我是scapy的新手,我正在尝试使用sr和sr1函数来了解他们的工作原理。
我正在尝试制作以下数据包,我发现它已经发送了1个数据包,但它表示它已经收到了581个数据包。有人可以帮我理解为什么它会收到这么多包。
收到1373个数据包,得到0个答案,剩下1个数据包
>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)
我的TCPDump输出未显示它收到了这么多数据包。
答案 0 :(得分:8)
sr()和sr1()函数将发送数据包,并在sr()的情况下在网络上侦听相应的答案,sr1()将只等待一个答案
收到但未回答的数据包是Scapy在查找对原始数据包的响应时嗅探的数据包。我不确定如何使用tcpdump进行嗅探同时使用Scapy会影响您的结果 - 不确定内核将数据包传递给哪个进程。
以下是来自thePacketGeek的Sending and Receiving with Scapy的优秀教程。
还要确保在解释器中使用各种Scapy函数的__doc__属性来获取相关文档。
>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
>>>