碼上歡樂
相關內容    簡體    繁體

scapy模塊使用解析

本文轉載自   查看原文   2021-11-15 11:31   895    編程 / python / python安全編程

一、啟動

直接在命令行執行即可。如下:

二、幫助,可以使用ls命令查看屬性信息。

>>> ls(IP)
version : BitField (4 bits) = ('4')
ihl : BitField (4 bits) = ('None')
tos : XByteField = ('0')
len : ShortField = ('None')
id : ShortField = ('1')
flags : FlagsField = ('<Flag 0 ()>')
frag : BitField (13 bits) = ('0')
ttl : ByteField = ('64')
proto : ByteEnumField = ('0')
chksum : XShortField = ('None')
src : SourceIPField = ('None')
dst : DestIPField = ('None')
options : PacketListField = ('[]')

三、具體應用

1、構造ICMP數據包

>>> send(IP(dst="192.168.1.1")/ICMP())
Sent 1 packets.

當構造好數據包后我們要進行發送,發送函數有send和sendp,send工作在第三層,用來發送ip數據包,sendp工作在第二層,用來發送ether數據包。

scapy提供了接收內容的函數,分別是sr、sr1、srp,其中sr、sr1主要用於第三層,srp用於第二層。而sr1和sr的區別在於sr1返回的只有應答包,沒有未應答包。

下面是利用sr1查看ICMP響應報文。

>>> sr1(IP(dst="192.168.1.1")/ICMP())
...:
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
<IP version=4 ihl=5 tos=0x0 len=28 id=8181 flags= frag=0 ttl=64 proto=icmp chksum=0xd790 src=192.168.1.1 dst=192.168.1.10 |<ICMP type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>
>>>

2、利用TCP協議判斷目標端口是否開放

flag設置為syn,看看出響應的標志位為SYN、ACK。

>>> p = sr1(IP(dst="192.168.1.1")/TCP(dport=80,flags="S"))
Begin emission:
Finished sending 1 packets.
...*
Received 4 packets, got 1 answers, remaining 0 packets
>>> p
<IP version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0xb770 src=192.168.1.1 dst=192.168.1.10 |<TCP sport=http dport=ftp_data seq=3377885871 ack=1 dataofs=6 reserved=0 flags=SA window=27900 chksum=0x69c3 urgptr=0 options=[('MSS', 1860)] |>>
>>>‘

flag設置為ACK,看出響應的標志位為RST。

>>> p = sr1(IP(dst="192.168.1.1")/TCP(dport=80,flags="A"))
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets

>>> p
<IP version=4 ihl=5 tos=0x0 len=40 id=3328 flags=DF frag=0 ttl=64 proto=tcp chksum=0xaa74 src=192.168.1.1 dst=192.168.1.10 |<TCP sport=http dport=ftp_data seq=0 ack=0 dataofs=5 reserved=0 flags=R window=0 chksum=0x2c21 urgptr=0 |>>
>>>

四、常見協議說明

1、ICMP協議

>>> ls(ICMP)
type : ByteEnumField = ('8')
code : MultiEnumField (Depends on 8) = ('0')
chksum : XShortField = ('None')
id : XShortField (Cond) = ('0')
seq : XShortField (Cond) = ('0')
ts_ori : ICMPTimeStampField (Cond) = ('11631015')
ts_rx : ICMPTimeStampField (Cond) = ('11631015')
ts_tx : ICMPTimeStampField (Cond) = ('11631015')
gw : IPField (Cond) = ("'0.0.0.0'")
ptr : ByteField (Cond) = ('0')
reserved : ByteField (Cond) = ('0')
length : ByteField (Cond) = ('0')
addr_mask : IPField (Cond) = ("'0.0.0.0'")
nexthopmtu : ShortField (Cond) = ('0')
unused : MultipleTypeField (ShortField, IntField, StrFixedLenField) = ("b''")
>>>

2、TCP協議

>>> ls(TCP)
sport : ShortEnumField = ('20')
dport : ShortEnumField = ('80')
seq : IntField = ('0')
ack : IntField = ('0')
dataofs : BitField (4 bits) = ('None')
reserved : BitField (3 bits) = ('0')
flags : FlagsField = ('<Flag 2 (S)>')
window : ShortField = ('8192')
chksum : XShortField = ('None')
urgptr : ShortField = ('0')
options : TCPOptionsField = ("b''")
>>>

3、UDP協議

>>> ls(UDP)
sport : ShortEnumField = ('53')
dport : ShortEnumField = ('53')
len : ShortField = ('None')
chksum : XShortField = ('None')
>>>

4、DNS協議

>>> ls(DNS)
length : ShortField (Cond) = ('None')
id : ShortField = ('0')
qr : BitField (1 bit) = ('0')
opcode : BitEnumField = ('0')
aa : BitField (1 bit) = ('0')
tc : BitField (1 bit) = ('0')
rd : BitField (1 bit) = ('1')
ra : BitField (1 bit) = ('0')
z : BitField (1 bit) = ('0')
ad : BitField (1 bit) = ('0')
cd : BitField (1 bit) = ('0')
rcode : BitEnumField = ('0')
qdcount : DNSRRCountField = ('None')
ancount : DNSRRCountField = ('None')
nscount : DNSRRCountField = ('None')
arcount : DNSRRCountField = ('None')
qd : DNSQRField = ('None')
an : DNSRRField = ('None')
ns : DNSRRField = ('None')
ar : DNSRRField = ('None')

5、ARP協議

>>> ls(ARP)
hwtype : XShortField = ('1')
ptype : XShortEnumField = ('2048')
hwlen : FieldLenField = ('None')
plen : FieldLenField = ('None')
op : ShortEnumField = ('1')
hwsrc : MultipleTypeField (SourceMACField, StrFixedLenField) = ('None')
psrc : MultipleTypeField (SourceIPField, SourceIP6Field, StrFixedLenField) = ('None')
hwdst : MultipleTypeField (MACField, StrFixedLenField) = ('None')
pdst : MultipleTypeField (IPField, IP6Field, StrFixedLenField) = ('None')

6、ETH協議

>>> ls(Ether)
dst : DestMACField = ('None')
src : SourceMACField = ('None')
type : XShortEnumField = ('36864')
>>>

ls命令查看scapy支持的協議

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 端口掃描之Scapy模塊的使用 scapy模塊的學習 scapy流量嗅探簡單使用 python scapy dns 包字段解析 python絕技 — 用Scapy解析TTL字段的值 (轉)python+scapy 抓包與解析 Python scapy+dpkt抓包並解析 Python3+Scapy安裝使用教程 Python3+Scapy安裝使用教程 python掃描內網存活主機(scapy與nmap模塊)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM