56.10')
print(get_if_list())
print(conf.ifaces)
标签:scapy,pkt,IP,Scapy,Two,192.168,Program,print,数据包 From: https://www.cnblogs.com/heydom/p/18458096