app软件开发策划书_营销推广措施有哪些_芭嘞seo_最新疫情消息

【Scapy】

【使用scapy处理数据包】

scapy的使用

from scapy.all import *
from scapy.layers.inet import *

pac = dir(scapy.layers)
print(pac)  #执行代码后，会输出Scapy中的各层

['__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__path__', '__spec__', 'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi', 'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip', 'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']

print(explore(scapy.layers.l2))  #查看各种二层协议

#查看协议类的属性

在使用Scapy构造数据包时，需要填入数据包的字段，这些字段就是类的属性。Scapy目前使用频率比较高的类是Ether类、IP类、TCP类和UDP类。

可以使用 ls(类名) 函数来查看类拥有的属性，如果不带参数显示的是Scapy支持的协议类。

print(explore(scapy.packet.ls(Ether)))

print(explore(scapy.packet.ls(IP)))

print(explore(scapy.packet.ls(TCP)))

print(explore(scapy.packet.ls(UDP)))

#构造数据包

Scapy具有强大的数据包构造功能，利用Scapy可以直观、灵活地构造各种数据包，甚至可以根据需要自定义网络协议。在构造数据包的时候，它遵循网络协议分层的思想，以参数化赋值的方式进行。

简单构造：

pkt = IP()/TCP()  #该包的结构包含IP部分和TCP部分

构造数据包：

pkt = IP(src="192.168.56.1",dst="192.168.56.100") /TCP()

Scapy 中的分层结构

OSI 模型中的下层协议在前，以/隔开

Ether()/IP()/TCP()

Ether 类用于设置发送方和接收方的 MAC 地址

构造 HTTP、ICMP 包

数据包的查看：

数据包发送：

----------

WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead

Begin emission:

Finished sending 1 packets.

...*

Received 4 packets, got 1 answers, remaining 0 packets

IP / ICMP 192.168.56.1 > 192.168.56.100 echo-request 0 ==> IP / ICMP 192.168.56.100 > 192.168.56.1 echo-reply 0

数据包的接收：

响应状态:

常用函数：

过滤的语句：

host 192.168.1.1

dst host  192.168.1.1

src port 8080

# 以太网（MAC 地址）源地址或者目的地址为 11：22：33：44：55：66
ether host 11:22:33:44:55:66

# 源 MAC 为 11:22:33:44:55:66 的数据包
ether src 11:22:33:44:55:66

# 源地址在 192.168.1.0/24 网段的数据包
src net 192.168.1.0/24

# 还可以使用 and、or、not 组合过滤
host 192.168.1.1 and port 8080

在IP地址为192.168.56.1的主机上ping 192.168.56.100，抓取ICMP的报文并输出10个ICMP的报文：

from scapy.all import *
from scapy.layers.inet import *
# from scapy.layers.inet6 import *
from scapy.all import sniff

# print(dir(scapy.layers))
# print(explore(scapy.packet.ls(Ether)))
# print(explore(scapy.packet.ls(UDP)))

#构造数据包，必须/分层
# pkt = Ether(src="00:80:c2:00:00:14",dst="ff:ff:ff:ff:ff:ff")/IP(src="192.168.56.1",dst="192.168.56.100")/TCP()
# pkt.show()

#
# res = sr1(pkt)
# res.show()
# ls(pkt)
# print(pkt.summary())
# wrpcap("text.cap",pkt)
#
# textcap = rdpcap("text.cap")
# textcap.show()

# print(conf.ifaces)
# print(conf.route)
# i = traceroute(["202.96.134.133"])
# print(i)

# pkt = IP(src="192.168.56.1",dst="192.168.56.100")/ICMP()
# wrpcap("text2.cap",sr1(pkt))

def callback(pkt):
    print(pkt.summary)
    wrpcap("test.cap",pkt)

sniff(filter="icmp and 192.168.56.100",iface="VirtualBox Host-Only Ethernet Adapter #2",prn=callback,count=100)

