博客主要演示了ls()/lsc()用法,介绍了Scapy利用“/”符号生成数据包,以及sr/send发送3层包、srp/sendp发送2层包的操作。还提及Scapy与PyShark结合进行实时抓包和TCPReplay,因Scapy.sniff函数限制,用PyShark代替,且Scapy可读取/重放PyShark生成的pcap文件。
1. 演示ls()/lsc()用法:
##Exec1.py
from scapy.all import *
## 列出scapy支持的命令
def ListScapyCmd():
lsc()
## 列出指定协议的各个字段, 用于构成packet
def ListProtocolField(protoclName):
ls(protoclName)
if __name__ == "__main__":
print("\nexample of lsc()\n")
ListScapyCmd()
print("\nexample of ls()\n")
ListProtocolField(TCP)
输出:
2.Scapy "/" 符号生成数据包, sr/send发送3层包. srp/sendp发送2层包.
## Exec2.py
from scapy.all import *
ifaceName = 'VMware Network Adapter VMnet8'
dstIP = '192.168.70.134'
dstMac = '00:0C:29:FB:48:0A'
srcIP = '192.168.70.1'
srcMac = '00:50:56:C0:00:08'
def ARPPacket():
## 构造以太网层
etherLayer = Ether(dst=dstMac)
## 构造ARP-echo包
arpLayer = ARP(hwtype=1,
ptype=0x800,
hwsrc=srcMac,
psrc=srcIP,
hwdst=dstMac,
pdst=dstIP)
arpRequest = etherLayer/arpLayer
## use sendp to send level 2 packet
## 二层包需要用sendp发送
sendp(arpRequest, iface=ifaceName, loop=200)
def ICMPPacket():
ipLayer = IP(dst=dstIP)
## 模仿nmap -PP command, 构造ICMP包
icmpTimestampRequest = ICMP(type=13,code=0) ## ICMP, timestamp request
## 模仿nmap -PM command
icmpMacRequest = ICMP(type=17,code=0) ## ICMP, Mac address request
## 模仿nmap -PE command
icmpEchoRequest = ICMP(type=8,code=0) ## ICMP, echo request
for i in range(500):
pack = ipLayer/icmpTimestampRequest
send(pack,iface=ifaceName)
pack = ipLayer/icmpMacRequest
send(pack,iface=ifaceName)
pack = ipLayer/icmpEchoRequest
## use sendp to send level 3 packet
send(pack,iface=ifaceName)
def TCPPacket():
ipLayer = IP(dst=dstIP, src=srcIP)
tcpLayer = TCP(dport=[22,23,80,443,8080])
pack = ipLayer/tcpLayer
sr1(pack,iface=ifaceName,timeout=3)
def TCPPacketFlags():
## 构造IP层
ipLayer = IP(dst=dstIP, src=srcIP)
## 构造TCP层, 向192.168.70.134:22,23,80,443,8080 5个端口发送TCP reset包(flags=RST)
tcpLayer = TCP(dport=[22,23,80,443,8080],flags="R")
## 构造包
pack = ipLayer/tcpLayer
sr1(pack,iface=ifaceName,timeout=3)
if __name__ == "__main__":
TCPPacket()
TCPPacketFlags()
ICMPPacket()
ARPPacket()
Wireshark输出:
3.Scapy+PyShark实时抓包/TCPReplay. Scapy.sniff函数无法用display filter, 只能用PyShark代替. Scapy读取/重放 PyShark生成的pcap文件
## Exec3.py
from scapy.all import *
from pyshark import *
## live capture and file capture
ifaceName = 'VMware Network Adapter VMnet8'
path2tshark = 'C:\\Program Files\\Wireshark\\tshark.exe'
path2pCapFile = 'C:\\Users\\Eugene\\Desktop\\studio\\scapyMod\\1.pcap'
## scapy.sniff只能应用wireshark capture-filter,不能应用wireshark display-filter, 抓特定类型的packet需要通过pyshark中转.
## pyshark.LiveCapture一定要指定tshark_path(ex:C:\Program Files\Wireshark\tshark.exe)
## pyshark.LiveCapture.output_file指定pcap保存路径, 供scapy模块rdpcap/wrpcap使用
def PysharkLiveCapture():
capObj = LiveCapture(interface=ifaceName,
display_filter = "",
bpf_filter = "",
tshark_path = path2tshark,
output_file = path2pCapFile)
capObj.sniff(timeout=120)
def HandleLiveCapture():
capturedPacks = rdpcap(path2pCapFile)
for pack in capturedPacks:
try:
## 用haslayer判断是否为IP包
if pack.haslayer(IP) == True:
print("pack.SrcIP: "+pack[IP].src+"\tpack.DstIp: "+pack[IP].dst)
## 用haslayer判断是否为ICMP包
if pack.haslayer(ICMP) == True:
## 解析ICMP包中的各个字段
print("pack[ICMP].type:"+str(pack[ICMP].type)+" pack[ICMP].code:"+str(pack[ICMP].code))
except:
print("exception")
if __name__ == "__main__":
## PysharkLiveCapture()
HandleLiveCapture()
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
