在 scapy 中通过物理环回发送数据包 [英] Sending a packet over physical loopback in scapy

问题描述

我最近发现了 Scapy &看起来很棒

我正在尝试查看 NIC 上物理环回模块/存根上的简单流量.

但是 Scapy 的嗅探没有任何作用

我正在做的发送数据包是:

payload = 'data'*10snf = sniff(filter="icmp", iface="eth0")对于 x 范围内的 x(1, 10):sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)f.open('scapylog.log', 'w')f.write(str(snf))

with src_mac = 我的 mac 地址 &dsp_ip 我的 IP 地址.欺骗"字段只是随机(有效)mac &ip 值.

结果嗅探/日志文件是空的.没什么可报告的

我可以通过接口的 ifconfig 统计信息看到网络中的流量在我每次调用此脚本时都会增加 - 所以流量正在流动...

如果有人知道为什么我没有看到我的流量，我很高兴听到:)

谢谢！

解决方案

在自己寻找类似解决方案时偶然发现了您的问题.我在 Scapy 故障排除 页面上找到了这个:

<块引用>

环回接口是一个非常特殊的接口.通过它的数据包并没有真正组装和拆卸.内核将数据包路由到其目的地，同时它仍存储在内部结构中.你用 tcpdump -i lo 看到的只是假的，让你觉得一切正常.内核不知道 Scapy 在背后做什么，所以你在环回接口上看到的也是假的.除了这个不是来自本地结构.因此内核永远不会收到它.

为了与本地应用程序通信，您需要在上层构建数据包，使用 PF_INET/SOCK_RAW 套接字而不是 PF_PACKET/SOCK_RAW(或在 Linux 以外的其他系统上的等效项):

<预><代码>>>>conf.L3socket<class __main__.L3PacketSocket at 0xb7bdf5fc>>>>conf.L3socket=L3RawSocket>>>sr1(IP(dst="127.0.0.1")/ICMP())<IP 版本=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMPtype=echo-r​​eply code=0 chksum=0xffff id=0x0 seq=0x0 |>>

I've recently discovered Scapy & it looks wonderful

I'm trying to look at simple traffic over a physical loopback module / stub on my NIC.

But Scapy sniff doesn't give anything

What I'm doing to send a packet is:

payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
  sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)

f.open('scapylog.log', 'w')
f.write(str(snf))

with src_mac = my mac address & dsp_ip my ip address. the "spoof" fields are just random (valid) mac & ip values.

The resulting sniff / logfile is empty. nothing to report

I can see that traffic is going in the network through the ifconfig stats of the interfaces that increment each time I call this script - so traffic is flowing...

If someone has an idea why I'm not seeing my traffic I'd be happy to hear :)

Thanks!

解决方案

Just stumbled across your question while looking for a similar solution myself. I found this on the Scapy Troubleshooting page:

The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.

In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):

>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP  version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP  type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>

这篇关于在 scapy 中通过物理环回发送数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！