def getTCPPacket(self): """ 构造TCP数据包 :return: """ try: ip_packet = IP() ip_packet.version = int(self.entries[8].get()) ip_packet.ihl = int(self.entries[9].get()) ip_packet.tos = int(self.entries[10].get()) ip_packet.id = int(self.entries[11].get()) # ip_packet.flags = int(self.entries[12].get()) ip_packet.frag = int(self.entries[13].get()) ip_packet.ttl = int(self.entries[14].get()) # ip_packet.chksum = self.entries[15].get() ip_packet.src = self.entries[16].get() ip_packet.dst = self.entries[17].get() tcp_packet = TCP() tcp_packet.sport = int(self.entries[0].get()) tcp_packet.dport = int(self.entries[1].get()) tcp_packet.seq = int(self.entries[2].get()) tcp_packet.ack = int(self.entries[3].get()) tcp_packet.dataofs = int(self.entries[4].get()) tcp_packet.flags = int(self.entries[5].get()) tcp_packet.window = int(self.entries[6].get()) # tcp_packet.chksum = self.entries[7].get() # scapy自动计算IP、TCP校验和 # 获得数据包的二进制值 pkg_raw = raw(ip_packet / tcp_packet) tcp_packet_raw = pkg_raw[20:] # 构造数据包,自动计算校验和 scapy_chksum_IP = IP(pkg_raw).chksum scapy_chksum_tcp = TCP(tcp_packet_raw).chksum print("scapy自动计算的TCP校验和为:%04x" % scapy_chksum_tcp) # 手动计算TCP校验和 tcp_packet.chksum = 0 packet = ip_packet / tcp_packet tcp_raw = raw(packet)[20:] self_chksum = in4_chksum(socket.IPPROTO_TCP, packet[IP], tcp_raw) print("手动计算的TCP校验和为:%04x" % self_chksum) if self_chksum == scapy_chksum_tcp: print("TCP验证和正确") else: print("TCP验证和不正确") tcp_packet.chksum = scapy_chksum_tcp self.entries[7].delete(0, END) self.entries[7].insert(0, hex(scapy_chksum_tcp)) self.entries[15].delete(0, END) self.entries[15].insert(0, hex(scapy_chksum_IP)) tcp_packet.show() self.resultText.insert('end', tcp_packet.summary() + '\n') self.resultText.insert('end', str(tcp_packet) + '\n') return Ether() / ip_packet / tcp_packet except Exception as e: print(e.with_traceback()) finally: pass
def getUDPPacket(self): """ 构造UDP数据包 :param self: :return: """ try: ip_packet = IP() ip_packet.version = int(self.entries[3].get()) ip_packet.ihl = int(self.entries[4].get()) ip_packet.tos = int(self.entries[5].get()) ip_packet.id = int(self.entries[6].get()) # ip_packet.flags = int(self.entries[7].get()) ip_packet.frag = int(self.entries[8].get()) ip_packet.ttl = int(self.entries[9].get()) # ip_packet.chksum = self.entries[10].get() ip_packet.src = self.entries[11].get() ip_packet.dst = self.entries[12].get() udp_packet = UDP() udp_packet.sport = int(self.entries[0].get()) udp_packet.dport = int(self.entries[1].get()) # udp_packet.chksum = int(self.entries[2].get()) # scapy自动计算IP、UDP校验和 # 获得数据包的二进制值 pkg_raw = raw(ip_packet / udp_packet) udp_packet_raw = pkg_raw[20:] # 构造数据包,自动计算校验和 scapy_chksum_IP = IP(pkg_raw).chksum scapy_chksum_udp = UDP(udp_packet_raw).chksum print("scapy自动计算的UDP校验和为:%04x" % scapy_chksum_udp) # 手动计算UDP校验和 udp_packet.chksum = 0 packet = ip_packet / udp_packet udp_raw = raw(packet)[20:] self_chksum = in4_chksum(socket.IPPROTO_UDP, packet[IP], udp_raw) print("手动计算的UDP校验和为:%04x" % self_chksum) if self_chksum == scapy_chksum_udp: print("UDP验证和正确") else: print("UDP验证和不正确") udp_packet.chksum = scapy_chksum_udp self.entries[2].delete(0, END) self.entries[2].insert(0, hex(scapy_chksum_udp)) self.entries[10].delete(0, END) self.entries[10].insert(0, hex(scapy_chksum_IP)) udp_packet.show() self.resultText.insert('end', udp_packet.summary() + '\n') self.resultText.insert('end', str(udp_packet) + '\n') return Ether() / ip_packet / udp_packet except Exception as e: print(e.with_traceback()) finally: pass
