scapy模块使用解析

一、启动

直接在命令行执行即可。如下:

二、帮助,可以使用ls命令查看属性信息。

>>> ls(IP)
version : BitField (4 bits) = ('4')
ihl : BitField (4 bits) = ('None')
tos : XByteField = ('0')
len : ShortField = ('None')
id : ShortField = ('1')
flags : FlagsField = ('<Flag 0 ()>')
frag : BitField (13 bits) = ('0')
ttl : ByteField = ('64')
proto : ByteEnumField = ('0')
chksum : XShortField = ('None')
src : SourceIPField = ('None')
dst : DestIPField = ('None')
options : PacketListField = ('[]')

三、具体应用

1、构造ICMP数据包

>>> send(IP(dst="192.168.1.1")/ICMP())
Sent 1 packets.

当构造好数据包后我们要进行发送,发送函数有send和sendp,send工作在第三层,用来发送ip数据包,sendp工作在第二层,用来发送ether数据包。

scapy提供了接收内容的函数,分别是sr、sr1、srp,其中sr、sr1主要用于第三层,srp用于第二层。而sr1和sr的区别在于sr1返回的只有应答包,没有未应答包。

下面是利用sr1查看ICMP响应报文。

>>> sr1(IP(dst="192.168.1.1")/ICMP())
...:
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
<IP version=4 ihl=5 tos=0x0 len=28 id=8181 flags= frag=0 ttl=64 proto=icmp chksum=0xd790 src=192.168.1.1 dst=192.168.1.10 |<ICMP type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>
>>>

2、利用TCP协议判断目标端口是否开放

flag设置为syn,看看出响应的标志位为SYN、ACK。

>>> p = sr1(IP(dst="192.168.1.1")/TCP(dport=80,flags="S"))
Begin emission:
Finished sending 1 packets.
...*
Received 4 packets, got 1 answers, remaining 0 packets
>>> p
<IP version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0xb770 src=192.168.1.1 dst=192.168.1.10 |<TCP sport=http dport=ftp_data seq=3377885871 ack=1 dataofs=6 reserved=0 flags=SA window=27900 chksum=0x69c3 urgptr=0 options=[('MSS', 1860)] |>>
>>>‘

flag设置为ACK,看出响应的标志位为RST。

>>> p = sr1(IP(dst="192.168.1.1")/TCP(dport=80,flags="A"))
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets

>>> p
<IP version=4 ihl=5 tos=0x0 len=40 id=3328 flags=DF frag=0 ttl=64 proto=tcp chksum=0xaa74 src=192.168.1.1 dst=192.168.1.10 |<TCP sport=http dport=ftp_data seq=0 ack=0 dataofs=5 reserved=0 flags=R window=0 chksum=0x2c21 urgptr=0 |>>
>>>

四、常见协议说明

1、ICMP协议

>>> ls(ICMP)
type : ByteEnumField = ('8')
code : MultiEnumField (Depends on 8) = ('0')
chksum : XShortField = ('None')
id : XShortField (Cond) = ('0')
seq : XShortField (Cond) = ('0')
ts_ori : ICMPTimeStampField (Cond) = ('11631015')
ts_rx : ICMPTimeStampField (Cond) = ('11631015')
ts_tx : ICMPTimeStampField (Cond) = ('11631015')
gw : IPField (Cond) = ("'0.0.0.0'")
ptr : ByteField (Cond) = ('0')
reserved : ByteField (Cond) = ('0')
length : ByteField (Cond) = ('0')
addr_mask : IPField (Cond) = ("'0.0.0.0'")
nexthopmtu : ShortField (Cond) = ('0')
unused : MultipleTypeField (ShortField, IntField, StrFixedLenField) = ("b''")
>>>

2、TCP协议

>>> ls(TCP)
sport : ShortEnumField = ('20')
dport : ShortEnumField = ('80')
seq : IntField = ('0')
ack : IntField = ('0')
dataofs : BitField (4 bits) = ('None')
reserved : BitField (3 bits) = ('0')
flags : FlagsField = ('<Flag 2 (S)>')
window : ShortField = ('8192')
chksum : XShortField = ('None')
urgptr : ShortField = ('0')
options : TCPOptionsField = ("b''")
>>>

3、UDP协议

>>> ls(UDP)
sport : ShortEnumField = ('53')
dport : ShortEnumField = ('53')
len : ShortField = ('None')
chksum : XShortField = ('None')
>>>

4、DNS协议

>>> ls(DNS)
length : ShortField (Cond) = ('None')
id : ShortField = ('0')
qr : BitField (1 bit) = ('0')
opcode : BitEnumField = ('0')
aa : BitField (1 bit) = ('0')
tc : BitField (1 bit) = ('0')
rd : BitField (1 bit) = ('1')
ra : BitField (1 bit) = ('0')
z : BitField (1 bit) = ('0')
ad : BitField (1 bit) = ('0')
cd : BitField (1 bit) = ('0')
rcode : BitEnumField = ('0')
qdcount : DNSRRCountField = ('None')
ancount : DNSRRCountField = ('None')
nscount : DNSRRCountField = ('None')
arcount : DNSRRCountField = ('None')
qd : DNSQRField = ('None')
an : DNSRRField = ('None')
ns : DNSRRField = ('None')
ar : DNSRRField = ('None')

5、ARP协议

>>> ls(ARP)
hwtype : XShortField = ('1')
ptype : XShortEnumField = ('2048')
hwlen : FieldLenField = ('None')
plen : FieldLenField = ('None')
op : ShortEnumField = ('1')
hwsrc : MultipleTypeField (SourceMACField, StrFixedLenField) = ('None')
psrc : MultipleTypeField (SourceIPField, SourceIP6Field, StrFixedLenField) = ('None')
hwdst : MultipleTypeField (MACField, StrFixedLenField) = ('None')
pdst : MultipleTypeField (IPField, IP6Field, StrFixedLenField) = ('None')

6、ETH协议

>>> ls(Ether)
dst : DestMACField = ('None')
src : SourceMACField = ('None')
type : XShortEnumField = ('36864')
>>>

ls命令查看scapy支持的协议

 

 

posted @ 2021-11-15 11:31  冰雪2021  阅读(1140)  评论(0编辑  收藏  举报
// 侧边栏目录 // https://blog-static.cnblogs.com/files/douzujun/marvin.nav.my1502.css