python2.7的scapy安装以及报文分析
来源:互联网 发布:蓝莲花网络 编辑:程序博客网 时间:2024/06/06 04:08
1、scapy的安装
(1)安装python2.7(已经安装的不需要安装)
(2)安装Npcap(没有32位64位的分别)
(3)安装pyreadline,pip install pyreadline
(4)用命令行进入scapy-master目录,python setup.py install就可以啦
(5)测试安装成功
import sys
import struct
from scapy.all import *
data = struct.pack('ssssssss','w','a','n','g','p','e','n','g')
pkt = IP(src='10.0.3.83', dst='10.0.3.88')/TCP(sport=12345,dport=5555)/data
send(pkt, inter=1, count=5)
(2)安装Npcap(没有32位64位的分别)
(3)安装pyreadline,pip install pyreadline
(4)用命令行进入scapy-master目录,python setup.py install就可以啦
(5)测试安装成功
import sys
import struct
from scapy.all import *
data = struct.pack('ssssssss','w','a','n','g','p','e','n','g')
pkt = IP(src='10.0.3.83', dst='10.0.3.88')/TCP(sport=12345,dport=5555)/data
send(pkt, inter=1, count=5)
scapy下载地址http://download.csdn.net/download/zhangshan1020/10163021
2、新增自定义报文
以isis为例
(1)将新增的isis.py放入C:\Python27\Lib\site-packages\scapy\layers路径下
(2)在C:\Python27\Lib\site-packages\scapy\config.py中将isis添加在load_layers里
load_layers = ["l2", "inet", "dhcp", "dns", "dot11", "gprs",
"hsrp", "inet6", "ir", "isakmp", "l2tp", "mgcp",
"mobileip", "netbios", "netflow", "ntp", "ppp", "pptp",
"radius", "rip", "rtp", "skinny", "smb", "snmp",
"tftp", "x509", "bluetooth", "dhcp6", "llmnr",
"sctp", "vrrp", "ipsec", "lltd", "vxlan", "eap",'isis']
(3)基本扩充的协议都在C:\Python27\Lib\site-packages\scapy\contrib这个目录下,大部分协议就有了
(1)将新增的isis.py放入C:\Python27\Lib\site-packages\scapy\layers路径下
(2)在C:\Python27\Lib\site-packages\scapy\config.py中将isis添加在load_layers里
load_layers = ["l2", "inet", "dhcp", "dns", "dot11", "gprs",
"hsrp", "inet6", "ir", "isakmp", "l2tp", "mgcp",
"mobileip", "netbios", "netflow", "ntp", "ppp", "pptp",
"radius", "rip", "rtp", "skinny", "smb", "snmp",
"tftp", "x509", "bluetooth", "dhcp6", "llmnr",
"sctp", "vrrp", "ipsec", "lltd", "vxlan", "eap",'isis']
(3)基本扩充的协议都在C:\Python27\Lib\site-packages\scapy\contrib这个目录下,大部分协议就有了
3、分析报文
分析报文
>>> pkts=rdpcap('C:\\Users\\admin\\Desktop\\lsp.pcap')
>>> data = pkts.show()
0000 802.3 00:0e:5e:77:44:b9 > 01:80:c2:00:00:14 / LLC / ISIS_CommonHdr / ISIS_L1_LSP / Padding
>>> a = pkts[0]
>>> a
<Dot3 dst=01:80:c2:00:00:14 src=00:0e:5e:77:44:b9 len=194 |<LLC dsap=0xfe ssap=0xfe ctrl=3 |<ISIS_CommonHdr nlpid=ISO 10589 IS-IS hdrlen=27 version=1 idlen=0 pdutype=L1 LSP pduversion=1 hdrreserved=0 maxareaaddr=0 |<ISIS_L1_LSP pdulength=191 lifetime=19 lspid='0000.0000.0001.00-00' seqnum=0x686 checksum=0xa86b typeblock=L1+L2 tlvs=[<ISIS_AreaTlv type=Area TLV len=12 areas=[<ISIS_AreaEntry arealen=3 areaid='49.0001' |>, <ISIS_AreaEntry arealen=3 areaid='49.0002' |>, <ISIS_AreaEntry arealen=3 areaid='49.0003' |>] |>, <ISIS_ProtocolsSupportedTlv type=Protocols Supported TLV len=2 nlpids=[IPv4, IPv6] |>, <ISIS_DynamicHostnameTlv type=Dynamic Hostname TLV len=9 hostname='iTN8800-1' |>, <ISIS_IpInterfaceAddressTlv type=IP Interface Address TLV len=4 addresses=[3.3.1.1] |>, <ISIS_InternalIpReachabilityTlv type=IP Internal Reachability TLV len=24 entries=[<ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=2.2.1.0 