scapy

问题 Is it possible to configure Scapy to listen for network traffic and send a crafted packet once a packet with certain parameters is received? I mean for example Scapy listens network traffic on eth0 and in case an ICMP "echo request" packet from source IP 10.10.44.3 is received, Scapy sends an TCP SYN packet to port 34 to IP address 192.168.2.1 using 8.8.8.8 as a source. Is such setup possible with Scapy? 回答1: Yes. Using the sniff() function, you can provide a parameter to the stop_filter

问题 A TCP layer in Scapy contains source port: >>> a[TCP].sport 80 Is there a simple way to convert port number to service name? I've seen Scapy has TCP_SERVICES and UDP_SERVICES to translate port number, but print TCP_SERVICES[80] # fails print TCP_SERVICES['80'] # fails print TCP_SERVICES.__getitem__(80) # fails print TCP_SERVICES['www'] # works, but it's not what i need 80 Someone know how can I map ports to services? Thank you in advance 回答1: If this is something you need to do frequently,

问题 I'm using scapy function sniff() for packet capturing. I want to capture only EAP packets. I can filter EAP packets with tcpdump with following filter: # tcpdump -i mon0 -p ether proto 0x888e tcpdump: WARNING: mon0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 65535 bytes 13:04:41.949446 80847234901us tsft 48.0 Mb/s 2437 MHz 11g -16dB signal antenna

问题 I'm using Scapy to replay some dumped packets in which I change the TTL value. I've been getting very odd results even with TTL=1. When I run my test hours apart from each other, I can get from roughly 40% to 95% of packets replied to with an ICMP time-exceeded message. Then I can recursively replay unanswered packets and get each time more or less the same percentage of answered packets as before. Why is that? I've been sending packets with an interval of 0.1 seconds between each other. This

问题 I am writing a program that captures Dot11 Packets for network security testing, in these captured packets I get data as in the following for example: <RadioTap version=0 pad=0 len=36 present=TSFT+Flags+Rate+Channel+dBm_AntSignal+b14+b29+Ext notdecoded=' \x08\x00\x00\x00\x00\x00\x00\xd5~\xbb*\x00\x00\x00\x00\x10\x02\x99\t\xa0\x00\xbd\x00\x00\x00\xbd\x00' |<Dot11 subtype=11L type=Management proto=0L FCfield=retry ID=14849 addr1=48:ee:0c:f4:b7:ea addr2=00:26:82:8e:9a:d4 addr3=48:ee:0c:f4:b7:ea

问题 I am trying to capture the output of a scapy function (traceroute) to a string in a python script. I understand I need to pipe this function to stdout (as you do with subproces.call() but unsure how to do this using scapy, is anybody able to provide any assistance? I am new to Python. Relevent code below. #!/usr/bin/env python from scapy.all import traceroute traceroute('www.google.com') 回答1: You can also call traceroute like this: trace, _ = traceroute("www.example.org", verbose=0) # trace

问题 I'm trying to send and receive packets with scapy and read the RadioTap Header. The wireless adapter (and driver) is able to handle those headers, but I can't seem to get them. Whenever I send a normal packet in scapy, is does not contain such a header (thus, sniffing packets and checking one with pkt.haslayer(RadioTap) returns "0", and I am not able to display the header like with pkt[RadioTap].show() ). If I explicitely construct my packets with a RadioTap header (like in a pkt = RadioTap()

问题 I am looking for information useful for my little project that allows me to sniff web page received from a web server and before it appear in the browser I will test the content (text),then according to this test,my program blocks(or redirects) the page in case the test is false... I found a very complete library is scapy, he can sniff and forge all the traffic including http replies.. I found someone looking to do similar things , but the response suggested to develop a proxy.. my question

问题 The following code: sniff(filter = "dst aa:bb:cc:dd:ee" ) throws an error because sniff is expecting an IP, not a MAC. So how are you supposed to filter by MAC? 回答1: what about specyfing a lfilter for sniff ? zzz = sniff(lfilter=lambda d: d.src == 'aa:bb:cc:dd:ee:ff') dst and src are attributes of sniffed message. previously i have posted an answer where stop_filter was specified. i suppose that it wouldn't work for you, since scapy would stop after receving first packet that match the mac

问题 In Scapy, I want to manually match packets with their corresponding ICMP time-exceeded messages. I need to match: IP-in-ICMP field of ICMP packet IP header and first 8 bytes of my data packet The ICMP packet isn't a problem: icmpPayload = str(icmpPacket[ICMP].payload) As for the first 8 bytes of the data packet, I just need to do: str(myPacket[IP].payload)[:8] I don't know how to get only the IP header of myPacket . All I do now is replace the payload in the whole packet with its first 8