scapy新手。试图了解sr()
问题描述:
我是scapy的新手,我试图使用sr和sr1函数来理解它们的工作原理。scapy新手。试图了解sr()
我试图制作下面的数据包,我发现它已发送1个数据包,但它表示已收到581个数据包。有人可以帮我理解为什么它显示收到这么多的数据包。
收到1373包,得到0答案,剩下的1包
>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)
我tcpdump的输出并不表明它收到这么多的数据包。
答
sr()和sr1()函数将发送一个数据包并在网络上侦听相应的应答,在sr()的情况下,sr1()只会等待一个答案。
收到但没有答案的数据包是Scapy在寻找对原始数据包的响应时嗅探到的数据包。我不确定在使用Scapy的同时如何嗅探tcpdump会影响您的结果 - 不确定内核将数据包传递到哪个进程。
这是来自ThePacketGeek的Sending and Receiving with Scapy的优秀教程。
另外请确保在解释器中使用各种Scapy函数的__doc__属性来获取相关文档。
>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
>>>