# 导入 二三四 层方法
from scapy.all import *
from scapy.layers.inet6 import *
# 应用层
from scapy.layers.inet import *
print(dir(scapy.layers))
# ['__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__path__', '__spec__',
# 'all', 'bluetooth', 'bluetooth4LE', 'dcerpc', 'dhcp', 'dhcp6', 'dns', 'dot11', 'dot15d4', 'eap', 'gprs', 'gssapi',
# 'hsrp', 'inet', 'inet6', 'ipsec', 'ir', 'isakmp', 'kerberos', 'l2', 'l2tp', 'ldap', 'llmnr', 'lltd', 'mgcp', 'mobileip',
# 'mspac', 'netbios', 'netflow', 'ntlm', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny',
# 'smb', 'smb2', 'smbclient', 'smbserver', 'snmp', 'tftp', 'tls', 'vrrp', 'vxlan', 'x509', 'zigbee']# 构造包时查看支持的报文(ipv4)：
print(explore(scapy.layers.inet))
# Class                     |Name
# --------------------------|-------------------------------------------
# ICMP                      |ICMP
# ICMPerror                 |ICMP in ICMP
# IP                        |IP
# IPOption                  |IP Option
# IPOption_Address_Extension|IP Option Address Extension
# IPOption_EOL              |IP Option End of Options List
# IPOption_LSRR             |IP Option Loose Source and Record Route
# IPOption_MTU_Probe        |IP Option MTU Probe
# IPOption_MTU_Reply        |IP Option MTU Reply
# IPOption_NOP              |IP Option No Operation
# IPOption_RR               |IP Option Record Route
# IPOption_Router_Alert     |IP Option Router Alert
# IPOption_SDBM             |IP Option Selective Directed Broadcast Mode
# IPOption_SSRR             |IP Option Strict Source and Record Route
# IPOption_Security         |IP Option Security
# IPOption_Stream_Id        |IP Option Stream ID
# IPOption_Timestamp        |IP Option Timestamp
# IPOption_Traceroute       |IP Option Traceroute
# IPerror                   |IP in ICMP
# TCP                       |TCP
# TCPAOValue                |
# TCPerror                  |TCP in ICMP
# UDP                       |UDP
# UDPerror                  |UDP in ICMP
# None# 查看报头 Ether：二层，IP：三层,IPv6,IPv4，
# print(ls(Ether))
# print(ls(IPv6))
print(ls(IP))
# version    : BitField  (4 bits)                  = ('4')
# ihl        : BitField  (4 bits)                  = ('None')
# tos        : XByteField                          = ('0')
# len        : ShortField                          = ('None')
# id         : ShortField                          = ('1')
# flags      : FlagsField                          = ('<Flag 0 ()>')
# frag       : BitField  (13 bits)                 = ('0')
# ttl        : ByteField                           = ('64')
# proto      : ByteEnumField                       = ('0')
# chksum     : XShortField                         = ('None')
# src        : SourceIPField                       = ('None')
# dst        : DestIPField                         = ('None')
# options    : PacketListField                     = ('[]')
# Noneprint('-----------------------------------------------')
# 构造数据包(松散模式，无MAC，遍历网卡)，无提示：
packet_instance = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()
# Send packets at layer 3 and return only the first answer
res = sr1(packet_instance)
# 多行打印
print('sr1 func:', res.summary())print('-----------------------------------------------')
print(ls(ICMP))
# type +code 就是80，默认为request包
# IP / ICMP 192.168.56.10 > 192.168.56.1 echo-reply 0
# -----------------------------------------------
# type       : ByteEnumField                       = ('8')
# code       : MultiEnumField (Depends on 8)       = ('0')
print('-----------------------------------------------')
pkt = IP(src='192.168.56.1', dst='192.168.56.10') / ICMP()
# Send and receive packets at layer 3
# 包含通的和不通的。
res = sr(pkt)
print('sr func:', res)
# (<Results: TCP:0 UDP:0 ICMP:1 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)# 查看pkt：
print(pkt.summary)
print(pkt.show())# 数据包存储在文件中（写）wrpcap('icmp1.cap', pkt)
print(rdpcap('icmp1.cap'))# trace查看路由,注意是列表。
a = traceroute(['www.huawei.com'])print('intfaces:', conf.ifaces)
# intfaces: Source   Index  Name                                            MAC                IPv4             IPv6
# libpcap  11     Realtek Gaming GbE Family Controller            c8:5a:cf:b2:cf:b9  169.254.71.47    fe80::1d46:113a:7d0a:32d4
#                                                                                    192.168.31.92
# libpcap  16     Bluetooth Device (Personal Area Network)        4c:d5:77:2f:f1:7a  169.254.196.2    fe80::228a:9928:1d88:26cc
# libpcap  18     VirtualBox Host-Only Ethernet Adapter           0a:00:27:00:00:12  192.168.56.1     fe80::1417:553d:3311:fb5def callback(pkt):print(pkt.summary())# 路由过滤：
pkt = sniff(filter='udp',prn=callback, count=9)
wrpcap('icmp2.cap',pkt)
# PcapWriter
# sniff(filter='udp and src host  192.168.56.10')print(get_if_list())
print(conf.ifaces)