1. 演示ls()/lsc()用法:
##Exec1.pyfrom scapy.all import *## 列出scapy支持的命令
def ListScapyCmd():lsc()## 列出指定协议的各个字段, 用于构成packet
def ListProtocolField(protoclName):ls(protoclName)if __name__ == "__main__":print("\nexample of lsc()\n")ListScapyCmd()print("\nexample of ls()\n")ListProtocolField(TCP)
输出:
2.Scapy "/" 符号生成数据包, sr/send发送3层包. srp/sendp发送2层包.
## Exec2.pyfrom scapy.all import *ifaceName = 'VMware Network Adapter VMnet8'
dstIP = '192.168.70.134'
dstMac = '00:0C:29:FB:48:0A'
srcIP = '192.168.70.1'
srcMac = '00:50:56:C0:00:08'def ARPPacket():## 构造以太网层etherLayer = Ether(dst=dstMac)## 构造ARP-echo包arpLayer = ARP(hwtype=1,ptype=0x800,hwsrc=srcMac,psrc=srcIP,hwdst=dstMac,pdst=dstIP)arpRequest = etherLayer/arpLayer## use sendp to send level 2 packet## 二层包需要用sendp发送sendp(arpRequest, iface=ifaceName, loop=200)def ICMPPacket():ipLayer = IP(dst=dstIP)## 模仿nmap -PP command, 构造ICMP包icmpTimestampRequest = ICMP(type=13,code=0) ## ICMP, timestamp request## 模仿nmap -PM commandicmpMacRequest = ICMP(type=17,code=0) ## ICMP, Mac address request## 模仿nmap -PE commandicmpEchoRequest = ICMP(type=8,code=0) ## ICMP, echo requestfor i in range(500): pack = ipLayer/icmpTimestampRequestsend(pack,iface=ifaceName)pack = ipLayer/icmpMacRequestsend(pack,iface=ifaceName)pack = ipLayer/icmpEchoRequest## use sendp to send level 3 packetsend(pack,iface=ifaceName)def TCPPacket():ipLayer = IP(dst=dstIP, src=srcIP)tcpLayer = TCP(dport=[22,23,80,443,8080])pack = ipLayer/tcpLayersr1(pack,iface=ifaceName,timeout=3)def TCPPacketFlags():## 构造IP层ipLayer = IP(dst=dstIP, src=srcIP)## 构造TCP层, 向192.168.70.134:22,23,80,443,8080 5个端口发送TCP reset包(flags=RST)tcpLayer = TCP(dport=[22,23,80,443,8080],flags="R")## 构造包pack = ipLayer/tcpLayersr1(pack,iface=ifaceName,timeout=3)if __name__ == "__main__":TCPPacket()TCPPacketFlags()ICMPPacket()ARPPacket()
Wireshark输出:
3.Scapy+PyShark实时抓包/TCPReplay. Scapy.sniff函数无法用display filter, 只能用PyShark代替. Scapy读取/重放 PyShark生成的pcap文件
## Exec3.pyfrom scapy.all import *
from pyshark import *## live capture and file captureifaceName = 'VMware Network Adapter VMnet8'
path2tshark = 'C:\\Program Files\\Wireshark\\tshark.exe'
path2pCapFile = 'C:\\Users\\Eugene\\Desktop\\studio\\scapyMod\\1.pcap'## scapy.sniff只能应用wireshark capture-filter,不能应用wireshark display-filter, 抓特定类型的packet需要通过pyshark中转.
## pyshark.LiveCapture一定要指定tshark_path(ex:C:\Program Files\Wireshark\tshark.exe)
## pyshark.LiveCapture.output_file指定pcap保存路径, 供scapy模块rdpcap/wrpcap使用
def PysharkLiveCapture():capObj = LiveCapture(interface=ifaceName,display_filter = "",bpf_filter = "",tshark_path = path2tshark,output_file = path2pCapFile)capObj.sniff(timeout=120)def HandleLiveCapture():capturedPacks = rdpcap(path2pCapFile)for pack in capturedPacks:try:## 用haslayer判断是否为IP包if pack.haslayer(IP) == True:print("pack.SrcIP: "+pack[IP].src+"\tpack.DstIp: "+pack[IP].dst)## 用haslayer判断是否为ICMP包if pack.haslayer(ICMP) == True:## 解析ICMP包中的各个字段print("pack[ICMP].type:"+str(pack[ICMP].type)+" pack[ICMP].code:"+str(pack[ICMP].code))except:print("exception")if __name__ == "__main__":## PysharkLiveCapture()HandleLiveCapture()