用Scapy建立BGP层

2024-10-05 19:15:16 发布

您现在位置:Python中文网/ 问答频道 /正文
7733 3

我试图使用Scapy发送有BGP层的包

我目前被困在这个问题的一个基本部分,因为我无法设置BGP层。我按照指示设置常规的IP和TCP层。在

例如:

>>a=IP(src="192.168.1.1",dst="192.168.1.2")/TCP(sport=179,dport=50)

但当我这样做时,问题就出现了:

^{pr2}$

我在scapygithub(https://github.com/secdev/scapy/blob/9201f1cf1318edd5768d7e2ee968b7fba0a24c5e/scapy/contrib/bgp.py)的contrib文件中看到了BGP实现,所以我认为Scapy确实支持BGP实现

我是网络新手,所以我想知道你是否可以帮我设置BGP层

感谢您抽出时间来阅读这篇文章!在


Tags: httpsipsrcgithubcontrib常规scapytcp
2条回答
网友
1楼 · 编辑于 2024-10-05 19:15:16

只是想在这里帮忙。我对BGP类型的数据包没有经验,但是。。。我复制了bgp.py公司从你提供的链接文件到scapy/layers。使用ls()我发现了以下内容:

BGPAuthenticationData : BGP Authentication Data
BGPErrorSubcodes : BGP Error Subcodes
BGPHeader  : BGP header
BGPNotification : BGP Notification fields
BGPOpen    : BGP Open Header
BGPOptionalParameter : BGP Optional Parameters
BGPPathAttribute : BGP Attribute fields
BGPUpdate  : BGP Update fields

然后我可以使用say ls(bgpudate)来显示:

^{pr2}$

并且能够创建这个包:

pkt = pkt = IP()/TCP()/BGPUpdate()
pkt.show()
###[ IP ]###
  version   = 4
  ihl       = None
  tos       = 0x0
  len       = None
  id        = 1
  flags     = 
  frag      = 0
  ttl       = 64
  proto     = tcp
  chksum    = None
  src       = 127.0.0.1
  dst       = 127.0.0.1
  \options   \
###[ TCP ]###
     sport     = ftp_data
     dport     = http
     seq       = 0
     ack       = 0
     dataofs   = None
     reserved  = 0
     flags     = S
     window    = 8192
     chksum    = None
     urgptr    = 0
     options   = {}
###[ BGP Update fields ]###
        withdrawn_len= None
        withdrawn = []
        tp_len    = None
        \total_path\
        nlri      = []

我不确定所有不同类型的BGP层/包用于什么目的,也不知道社区号码将设置在哪里。可能在bgpathattribute(type=x)中。类型5是“LOCAL_PREF”,可能与社区值相对应。试试这个Link.

pkt = BGPPathAttribute(type=5)
pkt.show()
###[ BGP Attribute fields ]###
  flags     = Transitive
  type      = LOCAL_PREF
  attr_len  = None
  value     = ''

不管怎样,希望这能有所帮助。在

编辑: 忘记。我还将“bgp”添加到scapy的load_layers部分/配置.py. 第373行。像这样:

   load_layers =  ["l2", "inet", "dhcp", "dns", "dot11", "gprs", "hsrp", "inet6", "ir", "isakmp", "l2tp",
               "mgcp", "mobileip", "netbios", "netflow", "ntp", "ppp", "radius", "rip", "rtp",
               "sebek", "skinny", "smb", "snmp", "tftp", "x509", "bluetooth", "dhcp6", "llmnr", "sctp", "vrrp",
               "ipsec","bgp"]
网友
2楼 · 编辑于 2024-10-05 19:15:16

我们需要一个使用scapy的BGP层。当BGP通过TCP传输时。所以我们必须有一个已建立的(3 way handshake)tcp套接字。TCP通过IP传输。因此,我们可以用下面的格式表示完整的数据包。在

packet = IP Layer / TCP Layer / BGP Layer
但是BGP本身分为两部分,BGP头和BGP有效负载(例如:OPEN,UPDATE,etc)。所以上面的层表示如下。在

packet = IP Layer / TCP Layer / BGP Header / BGP payload
这里的BGP头指定了BGP的身份验证、长度和类型有效载荷。到我们可以做以下练习。(我假设您已经建立了TCP套接字。)

from scapy.layers.inet import IP, TCP
from scapy.contrib.bgp import BGPHeader, BGPUpdate, BGPPathAttr, BGPNLRI_IPv4

base = IP(src=src_ipv4_addr, dst=dst_ipv4_addr, proto=6, ttl=255)  # proto=6 represents that, TCP will be travelling above this layer. This is simple IPV4 communication.
tcp = TCP(sport=established_port, dport=179, seq=current_seq_num, ack=expected_seq_num, flags='PA'])  # dport=179 means, we are communicating with bgp port of the destination router/ host. sport is a random port over which tcp is established. seq and ack are the sequence number and acknowledgement numbers. flags = PA are the PUSH and ACK flags.
hdr = BGPHeader(type=2, marker=0xffffffffffffffffffffffffffffffff)  # type=2 means UPDATE packet will be the BGP Payload, marker field is for authentication. max hex int (all f) are used for no auth.
up = BGPUpdate(path_attr=[BGPPathAttr(type_flags=64, type_code=5, attribute=BGPPALocalPref(local_pref=100))], nlri=BGPNLRI_IPv4(prefix=NLRI_PREFIX))      # update packet consist of path attributes and NLRI (Network layer reachability information),  type_code in path attributes is for which type of path attribute it is. [more][3]

packet = base / tcp / hdr / up
packet.show2()

使用以下变量值(例如目的)。在

^{pr2}$

输出如下。在

###[ IP ]### 
  version   = 4
  ihl       = 5
  tos       = 0x0
  len       = 74
  id        = 1
  flags     = 
  frag      = 0
  ttl       = 255
  proto     = tcp
  chksum    = 0xe09c
  src       = 10.110.99.2
  dst       = 10.110.99.50
  \options   \
###[ TCP ]### 
     sport     = 1223
     dport     = bgp
     seq       = 1500
     ack       = 1000
     dataofs   = 5
     reserved  = 0
     flags     = PA
     window    = 8192
     chksum    = 0x102d
     urgptr    = 0
     options   = []
###[ HEADER ]### 
        marker    = 0xffffffffffffffffffffffffffffffff
        len       = 34
        type      = UPDATE
###[ UPDATE ]### 
           withdrawn_routes_len= 0
           \withdrawn_routes\
           path_attr_len= 7
           \path_attr \
            |###[ BGPPathAttr ]### 
            |  type_flags= Transitive
            |  type_code = LOCAL_PREF
            |  attr_len  = 4
            |  \attribute \
            |   |###[ LOCAL_PREF ]### 
            |   |  local_pref= 100
           \nlri      \
            |###[ IPv4 NLRI ]### 
            |  prefix    = 10.110.99.0/24

相关问题 更多 >

    编程相关推荐