在scapy中通过物理环回发送数据包

2024-09-21 03:15:07 发布

您现在位置:Python中文网/ 问答频道 /正文
7097 3

我最近发现了Scapy&;看起来好极了

我正在尝试查看NIC上物理环回模块/存根上的简单流量

但是斯卡皮嗅嗅什么也不给

我发送数据包所做的是:

payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
  sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)

f.open('scapylog.log', 'w')
f.write(str(snf))

使用src_mac=我的mac地址&;我的ip地址。“欺骗”字段只是随机(有效)mac&;ip值

生成的嗅探/日志文件为空。无需报告

我可以通过接口的ifconfig统计信息看到网络中的流量,每次我调用这个脚本时,接口的ifconfig统计信息都会增加,所以流量是流动的

如果有人知道为什么我没有看到我的流量,我会很高兴听到:)

谢谢


Tags: ipsrc信息mac地址scapy流量dst
1条回答
网友
1楼 · 发布于 2024-09-21 03:15:07

我自己在寻找类似的解决方案时偶然发现了你的问题。我在Scapy Troubleshooting页上找到了这个:

The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.

In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):

>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP  version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP  type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>

相关问题 更多 >

    编程相关推荐

    热门问题