在 scapy 中使用更改的 src/dst 从 pcap 发送数据包 [英] Sending packets from pcap with changed src/dst in scapy

问题描述

我正在尝试使用 scapy 发送先前记录的流量(以 pcap 格式捕获).目前我被困在对原始以太层进行条带化.流量是在另一台主机上捕获的，我基本上需要更改 IP 和以太网层 src 和 dst.我设法更换了 IP 层并重新计算了校验和，但以太层给我带来了麻烦.

I am trying to send a previously recorded traffic (captured in pcap format) with scapy. Currently I am stuck at striping original Ether layer. The traffic was captured on another host and I basically need to change both IP and Ether layer src and dst. I managed to replace IP layer and recalculate checksums, but Ether layer gives me trouble.

任何人都有过从捕获文件重新发送数据包并对 IP 和以太网层(src 和 dst)进行更改的经验?此外，捕获量相当大，有这么大的流量，性能如何?

Anyone has experience resending packets from capture file with applied changes to IP and Ether layer(src and dst)? Also, the capture is rather big couple of Gb, how about scapy performance with such amounts of traffic?

推荐答案

检查这个例子

from scapy.all import *
from scapy.utils import rdpcap

pkts=rdpcap("FileName.pcap")  # could be used like this rdpcap("filename",500) fetches first 500 pkts
for pkt in pkts:
     pkt[Ether].src= new_src_mac  # i.e new_src_mac="00:11:22:33:44:55"
     pkt[Ether].dst= new_dst_mac
     pkt[IP].src= new_src_ip # i.e new_src_ip="255.255.255.255"
     pkt[IP].dst= new_dst_ip
     sendp(pkt) #sending packet at layer 2

评论:

• 使用 rdpcap,wrpcap scapy 方法读取和写入 pcap 格式的文件
• 你可以使用 sniff(offline="filename") 来读取数据包，你可以使用 prn 参数像这样 sniff(offline="filename",prn=My_Function) 在这种情况下，My_Functions 将应用于嗅探的每个包
• 编写新 ip 或 mac 的正确方法是将其视为字符串，例如:ip="1.1.1.1" 等，如上所示.
• 例如:for循环中包含的sendp方法比使其他循环发送数据包慢
• 性能提示:在 python 中使用 for 循环太慢了，如果你想要使用 map速度就像 C 中的 for 循环，参考
• 上面使用的 rdpcap 会立即读取文件，如果读取时可用内存为 1.5 Gb，而您正在读取 2,3,.. Gb 文件，它将失败.
• 如果性能问题对您很关键，您可以使用 winpcap 但您必须编写更多C 中的复杂代码；使用 python/scapy 执行相同的任务非常简单，但它并不比 C 快
• 这取决于所需的性能水平使用哪一种
• 如果我的猜测是对的，您在这种情况下发送的是视频流数据包，如果我发送的是 1 兆像素视频或其他情况下的 scapy(每帧较小)，我将使用 winpcap
• 在使用 C/winpcap 的情况下，您将在读取 pcaps 和更改数据并重新发送时获得出色的性能，但您必须注意相同的问题(大文件)，您必须创建一个适当大小的缓冲区使用它来读取发送数据包的性能非常好
• 如果数据包大小恒定(我猜这在大多数情况下很少见)，您可能有一个优势，可以充分利用可用内存
• 如果你想在整个项目/程序"中使用 python/scapy，你可以在 C/Wincap 中创建高性能函数并编译为 dll 然后你可以将此 dll 导入你的 python 程序，你可以在里面使用它一个python程序.通过这种方式，您可以获得非常简单的 Python/Scapy 的好处，并且您只需在 c 中编写特定的函数，这样您就可以更快地完成工作并使您的代码更加专注和可维护

• use rdpcap,wrpcap scapy methods to read and write from pcap formatted file
• you can use sniff(offline="filename") to read packets and you may use prn parameter like this sniff(offline="filename",prn=My_Function) in this case My_Functions will be applied to every pkt sniffed
• the correct way to write your new ip or mac is to consider it as a string ex: ip="1.1.1.1" and so on as illustrated above.
• in example: sendp method included in for loop which is slower than making other loop to send packets
• performance tip: in python using for loops is too slow use map instead if you would like a speed like a for loop in C ,Ref
• the rdpcap as used above reads the file at once, if the memory available while reading say 1.5 Gb and you are reading a 2,3,.. Gb file it will fail.
• if the performance issue is critical for you may use winpcap but you have to write more complex code in C;doing the same task using python/scapy is pretty easy an simple but it is not faster than c
• it depends which one to use on the level of performance needed
• if my guess is right you are sending a video stream packets in this case i would use a winpcap if i am sending an 1 mega pixel video or scapy in other cases(lower size per frame)
• in case of using C/winpcap you will get a great performance in reading pcaps and change the data and resend but you have to be aware of the same problem (large files) you have to create a buffer with a proper size to use it for reading sending the packets in a quite performance
• if the packet size is constant(which is rare in most cases, i guess) you may have an advantage get the most of your available memory
• if you want to use python/scapy for the whole "project/program" you may create the high performance functions in C/Wincap and compile as dll then you can import this dll to your python program and you can use it inside a python program. This way you get benefits of wonderful easy python/Scapy and you only write a specific functions in c so you can get your job done faster and your code to be focused and maintainable

这篇关于在 scapy 中使用更改的 src/dst 从 pcap 发送数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！