通过scapy的物理环回发送数据包

2024-09-21 03:15:46 发布

您现在位置:Python中文网/ 问答频道 /正文
1588 3

我最近发现了Scapy,它看起来很棒

我正在尝试查看NIC上物理环回模块/存根上的简单流量。在

但史考比嗅什么都没有

我发送数据包的目的是:

payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
  sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)

f.open('scapylog.log', 'w')
f.write(str(snf))

src_mac=我的mac地址和dsp的ip地址。“欺骗”字段只是随机(有效)mac&ip值。在

生成的嗅探/日志文件为空。无需报告

我可以看到,通过接口的ifconfig统计信息,网络中的流量在每次调用此脚本时都会增加,因此流量是流动的。。。在

如果有人知道为什么我看不到我的流量,我很乐意听到:)

谢谢!在


Tags: 模块ipsrcmac地址物理存根scapy
1条回答
网友
1楼 · 发布于 2024-09-21 03:15:46

我自己也在寻找类似的解决方案时偶然发现了你的问题。我在Scapy Troubleshooting页面上找到了这个:

The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.

In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):

>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP  version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP  type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>

相关问题 更多 >

    编程相关推荐

    热门问题