def getICMPPacket(self): """ 构造ICMP报文 :return: """ try: icmp_packet = IP() / ICMP() icmp_packet.version = int(self.entries[2].get()) icmp_packet.id = int(self.entries[3].get()) icmp_packet.flags = int(self.entries[4].get()) icmp_packet.frag = int(self.entries[5].get()) icmp_packet.ttl = int(self.entries[6].get()) # ip_packet.chksum = str(self.entries[7].get()) icmp_packet.src = str(self.entries[8].get()) icmp_packet.dst = str(self.entries[9].get()) icmp_packet.type = int(self.entries[0].get()) # icmp_packet.chksum = str(self.entries[1].get()) # 获得数据包的二进制值 pkg_raw = raw(icmp_packet) # 构造数据包,自动计算校验和 icmp_packet = IP(pkg_raw) # 去除数据包的IP首部,并构建ICMP对象,这样可以获得ICMP的校验和 pkg_icmp = pkg_raw[20:] pkg_icmp = ICMP(pkg_icmp) print("scapy自动计算的ICMP的校验和为:%04x" % pkg_icmp.chksum) self.entries[1].delete(0, END) self.entries[1].insert(0, hex(pkg_icmp.chksum)) self.entries[7].delete(0, END) self.entries[7].insert(0, hex(icmp_packet.chksum)) icmp_packet.show() self.resultText.insert('end', icmp_packet.summary() + '\n') self.resultText.insert('end', str(icmp_packet) + '\n') return Ether() / icmp_packet except Exception as e: print(e.with_traceback()) finally: pass
def test_map_t_pre_resolve(self): """MAP-T pre-resolve""" # Add a domain that maps from pg0 to pg1 map_dst = "2001:db8::/32" map_src = "1234:5678:90ab:cdef::/64" ip4_pfx = "192.168.0.0/24" tag = "MAP-T Test Domain." self.vapi.map_add_domain( ip6_prefix=map_dst, ip4_prefix=ip4_pfx, ip6_src=map_src, ea_bits_len=16, psid_offset=6, psid_length=4, mtu=1500, tag=tag, ) # Enable MAP-T on interfaces. self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg0.sw_if_index, is_translation=1) self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg1.sw_if_index, is_translation=1) # Enable pre-resolve option self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3", ip6_nh_address="4001::1", is_add=1) # Add a route to 4001::1 and expect the translated traffic to be # sent via that route next-hop. pre_res_route6 = VppIpRoute( self, "4001::1", 128, [VppRoutePath(self.pg1.remote_hosts[2].ip6, self.pg1.sw_if_index)], ) pre_res_route6.add_vpp_config() # Add a route to 10.1.2.3 and expect the "untranslated" traffic to be # sent via that route next-hop. pre_res_route4 = VppIpRoute( self, "10.1.2.3", 32, [VppRoutePath(self.pg0.remote_hosts[1].ip4, self.pg0.sw_if_index)], ) pre_res_route4.add_vpp_config() # Send an IPv4 packet that will be translated p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) p_ip4 = IP(src=self.pg0.remote_ip4, dst="192.168.0.1") payload = TCP(sport=0xABCD, dport=0xABCD) p4 = p_ether / p_ip4 / payload p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0", dst="2001:db8:1f0::c0a8:1:f") / payload) p6_translated.hlim -= 1 rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1) for p in rx: self.assertEqual(p[Ether].dst, self.pg1.remote_hosts[2].mac) self.validate(p[1], p6_translated) # Send