subnetmask=255.255.255.0 |>, <ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=1.1.1.0 subnetmask=255.255.255.0 |>] |>, <ISIS_Ipv6InterfaceAddressTlv type=IPv6 Interface Address TLV len=32 addresses=[ 3ffe::101:101, 3ffe::303:101 ] |>, <ISIS_Ipv6ReachabilityTlv type=IPv6 Reachability TLV len=42 pfxs=[<ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::101:100/120' |>, <ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::303:100/120' |>] |>, <ISIS_IsReachabilityTlv type=IS Reachability TLV len=23 virtual=0 neighbours=[<ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0101.0101.0101.01' |>, <ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0000.0000.0001.02' |>] |>] |<Padding load='\xc4\xa7\xa7|' |>>>>>
>>> type(a)
<class 'scapy.layers.l2.Dot3'>
利用a.payload.field来递进访问需要的字段,其中的payload可以多次递进从而可以修改报文
>>> pkts=rdpcap('C:\\Users\\admin\\Desktop\\lsp.pcap')
>>> data = pkts.show()
0000 802.3 00:0e:5e:77:44:b9 > 01:80:c2:00:00:14 / LLC / ISIS_CommonHdr / ISIS_L1_LSP / Padding
>>> a = pkts[0]
>>> a
<Dot3 dst=01:80:c2:00:00:14 src=00:0e:5e:77:44:b9 len=194 |<LLC dsap=0xfe ssap=0xfe ctrl=3 |<ISIS_CommonHdr nlpid=ISO 10589 IS-IS hdrlen=27 version=1 idlen=0 pdutype=L1 LSP pduversion=1 hdrreserved=0 maxareaaddr=0 |<ISIS_L1_LSP pdulength=191 lifetime=19 lspid='0000.0000.0001.00-00' seqnum=0x686 checksum=0xa86b typeblock=L1+L2 tlvs=[<ISIS_AreaTlv type=Area TLV len=12 areas=[<ISIS_AreaEntry arealen=3 areaid='49.0001' |>, <ISIS_AreaEntry arealen=3 areaid='49.0002' |>, <ISIS_AreaEntry arealen=3 areaid='49.0003' |>] |>, <ISIS_ProtocolsSupportedTlv type=Protocols Supported TLV len=2 nlpids=[IPv4, IPv6] |>, <ISIS_DynamicHostnameTlv type=Dynamic Hostname TLV len=9 hostname='iTN8800-1' |>, <ISIS_IpInterfaceAddressTlv type=IP Interface Address TLV len=4 addresses=[3.3.1.1] |>, <ISIS_InternalIpReachabilityTlv type=IP Internal Reachability TLV len=24 entries=[<ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=2.2.1.0 subnetmask=255.255.255.0 |>, <ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=1.1.1.0 subnetmask=255.255.255.0 |>] |>, <ISIS_Ipv6InterfaceAddressTlv type=IPv6 Interface Address TLV len=32 addresses=[ 3ffe::101:101, 3ffe::303:101 ] |>, <ISIS_Ipv6ReachabilityTlv type=IPv6 Reachability TLV len=42 pfxs=[<ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::101:100/120' |>, <ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::303:100/120' |>] |>, <ISIS_IsReachabilityTlv type=IS Reachability TLV len=23 virtual=0 neighbours=[<ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0101.0101.0101.01' |>, <ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0000.0000.0001.02' |>] |>] |<Padding load='\xc4\xa7\xa7|' |>>>>>
>>> type(a)
<class 'scapy.layers.l2.Dot3'>
利用a.payload.field来递进访问需要的字段,其中的payload可以多次递进从而可以修改报文
4、针对十六进制字符串的处理
