使用 Scapy 即时修改数据包? [英] Modify packets on the fly with Scapy?

问题描述

可以这样做吗?

from scapy.all import *

def action(packet):
    print packet[0][1].src + "==>" + packet[0][1].dst
    print "Rerouting to localhost"
    packet[0][1].dst = '127.0.0.1'
    print packet[0][1].src + "==>" + packet[0][1].dst
    sendp(packet)

sniff(filter="dst host 203.105.78.163",prn=action)

类似这样，但有没有办法将数据包发送到本地主机并丢弃发送到 203.105.78.163 的数据包?(不使用 iptables)

Something like this but is there a way to send the packet to localhost and drop the packet being sent to 203.105.78.163? (not using iptables)

推荐答案

没有办法做到这一点，因为 Scapy 在不干扰主机的 IP 堆栈的情况下嗅探数据包.

There is no way to do this, because Scapy sniffs packets without interfering with the host's IP stack.

您可以根据嗅探到的数据包发送另一个数据包，但不能使用 Scapy丢弃数据包".

You could send another packet based on a sniffed packet, but you cannot "drop the packet" with Scapy.

我能想到的唯一解决方案，在 Linux 下，涉及 iptables + libnfqueue 及其 Python 绑定 + Scapy.但显然，如果你只是想重新路由一个数据包，单独使用 iptables 就足够了，而且要好得多.

The only solution I can think of, under Linux, involves iptables + libnfqueue and its Python bindings + Scapy. But obviously, if you just want to reroute a packet, iptables alone is enough, and much better.

在任何其他操作系统下，您无论如何都需要某种防火墙软件来将数据包传递给用户程序(如 Linux 下的 libnfqueue，在这里您可以使用 Scapy 魔法)或篡改数据包本身.

Under any other OS, you need anyway to have some kind of firewall software to either pass the packet to a userland program (like libnfqueue under Linux, here you can do your Scapy magic) or tamper the packet itself.

也许您可以看看 IPS 软件(suricata?)，因为根据某些标准篡改数据包是 IPS 的作用.

Maybe you could have a look at IPS softwares (suricata?), since tampering packets based on some criteria is what does an IPS.

这篇关于使用 Scapy 即时修改数据包?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！