在scapy中通过物理环回发送数据包
Sending a packet over physical loopback in scapy
我最近发现了 Scapy,它看起来很棒
我正在尝试查看通过我的 NIC 上的物理环回模块/存根的简单流量。
但是 Scapy 嗅探没有给出任何东西
我正在做的发送数据包是:
payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)
f.open('scapylog.log', 'w')
f.write(str(snf))
with src_mac = 我的 mac 地址 & dsp_ip 我的 IP 地址。 "spoof" 字段只是随机(有效)mac 和 ip 值。
生成的嗅探/日志文件为空。没有什么可报告的
我可以通过每次调用此脚本时递增的接口 ifconfig 统计信息看到网络中的流量 - 因此流量在流动...
如果有人知道为什么我看不到我的流量,我很乐意听到:)
谢谢!
我自己在寻找类似的解决方案时偶然发现了您的问题。我在 Scapy Troubleshooting 页面上找到了这个:
The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.
In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):
>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>
我最近发现了 Scapy,它看起来很棒
我正在尝试查看通过我的 NIC 上的物理环回模块/存根的简单流量。
但是 Scapy 嗅探没有给出任何东西
我正在做的发送数据包是:
payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)
f.open('scapylog.log', 'w')
f.write(str(snf))
with src_mac = 我的 mac 地址 & dsp_ip 我的 IP 地址。 "spoof" 字段只是随机(有效)mac 和 ip 值。
生成的嗅探/日志文件为空。没有什么可报告的
我可以通过每次调用此脚本时递增的接口 ifconfig 统计信息看到网络中的流量 - 因此流量在流动...
如果有人知道为什么我看不到我的流量,我很乐意听到:)
谢谢!
我自己在寻找类似的解决方案时偶然发现了您的问题。我在 Scapy Troubleshooting 页面上找到了这个:
The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.
In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):
>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>