scapy | 易学教程

C/Python Socket Performance?

阅读更多关于 C/Python Socket Performance?

问题 my question simply relates to the difference in performance between a socket in C and in Python. Since my Python build is CPython, I assume it's similar, but I'm curious if someone actually has "real" benchmarks, or at least an opinion that's evidence based. My logics is as such: C socket much faster? then write a C extension. not/barely a difference? keep writing in Python and figure out how to obtain packet level control (scapy? dpkt?) I'm sure someone will want to know for either context

渗透测试之进行信息收集方法

阅读更多关于渗透测试之进行信息收集方法

渗透测试之进行信息收集方法攻击的重要阶段之一就是信息收集。为了能够实施攻击，我们需要收集关于目标的基本信息。我们获得的信息越多，攻击成功的概率就越高。　　1.1 服务枚举在这个中，我们将会展示一些服务枚举的小技巧。枚举是我们从网络收集信息的过程。我们将要研究DNS枚举和SNMP枚举技术。DNS枚举是定位某个组织的所有DNS服务器和DNS条目的过程。DNS枚举允许我们收集有关该组织的重要信息，例如用户名、计算机名称、IP地址以及其它。为了完成这些任务我们会使用DNSenum。对于SNMP枚举，我们会使用叫做SnmpEnum的工具，它是一个强大的SNMP枚举工具，允许我们分析网络上的SNMP流量。操作步骤让我们以DNS枚举作为开始：　　1. 我们使用DNSenum进行DNS枚举。为了开始DNS枚举，打开Gnome终端，并且输入以下命令： cd /usr/bin ./dnsenum --enum adomainnameontheinternet.com 请不要在不属于你的公共网站或者不是你自己的服务器上运行这个工具。这里我们将 adomainnameontheinternet.com 作为一个例子，你应该替换掉这个目标。要当心！　　2. 我们需要获取信息输出，例如主机、名称服务器、邮件服务器，如果幸运的话还可以得到区域转换：　　3.

scapy not parsing GTP layers

阅读更多关于 scapy not parsing GTP layers

问题 I want to use scapy to parse my GTP packets from the pcap files that I have. I am able to use scapy to parse normal UDP/TCP packets. For example, if my packet is udppacket, then udppacket[3] shows me the data part of the udp packet. For a GTP packet, it has more layers following the udp layers and the data is inside the last layer. So if my gtp packet is gtppacket, then gtppacket[4] gives me error saying IndexError : layer 4 not found. Actually if I use gtppacket[3] Then I can see the data

Scapy: How to manipulate Host in http header?

阅读更多关于 Scapy: How to manipulate Host in http header?

问题 I wrote this piece of code to get http header and set Host: http_layer = packet.getlayer(http.HTTPRequest).fields http_layer['Host'] = "newHostName" return packet After running the afforementioned code,the new host name has been set correctly, but the problem is that when I write the packet in pcap file, I still see the previous host in http fields, Is there an absolute way to manipulate http_layer['Host'] ? Any help would be appreciated. Regards. 回答1: After all, found the answer. The key is

I dont get HTTP answer with sr function. Just an ACK

阅读更多关于 I dont get HTTP answer with sr function. Just an ACK

问题 I am trying to send an HTTP GET request to google.com, but the answer I get is an ACK and not the HTML file. Here is the code: def Make_Get(): synR = IP(dst = 'www.google.com', ttl = 64)/TCP(dport = 80,sport = randint(1024,65535), flags = 'S') synAckAN = sr1(synR) req = (IP(dst='www.google.com') / TCP(dport=80, sport=synAckAN[TCP].dport, seq=synAckAN[TCP].ack, ack=synAckAN[TCP].seq + 1, flags='A')/"GET / HTTP/1.0 \n\n") ans, a = sr(req) return ans and this are the two packets I got in return

Python(2.7) keeps crashing when launching scapy via console or importing it

阅读更多关于 Python(2.7) keeps crashing when launching scapy via console or importing it

问题 Regardless of if I do scapy or Python from scapy.all import * it simply crashes python. It says "Python is not responding" with the classic little bar that does nothing. I'm currently on Win10. There's only one other person that I found had this problem, and nobody bothered to answer him, couldn't find anything else about this. I've tried multiple installers from differently packaged ones. No can do. I'm about to go raving mad. Many thanks in advance. 回答1: Well, nobody put an answer, but I

Scapy BitField and type() question

阅读更多关于 Scapy BitField and type() question

问题 I'm writing an addon for scapy, and encountered a problem. I had to slightly modify the original scapy code (every class is inheriting from object) The modified code can be found here: http://pastebin.com/pjcL1KJv The code I wrote is the following: class Foo(): array=[ BitField("foo",0x0,2), BitField("foo1",0x0,2), BitField("bar",0x0,2), BitField("blub",None,2) ] def returnArr(a): for i in a.array: print type(i.default) if __name__ == "__main__": a=Foo() a.blub=0x23 returnArr(a) The output: <

Instance variables not being updated Python when using Multiprocessing

阅读更多关于 Instance variables not being updated Python when using Multiprocessing

问题 I've come across an unusual problem in regards to updating variables. I've built a simple class object to help me with some network sniffing. I wanted to make a parallel process which allows me to run some network tests and capture the traffic generated using python so I can extend the program to do amazing things. I'm using scapy's sniffing function to help with the interface sniffing. Scapy's sniffer allows you to pass a function into itself function that allows you to create a 'stop

saving hexdump(packet) to list in scapy

阅读更多关于 saving hexdump(packet) to list in scapy

问题 Is there any way I could save hexdump() to byte list so the list can be accessed by index. what I need is like this byte = hexdump(packet) for i in range(0, len(byte)): print %x byte[i] 回答1: The byte content of the packet may be accessed by invoking str(packet) , as follows: content = str(packet) # decoded hex string, such as '\xde\xad\xbe\xef' print content for byte in content: pass # do something with byte EDIT - This answer specifies how this can be converted to a byte array, for example:

Sniffing packets of communication with specific domain - Scapy

阅读更多关于 Sniffing packets of communication with specific domain - Scapy

问题 What's the best way to sniff packets with the source or destination being a specific domain (for example "www.facebook.com"). And why won't this filter work? def filter_facebook(packet): return DNS in packet and "www.facebook.com" in packet I'm new to Scapy so please don't kill me. 来源： https://stackoverflow.com/questions/36117913/sniffing-packets-of-communication-with-specific-domain-scapy