【Scapy】Scapy基础知识及常见命令

什么是Scapy

Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

In other words, Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.

testing-taxonomy.png

Scapy also performs very well on a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

The idea is simple. Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

On top of this can be build more high level functions, for example, one that does traceroutes and give as a result only the start TTL of the request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report.

概括:Scapy是一款基于python的程序,它具有很强大的交互功能,可以用于发送、嗅探、分析、伪造网络数据包,甚至它还可以完成其他工具不能完成的一些功能,比如制造无效帧。

最基本的思路就是:发包和收包(准确来说应该是构造数据包、发送数据包包、解析回包这三个步骤)

常见命令

构造数据包

构造一个包,最普适的一个结构

pkt = IP()/TCP()

至于可以构造数据包的哪些内容,我们可以通过查看包中的参数来设计

pkt.show()

image-20210202194627969.png

这里面的参数,我们都可以自定义数据包的时候赋值进去

###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= http
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []

发送数据包

发送三层数据包,等待接收一个或多个数据包的响应

sr()

发送三层数据包,只等待接收一个数据包的响应

sr1()

发送二层数据包,并且等待回应(该函数可以编辑二层头部,src()不可以)

srp

仅仅发送三层数据包,不等待回包(发完就结束使命了)

send()

仅仅发送二层数据包,不等待回包(发完就结束使命了)

sendp()

设置变量,进行发送(发送类型是上面6种里的1种)

res = sr(pkt)

解析回包

查看概览信息

res.summary()

查看详细信息

res.show()
© 版权声明
THE END
喜欢就支持一下吧
点赞19赞赏
分享
评论 共1条

请登录后发表评论