scapy

用Python构造ARP请求、扫描、欺骗

核能气质少年 提交于 2019-11-30 16:17:29
目录 0. ARP介绍 1. Scapy简述 2. Scapy简单演示 2.1 安装 2.2 构造包演示 2.2.1 进入kamene交互界面 2.2.2 查看以太网头部 2.2.3 查看 ICMP 头部 2.2.4 查看 IP 头部 2.2.5 查看 TCP/UDP 头部 2.2.6 简单构造 ICMP 包 2.2.7 简单 构造 ARP 包 3. 构造 ARP 请求 4. 构造 ARP 扫描 5. 构造 ARP 欺骗 0. ARP介绍 首先,先回忆下 TCP/IP 模型,从下到上分为:数据链路层、网络层、传输层、应用层,那么 ARP 到底属于哪一层?有人会说是网络层,但实际是属于数据链路层,只不过还要为网络层提供服务。 ARP 的主要用途是 IP(32bit) 地址到物理 MAC(48bit) 地址的映射关系。别看表面主机知道了远端IP地址就可以通信,实则先要知道远端的MAC地址(借助ARP),通过网卡到交换机构建数据链路层通信,再通过上层进行数据交互。 另外,你可能会了解到代理ARP、免费ARP、RARP这些,其中你都能搞明白他们工作原理是怎么样的嘛? 这里咱们简单回顾一下: 代理ARP:一般路由器通常充当代理角色,代替远端主机响应本地的 ARP 请求; 免费ARP:一种特殊 ARP 请求报文,用于检测 IP 冲突、硬件地址变更触发免费ARP; RARP:与 ARP 相反

writing an ethernet bridge in python with scapy

风格不统一 提交于 2019-11-30 16:08:18
问题 I'd like to make something like this: 10.1.1.0/24 10.1.2.0/24 +------------+ +------------+ +------------+ | | | | | | | | | | | | | A d +-------+ e B f +-------+ g C | | | | | | | | | | | | | +------------+ +------------+ +------------+ d e f g 10.1.1.1 10.1.1.2 10.1.2.1 10.1.2.2 So that A can send packets to C through B . I attempted to build this thing by running a scapy program on B that would sniff ports e and f , and in each case modify the destination IP and MAC address in the packet

Scapy - retrieving RSSI from WiFi packets

空扰寡人 提交于 2019-11-30 14:40:41
I'm trying to get RSSI or signal strength from WiFi packets. I want also RSSI from 'WiFi probe requests' (when somebody is searching for a WiFi hotspots). I managed to see it from kismet logs but that was only to make sure it is possible - I don't want to use kismet all the time. For 'full time scanning' I'm using scapy. Does anybody know where can I find the RSSI or signal strength (in dBm) from the packets sniffed with scapy? I don't know how is the whole packet built - and there are a lot of 'hex' values which I don't know how to parse/interpret. I'm sniffing on both interfaces - wlan0

How to extract Raw of TCP packet using Scapy

混江龙づ霸主 提交于 2019-11-30 13:52:47
I use the sniff function of scapy module. My filter and prn function are doing a great job. But now, I would like to extract the Raw of the TCP packet and handle it using hexadecimal or binary format. Here is the documentation of Packet Class in scapy. How can I do that ? I tried print packet[Raw] but it seems to be converted as ASCII or something like that. I want to keep it in hexadecimal or binary. You can get the raw bytes of the packet via str(packet) . For printing them to the screen in a readable format you can execute print str(packet).encode("HEX") . 来源: https://stackoverflow.com

How can I filter a pcap file by specific protocol using python?

▼魔方 西西 提交于 2019-11-30 10:41:35
问题 I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file. There is a tool called openDPI, and it's perfect for what I need, but there is no wrapper for python language. Does anyone knows any python modules that can do what I need? Thanks Edit 1: HTTP filtering was just an example, there is a lot of protocols that I want to filter. Edit 2: I tried Scapy, but I don't figure how to filter correctly

Importing python modules in jython

你说的曾经没有我的故事 提交于 2019-11-30 07:10:40
问题 I'm having some issues importing scapy under jython. I've been doing java forever, but python for only a day or two. The simple case to reproduce the problem is: $jython >>> import sys >>> sys.path ['', '/usr/share/jython/Lib', '/usr/lib/site-python', '__classpath__'] >>> from scapy.all import * Traceback (innermost last): File "<console>", line 1, in ? ImportError: no module named scapy If I do these exact same steps under python , everything works. How do I tell jython to use scapy? If it

Get TCP Flags with Scapy

微笑、不失礼 提交于 2019-11-30 07:10:32
问题 I'm parsing a PCAP file and I need to extract TCP flags (SYN, ACK, PSH, URG, ...). I'm using the packet['TCP'].flags value to obtain all the flags at once. pkts = PcapReader(infile) for p in pkts: F = bin(p['TCP'].flags) print F, bin(F), p.summary() # manual flags extraction from F Is there a way to obtain a single TCP flag without manually extract it from packet['TCP'].flags value? 回答1: Normally, the usual way to handle FLAGS is with a bitmap and bitwise operators. If your Packet class doesn

How to create HTTP GET request Scapy?

半腔热情 提交于 2019-11-30 06:01:24
问题 I need to create HTTP GET request and save the data response. I tried to use this: syn = IP(dst=URL) / TCP(dport=80, flags='S') syn_ack = sr1(syn) getStr = 'GET / HTTP/1.1\r\nHost: www.google.com\r\n\r\n' request = IP(dst='www.google.com') / TCP(dport=80, sport=syn_ack[TCP].dport, seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A') / getStr reply = sr1(request) print reply.show() But when I print reply I don't see any data response. In addition, when I checked in 'Wireshark' I got SYN,

Python Scapy sniff without root

梦想的初衷 提交于 2019-11-30 04:06:35
问题 I'm wondering if there is any possibility to run Scapy's 'sniff(...)' without root priveleges. It is used in an application, where certain packages are captured. But I don't want to run the whole application with root permissions or change anything on scapy itselfe. Thanks in advance! EDIT: For testing I use following code: from scapy.all import * def arp_monitor_callback(pkt): if ARP in pkt and pkt[ARP].op in (1,2): #who-has or is-at return pkt.sprintf("%ARP.hwsrc% %ARP.psrc%") sniff(prn=arp

How can I filter a pcap file by specific protocol using python?

|▌冷眼眸甩不掉的悲伤 提交于 2019-11-29 21:58:01
I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file. There is a tool called openDPI , and it's perfect for what I need, but there is no wrapper for python language. Does anyone knows any python modules that can do what I need? Thanks Edit 1: HTTP filtering was just an example, there is a lot of protocols that I want to filter. Edit 2: I tried Scapy, but I don't figure how to filter correctly. The filter only accepts Berkeley Packet Filter expression, i.e., I can't apply a msn, or HTTP, or
订阅 scapy