>>>a = binascii.a2b_hex('0180c2000014000e5e7744b900c2fefe03831b01001201000000bf0013000000000001000000000686a86b03010c0349000103490002034900038102cc8e890969544e383830302d3184040303010180180a80808002020100ffffff000a80808001010100ffffff00e8203ffe00000000000000000000010101013ffe0000000000000000000003030101ec2a0000000a00783ffe000000000000000000000101010000000a00783ffe000000000000000000000303010217000a808080010101010101010a80808000000000000102c4a7a77c')
>>> a
'\x01\x80\xc2\x00\x00\x14\x00\x0e^wD\xb9\x00\xc2\xfe\xfe\x03\x83\x1b\x01\x00\x12\x01\x00\x00\x00\xbf\x00\x13\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x06\x86\xa8k\x03\x01\x0c\x03I\x00\x01\x03I\x00\x02\x03I\x00\x03\x81\x02\xcc\x8e\x89\tiTN8800-1\x84\x04\x03\x03\x01\x01\x80\x18\n\x80\x80\x80\x02\x02\x01\x00\xff\xff\xff\x00\n\x80\x80\x80\x01\x01\x01\x00\xff\xff\xff\x00\xe8 ?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x01?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x03\x01\x01\xec*\x00\x00\x00\n\x00x?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\x00\x00\n\x00x?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x03\x01\x02\x17\x00\n\x80\x80\x80\x01\x01\x01\x01\x01\x01\x01\n\x80\x80\x80\x00\x00\x00\x00\x00\x01\x02\xc4\xa7\xa7|'
>>> b = Ether(a)
>>> b
<Dot3 dst=01:80:c2:00:00:14 src=00:0e:5e:77:44:b9 len=194 |<LLC dsap=0xfe ssap=0xfe ctrl=3 |<ISIS_CommonHdr nlpid=ISO 10589 IS-IS hdrlen=27 version=1 idlen=0 pdutype=L1 LSP pduversion=1 hdrreserved=0 maxareaaddr=0 |<ISIS_L1_LSP pdulength=191 lifetime=19 lspid='0000.0000.0001.00-00' seqnum=0x686 checksum=0xa86b typeblock=L1+L2 tlvs=[<ISIS_AreaTlv type=Area TLV len=12 areas=[<ISIS_AreaEntry arealen=3 areaid='49.0001' |>, <ISIS_AreaEntry arealen=3 areaid='49.0002' |>, <ISIS_AreaEntry arealen=3 areaid='49.0003' |>] |>, <ISIS_ProtocolsSupportedTlv type=Protocols Supported TLV len=2 nlpids=[IPv4, IPv6] |>, <ISIS_DynamicHostnameTlv type=Dynamic Hostname TLV len=9 hostname='iTN8800-1' |>, <ISIS_IpInterfaceAddressTlv type=IP Interface Address TLV len=4 addresses=[3.3.1.1] |>, <ISIS_InternalIpReachabilityTlv type=IP Internal Reachability TLV len=24 entries=[<ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=2.2.1.0 subnetmask=255.255.255.0 |>, <ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=1.1.1.0 subnetmask=255.255.255.0 |>] |>, <ISIS_Ipv6InterfaceAddressTlv type=IPv6 Interface Address TLV len=32 addresses=[ 3ffe::101:101, 3ffe::303:101 ] |>, <ISIS_Ipv6ReachabilityTlv type=IPv6 Reachability TLV len=42 pfxs=[<ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::101:100/120' |>, <ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::303:100/120' |>] |>, <ISIS_IsReachabilityTlv type=IS Reachability TLV len=23 virtual=0 neighbours=[<ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0101.0101.0101.01' |>, <ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0000.0000.0001.02' |>] |>] |<Padding load='\xc4\xa7\xa7|' |>>>>>
>>> a
