在scapy中发送ICMP包并在

2024-05-11 11:16:55 发布

您现在位置:Python中文网/ 问答频道 /正文
1735 3

我们可以为第3层ICMP数据包使用srp()函数吗?我看到,当我们创建一个ICMP echo请求包并使用sr()发送/接收时,我们没有看到它从接口发送出去,因此没有来自目的地的响应。但同样的包如果我们使用srp()函数,我们会看到响应。什么时候应该使用sr()和srp()?在文档中,它声明sr()用于L3数据包,srp()用于L2?但在我的例子中,我不确定sr()为什么不适用于ICMP数据包?一些专家能帮我理解吗?

也可以有人让我知道,如果“iface”的论点总是需要的。如果没有这个,scapy怎么知道它应该通过哪个接口发送数据包呢?

案例1:sr()函数,iface作为参数:

sr(icmp,iface="eth0")

开始发射:

WARNING: Mac address to reach destination not found. Using broadcast.
Finished to send 1 packets.
^C
Received 0 packets, got 0 answers, remaining 1 packets
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:1 Other:0>)

上面我没有看到来自IP 192.168.25.1的任何ICMP响应

第2种情况:sr()函数,不带iface:

sr(icmp)   
.Begin emission:
......WARNING: Mac address to reach destination not found. Using broadcast.
.Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 887 packets, got 0 answers, remaining 1 packets
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:1 Other:0>)

如果你看到上面收到的包更多,但我没有看到任何ICMP响应。

情况3:用srp()而不是sr()发送ICMP数据包:

srp(icmp,iface="eth0")
Begin emission:
Finished to send 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
(<Results: TCP:0 UDP:0 ICMP:1 Other:0>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)

这里我使用srp()函数而不是sr()函数,现在我看到ICMP echo请求已正确发送,我也收到了响应。

>>> icmp.show2()
###[ Ethernet ]###
  dst: 02:00:00:11:01:03
  src: 02:00:20:ee:64:01
  type: 0x800
###[ IP ]###
     version: 4L
     ihl: 5L
     tos: 0x0
     len: 28
     id: 1
     flags:
     frag: 0L
     ttl: 64
     proto: icmp
     chksum: 0xc78c
     src: 192.168.25.2
     dst: 192.168.25.1
     \options\
###[ ICMP ]###
        type: echo-request
        code: 0
        chksum: 0xf7ff
        id: 0x0
        seq: 0x0
>>>

Tags: to函数echosend数据包tcpsrpudp
1条回答
网友
1楼 · 发布于 2024-05-11 11:16:55

每个official API documentationsr函数:

sr(pkts, filter=None, iface=None, timeout=2, inter=0, verbose=None, chainCC=0, retry=0, multi=0)

Send and receive packets at layer 3 using the conf.L3socket supersocket.

srp函数:

srp(pkts, filter=None, iface=None, timeout=2, inter=0, verbose=None, chainCC=0, retry=0, multi=0, iface hint=None)

Same as srp but for working at layer 2 with conf.L2socket supersocket.

由于ICMP包的第2层字段也已填充,如ICMP.show2()的输出所示,因此应该使用srp函数。如果像在this tutorial中那样,让它们保持原样,就可以使用sr函数。

现在,关于ICMP分类为第2层协议或第3层协议的问题。许多人认为这是一个第三层协议,比如here,因为它使用IP头并“坐”在头上。然而,其他人认为它是第2层协议,如hereThis is a question在这个问题上给出了一些很好的答案,但是请注意,它们引用了OSI模型,因此分层方案编号有点不同。这是我在here找到的最好的:

IP itself has no mechanism for establishing and maintaining a connection, or even containing data as a direct payload. Internet Control Messaging Protocol is merely an addition to IP to carry error, routing and control messages and data, and is often considered as a protocol of the network layer.

编辑-我刚遇到this link,觉得值得一提:

ICMP is a protocol within the TCP/IP stack that exist basically to provide control, troubleshooting, and error messages. It runs over IP, like TCP and UDP do, but is a network-layer protocol, like IP, rather than a transport layer protocol like TCP and UDP are. (Yes, this is kind of weird, that ICMP is encapsulated within IP while being on the same layer as IP. But then again, you can encapsulate IP within IP as well.)

RFC 792也非常明确:

ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP.

还有RFC 1122

ICMP is a control protocol that is considered to be an integral part of IP, although it is architecturally layered upon IP, i.e., it uses IP to carry its data end-to-end just as a transport protocol like TCP or UDP does.
...
Although ICMP messages are encapsulated within IP datagrams, ICMP processing is considered to be (and is typically implemented as) part of the IP layer.

关于显式指定接口的最后一个问题,请参见^{}'s tutorial

The send() function will send packets at layer 3. That is to say it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It’s up to you to choose the right interface and the right link layer protocol.

官方API文档更详细一些:

When Scapy is launched, its routing tables are synchronized with the host’s routing table. For a packet sent at layer 3, the destination IP determines the output interface, source address and gateway to be used. For a layer 2 packet, the output interface can be precised, or an hint can be given in the form of an IP to determine the output interface. If no output interface nor hint are given, conf.iface is used.

具体来说,iface参数用于设置输入接口(但如果不使用iface_hint,则还设置输出接口):

iface: listen answers only on the provided interface

对于output接口上的提示,请对第2层函数使用iface_hint

There is also an additional parameter, iface_hint, which give an hint that can help choosing the right output interface. By default, if not specified by iface, conf.iface is chosen. The hint takes the form of an IP to which the layer 2 packet might be destinated. The Scapy routing table (conf.route) is used to determine which interface to use to reach this IP.

相关问题 更多 >

    编程相关推荐