Python Scapy --arp 请求和响应 [英] Python Scapy --arp request and response
问题描述
我用这条线发送一个 arp 数据包广播:
I send a arp packet broadcast with this line:
send(ARP(op=ARP.who_has, psrc="192.168.5.51", pdst=the_ip))
我的问题是:我如何查看响应(在这种情况下:远程 ip 的 mac)?我知道我可以做到:
My question is: How can I view the response (in this case: the mac of the remote ip)? I know I can do:
pkt = sniff(filter=arp , count=10)
print (pkt.summary())
但我不想计算数据包,因为我不知道什么时候会打印(可能在接下来的 10 或 100 个数据包中)
But I do not want to count the packets because I do not know when it will be printed (could be in the next 10 or 100 packets)
有没有办法在嗅探时打印摘要,从而查看我正在寻找的 mac 地址?
Is there a way to while it is sniffing, to print the summary and thus, see the mac adress I am looking for?
我有一个想法,我可以嗅探 10 个数据包,如果数据包中的 ip 打印 mac 地址,否则再嗅探 10 个数据包......这种技术似乎不是一个好的技术...
I have an idea, Could I sniff 10 packets, if there is the ip in the packets print the mac adress, else sniff 10 more packets... This technique doesn't seems to be a good one tho...
推荐答案
Scapy 的用户手册 建议使用 sr() 或 sr1() 函数用于发送数据包和接收答案:
Scapy's user manual suggests using the sr() or sr1() function for sending packets and receiving answers:
sr() 函数用于发送数据包和接收应答.该函数返回几个数据包和答案,以及未应答的数据包.函数 sr1() 是一个变体,它只返回一个响应发送的数据包(或数据包集)的数据包.数据包必须是第 3 层数据包(IP、ARP 等).函数 srp() 对第 2 层数据包(以太网、802.3 等)执行相同的操作
The
sr()function is for sending packets and receiving answers. The function returns a couple of packet and answers, and the unanswered packets. The functionsr1()is a variant that only returns one packet that answered the packet (or the packet set) sent. The packets must be layer 3 packets (IP, ARP, etc.). The functionsrp()does the same for layer 2 packets (Ethernet, 802.3, etc.)
官方 API 文档 指定了它们的完整签名.这些似乎是此用例的相关参数:
The official API documentation specifies their full signature. These seem to be the relevant arguments for this use-case:
retry:如果是肯定的,重新发送未应答数据包的次数.如果是否定的,则在放弃之前有多少连续未回答的探测.只有负值才是真正有用的.timeout:发送最后一个数据包后等待的时间.经过默认情况下,sr 将永远等待,用户将不得不在他期望没有更多答案时中断(Ctrl-C).inter:发送每个数据包之间等待的时间(以秒为单位).
retry: if positive, how many times to resend unanswered packets. if negative, how many consecutive unanswered probes before giving up. Only the negative value is really useful.
timeout: how much time to wait after the last packet has been sent. By default,srwill wait forever and the user will have to interrupt (Ctrl-C) it when he expects no more answers.
inter: time in seconds to wait between each packet sent.
这是一个带有 sr() 函数的执行示例:
Here is an execution example with the sr() function:
In [1]: from scapy.all import *
WARNING: No route found for IPv6 destination :: (no default route?)
In [2]: results, unanswered = sr(ARP(op=ARP.who_has, psrc='192.168.1.2', pdst='192.168.1.1'))
Begin emission:
.....*Finished to send 1 packets.
Received 6 packets, got 1 answers, remaining 0 packets
In [3]: results
Out[3]: <Results: TCP:0 UDP:0 ICMP:0 Other:1>
In [4]: result = results[0]
In [5]: result
Out[5]:
(<ARP op=who-has psrc=192.168.1.2 pdst=192.168.1.1 |>,
<ARP hwtype=0x1 ptype=0x800 hwlen=6 plen=4 op=is-at hwsrc=XX:XX:XX:XX:XX:XX psrc=192.168.1.1 hwdst=XX:XX:XX:XX:XX:XX pdst=192.168.1.2 |>)
In [6]: original_packet, answer = result
In [7]: original_packet
Out[7]: <ARP op=who-has psrc=192.168.1.2 pdst=192.168.1.1 |>
In [8]: answer
Out[8]: <ARP hwtype=0x1 ptype=0x800 hwlen=6 plen=4 op=is-at hwsrc=XX:XX:XX:XX:XX:XX psrc=192.168.1.1 hwdst=XX:XX:XX:XX:XX:XX pdst=192.168.1.2 |>
In [9]: answer.hwsrc
Out[9]: 'XX:XX:XX:XX:XX:XX'
这是一个带有 sr1() 函数的执行示例:
Here is an execution example with the sr1() function:
In [10]: result = sr1(ARP(op=ARP.who_has, psrc='192.168.1.2', pdst='192.168.1.1'))
Begin emission:
.....Finished to send 1 packets.
*
Received 6 packets, got 1 answers, remaining 0 packets
In [11]: result
Out[11]: <ARP hwtype=0x1 ptype=0x800 hwlen=6 plen=4 op=is-at hwsrc=XX:XX:XX:XX:XX:XX psrc=192.168.1.1 hwdst=XX:XX:XX:XX:XX:XX pdst=192.168.1.2 |>
In [12]: result.hwsrc
Out[12]: 'XX:XX:XX:XX:XX:XX'
注意:这个问题的另一个答案演示了如何提取 MAC 地址并且编辑了这个答案以反映它.
Note: An another answer to this question demonstrates how the MAC address can be extracted and this answer was edited to reflect it as well.
这篇关于Python Scapy --arp 请求和响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