'\x01\x80\xc2\x00\x00\x14\x00\x0e^wD\xb9\x00\xc2\xfe\xfe\x03\x83\x1b\x01\x00\x12\x01\x00\x00\x00\xbf\x00\x13\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x06\x86\xa8k\x03\x01\x0c\x03I\x00\x01\x03I\x00\x02\x03I\x00\x03\x81\x02\xcc\x8e\x89\tiTN8800-1\x84\x04\x03\x03\x01\x01\x80\x18\n\x80\x80\x80\x02\x02\x01\x00\xff\xff\xff\x00\n\x80\x80\x80\x01\x01\x01\x00\xff\xff\xff\x00\xe8 ?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x01?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x03\x01\x01\xec*\x00\x00\x00\n\x00x?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\x00\x00\n\x00x?\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x03\x01\x02\x17\x00\n\x80\x80\x80\x01\x01\x01\x01\x01\x01\x01\n\x80\x80\x80\x00\x00\x00\x00\x00\x01\x02\xc4\xa7\xa7|'
>>> b = Ether(a)
>>> b
<Dot3 dst=01:80:c2:00:00:14 src=00:0e:5e:77:44:b9 len=194 |<LLC dsap=0xfe ssap=0xfe ctrl=3 |<ISIS_CommonHdr nlpid=ISO 10589 IS-IS hdrlen=27 version=1 idlen=0 pdutype=L1 LSP pduversion=1 hdrreserved=0 maxareaaddr=0 |<ISIS_L1_LSP pdulength=191 lifetime=19 lspid='0000.0000.0001.00-00' seqnum=0x686 checksum=0xa86b typeblock=L1+L2 tlvs=[<ISIS_AreaTlv type=Area TLV len=12 areas=[<ISIS_AreaEntry arealen=3 areaid='49.0001' |>, <ISIS_AreaEntry arealen=3 areaid='49.0002' |>, <ISIS_AreaEntry arealen=3 areaid='49.0003' |>] |>, <ISIS_ProtocolsSupportedTlv type=Protocols Supported TLV len=2 nlpids=[IPv4, IPv6] |>, <ISIS_DynamicHostnameTlv type=Dynamic Hostname TLV len=9 hostname='iTN8800-1' |>, <ISIS_IpInterfaceAddressTlv type=IP Interface Address TLV len=4 addresses=[3.3.1.1] |>, <ISIS_InternalIpReachabilityTlv type=IP Internal Reachability TLV len=24 entries=[<ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=2.2.1.0 subnetmask=255.255.255.0 |>, <ISIS_IpReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 ipaddress=1.1.1.0 subnetmask=255.255.255.0 |>] |>, <ISIS_Ipv6InterfaceAddressTlv type=IPv6 Interface Address TLV len=32 addresses=[ 3ffe::101:101, 3ffe::303:101 ] |>, <ISIS_Ipv6ReachabilityTlv type=IPv6 Reachability TLV len=42 pfxs=[<ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::101:100/120' |>, <ISIS_Ipv6Prefix metric=10 updown=0 external=0 subtlvindicator=0 reserved=0 pfxlen=120 pfx='3ffe::303:100/120' |>] |>, <ISIS_IsReachabilityTlv type=IS Reachability TLV len=23 virtual=0 neighbours=[<ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0101.0101.0101.01' |>, <ISIS_IsReachabilityEntry defmetric=10 delmetric=128 expmetric=128 errmetric=128 neighbourid='0000.0000.0001.02' |>] |>] |<Padding load='\xc4\xa7\xa7|' |>>>>>
阅读全文
1 0
- python2.7的scapy安装以及报文分析
- 在windows和Python2.7下,安装Scapy
- 安装python2.7以及fabric
- centos安装更新Python2.7以及pip的安装
- centos安装更新Python2.7以及pip的安装
- PPTP 理解以及报文的分析
- PPTP 理解以及报文的分析
- PPTP 理解以及报文的分析
- Scapy畸形报文攻击
- scapy学习icmp报文
- Windows7-64位python2.7、NumPy以及matplotlib的安装
- python2.7安装--以及各种插件安装
- python 网络报文模拟和端口扫描库 scapy的使用
- 用scapy解析出pcap文件的http报文
- scapy安装及SCTP包分析
- Win10安装Python2.7以及PyCharm教程
- win10安装python2.7以及pip9.0.1
- scapy安装
- python的numpy包使用
- 切忌!不要用int和sizeof()返回的无符号类型比较
- C++ 写文件及读取文件内容
- Jetson tx2 性能模式工具 nvpmodel
- 有些路啊,只能一个人慢慢地走
- python2.7的scapy安装以及报文分析
- 跟我一起学习VIM
- 【Netty4 简单项目实践】十一、用Netty分发mpegts到websocket接口
- python 每天如何定时启动爬虫任务
- LeetCode 123. Best Time to Buy and Sell Stock III
- 第三周2
- 使用IDEA将项目打成Jar包
- SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow
- Android版本更新下载提示对话框
