Scapy2

ls()查看包的结构

1
2
3
from scapy.all import *
pkt = Ether()/IP()/TCP()
ls(pkt)
dst        : DestMACField                        = 'ff:ff:ff:ff:ff:ff' ('None')
src        : SourceMACField                      = '00:00:00:00:00:00' ('None')
type       : XShortEnumField                     = 2048            ('36864')
--
version    : BitField  (4 bits)                  = 4               ('4')
ihl        : BitField  (4 bits)                  = None            ('None')
tos        : XByteField                          = 0               ('0')
len        : ShortField                          = None            ('None')
id         : ShortField                          = 1               ('1')
flags      : FlagsField                          = <Flag 0 ()>     ('<Flag 0 ()>')
frag       : BitField  (13 bits)                 = 0               ('0')
ttl        : ByteField                           = 64              ('64')
proto      : ByteEnumField                       = 6               ('0')
chksum     : XShortField                         = None            ('None')
src        : SourceIPField                       = '127.0.0.1'     ('None')
dst        : DestIPField                         = '127.0.0.1'     ('None')
options    : PacketListField                     = []              ('[]')
--
sport      : ShortEnumField                      = 20              ('20')
dport      : ShortEnumField                      = 80              ('80')
seq        : IntField                            = 0               ('0')
ack        : IntField                            = 0               ('0')
dataofs    : BitField  (4 bits)                  = None            ('None')
reserved   : BitField  (3 bits)                  = 0               ('0')
flags      : FlagsField                          = <Flag 2 (S)>    ('<Flag 2 (S)>')
window     : ShortField                          = 8192            ('8192')
chksum     : XShortField                         = None            ('None')
urgptr     : ShortField                          = 0               ('0')
options    : TCPOptionsField                     = []              ("b''")

使用lsc()查看scapy支持的函数

1
lsc()

raw()以字节格式显示数据包内容

1
print(raw(pkt))
b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00'

hexdump(pkt)以类似wireshark的形式显示数据包

1
print(hexdump(pkt))
0000  FF FF FF FF FF FF 00 00 00 00 00 00 08 00 45 00  ..............E.
0010  00 28 00 01 00 00 40 06 7C CD 7F 00 00 01 7F 00  .(....@.|.......
0020  00 01 00 14 00 50 00 00 00 00 00 00 00 00 50 02  .....P........P.
0030  20 00 91 7C 00 00                                 ..|..
None

pkt.summary()简洁显示数据包

1
print(pkt.summary())
Ether / IP / TCP 127.0.0.1:ftp_data > 127.0.0.1:http S

1
pkt.show()
###[ Ethernet ]### 
  dst       = ff:ff:ff:ff:ff:ff
  src       = 00:00:00:00:00:00
  type      = IPv4
###[ IP ]### 
     version   = 4
     ihl       = None
     tos       = 0x0
     len       = None
     id        = 1
     flags     = 
     frag      = 0
     ttl       = 64
     proto     = tcp
     chksum    = None
     src       = 127.0.0.1
     dst       = 127.0.0.1
     \options   \
###[ TCP ]### 
        sport     = ftp_data
        dport     = http
        seq       = 0
        ack       = 0
        dataofs   = None
        reserved  = 0
        flags     = S
        window    = 8192
        chksum    = None
        urgptr    = 0
        options   = ''

None

数据包读写

1
2
wrpcap("temp.cap",pkt)#将数据包写入temp.cap
pkts = rdpcap("temp.cap")#读数据包

发送数据包,只发不收,用来攻击

1
2
sendp(pkt)#发送Ether数据包(如果想发送给一个IP地址)
send(pkt)#发送IP数据包(发送给一个MAC地址)

发送并接收数据包

1
2
3
sr(pkt)#发送IP数据包
ans,uans=sr(pkt)#ans储存收到应答的包和其对应的应答包,uans储存未收到应答的包
ans.summary()#查看简洁信息
1
2
3
sr1(pkt)#发送IP数据包,只返回一个应答数据包
ans=sr(pkt)#没有uans
ans.summary()
1
2
ans=srp(pkt)#发送MAC数据包
print(ans)#因为返回的是元组,直接打印,不能summary