back an IPv6 packet that will be "untranslated" p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6 = IPv6(src="2001:db8:1f0::c0a8:1:f", dst="1234:5678:90ab:cdef:ac:1001:200:0") p6 = p_ether6 / p_ip6 / payload p4_translated = IP(src="192.168.0.1", dst=self.pg0.remote_ip4) / payload p4_translated.id = 0 p4_translated.ttl -= 1 rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0) for p in rx: self.assertEqual(p[Ether].dst, self.pg0.remote_hosts[1].mac) self.validate(p[1], p4_translated) # Cleanup pre-resolve option self.vapi.map_param_add_del_pre_resolve(ip4_nh_address="10.1.2.3", ip6_nh_address="4001::1", is_add=0)
def test_map_t_ip6_psid(self): """MAP-T v6->v4 PSID validation""" # # Add a domain that maps from pg0 to pg1 # map_dst = "2001:db8::/32" map_src = "1234:5678:90ab:cdef::/64" ip4_pfx = "192.168.0.0/24" tag = "MAP-T Test Domain" self.vapi.map_add_domain( ip6_prefix=map_dst, ip4_prefix=ip4_pfx, ip6_src=map_src, ea_bits_len=16, psid_offset=6, psid_length=4, mtu=1500, tag=tag, ) # Enable MAP-T on interfaces. self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg0.sw_if_index, is_translation=1) self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg1.sw_if_index, is_translation=1) map_route = VppIpRoute( self, "2001:db8::", 32, [ VppRoutePath( self.pg1.remote_ip6, self.pg1.sw_if_index, proto=DpoProto.DPO_PROTO_IP6, ) ], ) map_route.add_vpp_config() p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6 = IPv6(src="2001:db8:1f0::c0a8:1:f", dst="1234:5678:90ab:cdef:ac:1001:200:0") # Send good IPv6 source port, ensure translated IPv4 received payload = TCP(sport=0xABCD, dport=80) p6 = p_ether6 / p_ip6 / payload p4_translated = IP(src="192.168.0.1", dst=self.pg0.remote_ip4) / payload p4_translated.id = 0 p4_translated.ttl -= 1 rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0) for p in rx: self.validate(p[1], p4_translated) # Send bad IPv6 source port, ensure translated IPv4 not received payload = TCP(sport=0xDCBA, dport=80) p6 = p_ether6 / p_ip6 / payload self.send_and_assert_no_replies(self.pg1, p6 * 1)
def test_map_t(self): """MAP-T""" # # Add a domain that maps from pg0 to pg1 # map_dst = "2001:db8::/32" map_src = "1234:5678:90ab:cdef::/64" ip4_pfx = "192.168.0.0/24" tag = "MAP-T Tag." self.vapi.map_add_domain( ip6_prefix=map_dst, ip4_prefix=ip4_pfx, ip6_src=map_src, ea_bits_len=16, psid_offset=6, psid_length=4, mtu=1500, tag=tag, ) # Enable MAP-T on interfaces. self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg0.sw_if_index, is_translation=1) self.vapi.map_if_enable_disable(is_enable=1, sw_if_index=self.pg1.sw_if_index, is_translation=1) # Ensure MAP doesn't steal all packets! v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) / UDP(sport=20000, dport=10000) / Raw(b"\xa5" * 100)) rx = self.send_and_expect(self.pg0, v4 * 1, self.pg0) v4_reply = v4[1] v4_reply.ttl -= 1 for p in rx: self.validate(p[1], v4_reply) # Ensure MAP doesn't steal all packets v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) / UDP(sport=20000, dport=10000) / Raw(b"\xa5" * 100)) rx = self.send_and_expect(self.pg1, v6 * 1, self.pg1) v6_reply = v6[1] v6_reply.hlim -= 1 for p in rx: self.validate(p[1], v6_reply) map_route = VppIpRoute( self, "2001:db8::", 32, [ VppRoutePath( self.pg1.remote_ip6, self.pg1.sw_if_index, proto=DpoProto.DPO_PROTO_IP6, ) ], ) map_route.add_vpp_config() # # Send a v4 packet that will be translated # p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) p_ip4 = IP(src=self.pg0.remote_ip4, dst="192.168.0.1") payload = TCP(sport=0xABCD, dport=0xABCD) p4 = p_ether / p_ip4 / payload p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0", dst="2001:db8:1f0::c0a8:1:f") / payload) p6_translated.hlim -= 1 rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1) for p in rx: self.validate(p[1], p6_translated) # Send back an IPv6 packet that will be "untranslated" p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6 = IPv6(src="2001:db8:1f0::c0a8:1:f", dst="1234:5678:90ab:cdef:ac:1001:200:0") p6 = p_ether6 / p_ip6 / payload p4_translated = IP(src="192.168.0.1", dst=self.pg0.remote_ip4) / payload p4_translated.id = 0 p4_translated.ttl -= 1 rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0) for p in rx: self.validate(p[1], p4_translated) # IPv4 TTL=0 ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst="192.168.0.1", ttl=0) p4 = p_ether / ip4_ttl_expired / payload icmp4_reply = ( IP(id=0, ttl=254, src=self.pg0.local_ip4, dst=self.pg0.remote_ip4) / ICMP(type="time-exceeded", code="ttl-zero-during-transit") / IP(src=self.pg0.remote_ip4, dst="192.168.0.1", ttl=0) / payload) rx = self.send_and_expect(self.pg0, p4 * 1, self.pg0) for p in rx: self.validate(p[1], icmp4_reply) # IPv4 TTL=1 ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst="192.168.0.1", ttl=1) p4 = p_ether / ip4_ttl_expired / payload icmp4_reply = ( IP(id=0, ttl=254, src=self.pg0.local_ip4, dst=self.pg0.remote_ip4) / ICMP(type="time-exceeded", code="ttl-zero-during-transit") / IP(src=self.pg0.remote_ip4, dst="192.168.0.1", ttl=1) / payload) rx = self.send_and_expect(self.pg0, p4 * 1, self.pg0) for p in rx: self.validate(p[1], icmp4_reply) # IPv6 Hop limit at BR ip6_hlim_expired = IPv6( hlim=1, src="2001:db8:1ab::c0a8:1:ab", dst="1234:5678:90ab:cdef:ac:1001:200:0", ) p6 = p_ether6 / ip6_hlim_expired / payload icmp6_reply = (IPv6( hlim=255, src=self.pg1.local_ip6, dst="2001:db8:1ab::c0a8:1:ab") / ICMPv6TimeExceeded(code=0) / IPv6( src="2001:db8:1ab::c0a8:1:ab", dst="1234:5678:90ab:cdef:ac:1001:200:0", hlim=1, ) / payload) rx = self.send_and_expect(self.pg1, p6 * 1, self.pg1) for p in rx: self.validate(p[1], icmp6_reply) # IPv6 Hop limit beyond BR ip6_hlim_expired = IPv6( hlim=0, src="2001:db8:1ab::c0a8:1:ab", dst="1234:5678:90ab:cdef:ac:1001:200:0", ) p6 = p_ether6 / ip6_hlim_expired / payload icmp6_reply = (IPv6( hlim=255, src=self.pg1.local_ip6, dst="2001:db8:1ab::c0a8:1:ab") / ICMPv6TimeExceeded(code=0) / IPv6( src="2001:db8:1ab::c0a8:1:ab", dst="1234:5678:90ab:cdef:ac:1001:200:0", hlim=0, ) / payload) rx = self.send_and_expect(self.pg1, p6 * 1, self.pg1) for p in rx: self.validate(p[1], icmp6_reply) # IPv4 Well-known port p_ip4 = IP(src=self.pg0.remote_ip4, dst="192.168.0.1") payload = UDP(sport=200, dport=200) p4 = p_ether / p_ip4 / payload self.send_and_assert_no_replies(self.pg0, p4 * 1) # IPv6 Well-known port payload = UDP(sport=200, dport=200) p6 = p_ether6 / p_ip6 / payload self.send_and_assert_no_replies(self.pg1, p6 * 1) # UDP packet fragmentation payload_len = 1453 payload = UDP(sport=40000, dport=4000) / self.payload(payload_len) p4 = p_ether / p_ip4 / payload self.pg_enable_capture() self.pg0.add_stream(p4) self.pg_start() rx = self.pg1.get_capture(2) p_ip6_translated = IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0", dst="2001:db8:1e0::c0a8:1:e") for p in rx: self.validate_frag6(p, p_ip6_translated) self.validate_frag_payload_len6(rx, UDP, payload_len) # UDP packet fragmentation send fragments payload_len = 1453 payload = UDP(sport=40000, dport=4000) / self.payload(payload_len) p4 = p_ether / p_ip4 / payload frags = fragment_rfc791(p4, fragsize=1000) self.pg_enable_capture() self.pg0.add_stream(frags) self.pg_start() rx = self.pg1.get_capture(2) for p in rx: self.validate_frag6(p, p_ip6_translated) self.validate_frag_payload_len6(rx, UDP, payload_len) # Send back an fragmented IPv6 UDP packet that will be "untranslated" payload = UDP(sport=4000, dport=40000) / self.payload(payload_len) p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6 = IPv6(src="2001:db8:1e0::c0a8:1:e", dst="1234:5678:90ab:cdef:ac:1001:200:0") p6 = p_ether6 / p_ip6 / payload frags6 = fragment_rfc8200(p6, identification=0xDCBA, fragsize=1000) p_ip4_translated = IP(src="192.168.0.1", dst=self.pg0.remote_ip4) p4_translated = p_ip4_translated / payload p4_translated.id = 0 p4_translated.ttl -= 1 self.pg_enable_capture() self.pg1.add_stream(frags6) self.pg_start() rx = self.pg0.get_capture(2) for p in rx: self.validate_frag4(p, p4_translated) self.validate_frag_payload_len4(rx, UDP, payload_len) # ICMP packet fragmentation payload = ICMP(id=6529) / self.payload(payload_len) p4 = p_ether / p_ip4 / payload self.pg_enable_capture() self.pg0.add_stream(p4) self.pg_start() rx = self.pg1.get_capture(2) p_ip6_translated = IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0", dst="2001:db8:160::c0a8:1:6") for p in rx: self.validate_frag6(p, p_ip6_translated) self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len) # ICMP packet fragmentation send fragments payload = ICMP(id=6529) / self.payload(payload_len) p4 = p_ether / p_ip4 / payload frags = fragment_rfc791(p4, fragsize=1000) self.pg_enable_capture() self.pg0.add_stream(frags) self.pg_start() rx = self.pg1.get_capture(2) for p in rx: self.validate_frag6(p, p_ip6_translated) self.validate_frag_payload_len6(rx, ICMPv6EchoRequest, payload_len) # TCP MSS clamping self.vapi.map_param_set_tcp(1300) # # Send a v4 TCP SYN packet that will be translated and MSS clamped # p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) p_ip4 = IP(src=self.pg0.remote_ip4, dst="192.168.0.1") payload = TCP(sport=0xABCD, dport=0xABCD, flags="S", options=[("MSS", 1460)]) p4 = p_ether / p_ip4 / payload p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0", dst="2001:db8:1f0::c0a8:1:f") / payload) p6_translated.hlim -= 1 p6_translated[TCP].options = [("MSS", 1300)] rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1) for p in rx: self.validate(p[1], p6_translated) # Send back an IPv6 packet that will be "untranslated" p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6 = IPv6(src="2001:db8:1f0::c0a8:1:f", dst="1234:5678:90ab:cdef:ac:1001:200:0") p6 = p_ether6 / p_ip6 / payload p4_translated = IP(src="192.168.0.1", dst=self.pg0.remote_ip4) / payload p4_translated.id = 0 p4_translated.ttl -= 1 p4_translated[TCP].options = [("MSS", 1300)] rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0) for p in rx: self.validate(p[1], p4_translated) # TCP MSS clamping cleanup self.vapi.map_param_set_tcp(0) # Enable icmp6 param to get back ICMPv6 unreachable messages in case # of security check fails self.vapi.map_param_set_icmp6(enable_unreachable=1) # Send back an IPv6 packet that will be droppped due to security # check fail p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) p_ip6_sec_check_fail = IPv6(src="2001:db8:1fe::c0a8:1:f", dst="1234:5678:90ab:cdef:ac:1001:200:0") payload = TCP(sport=0xABCD, dport=0xABCD) p6 = p_ether6 / p_ip6_sec_check_fail / payload self.pg_send(self.pg1, p6 * 1) self.pg0.get_capture(0, timeout=1) rx = self.pg1.get_capture(1) icmp6_reply = (IPv6( hlim=255, src=self.pg1.local_ip6, dst="2001:db8:1fe::c0a8:1:f") / ICMPv6DestUnreach(code=5) / p_ip6_sec_check_fail / payload) for p in rx: self.validate(p[1], icmp6_reply) # ICMPv6 unreachable messages cleanup self.vapi.map_param_set_icmp6(enable_unreachable=0)
#!/usr/bin/python3 from scapy.all import * # Construct IP header from scapy.layers.inet import IP #src="l49.127.74.171", ip = IP(src="49.127.74.171", dst="seanyiyi.com") ip.id = 1000 # Identification ip.frag = 0 # Offset of this IP fragment ip.flags = 1 # Flags # Construct UDP header udp = UDP(sport=7070, dport=9090, chksum=0) udp.len = 200 # This should be the combined length of all fragments # Construct payload payload = "A" * 72 # Put 80 bytes in the first fragment (72 byte from payload + 8byte udp header) # Construct the entire packet and send it out pkt = ip / udp / payload # For other fragments, we should use ip/payload send(pkt, verbose=0) pkt.show() #----------------------second fragment--------------------- print( "----------------------------------second fragment---------------------------------" ) ip.proto = 17 payload2 = "B" * 80 # 80 / 8 ip.frag = 10 pkt2 = ip / payload2 send(pkt2, verbose=0) pkt2.show()
#! /usr/bin/env python3 from scapy.all import * from scapy.layers.inet import IP,TCP out_ip = IP() # end of message flag eom = ord("!") * 256 # first ask source and destination addrs #out_ip.src = input("Source: ") #out_ip.dst = input("Destination: ") #loopback out_ip.src = "127.0.0.1" out_ip.dst ="127.0.0.1" ##### ENCODING # ask usr for message to encode msg = input("Message to send: ") # loop to encode message - multiply each char by 256 for letter in msg: encoded_letter = ord(letter) * 256 out_ip.id = encoded_letter # send packet! send(out_ip) # finally send eom out_ip.id = eom send(out_ip)
#!/usr/bin/python3 from scapy.all import * # Construct IP header from scapy.layers.inet import IP #src="l49.127.74.171", ip = IP(src="10.0.2.15", dst="10.0.2.9") for i in range(5000, 10000, 1): try: ip.id = i # Identification ip.frag = 0 # Offset of this IP fragment ip.flags = 1 # Flags # Construct UDP header udp = UDP(sport=i, dport=9090, chksum=0) udp.len = 200 # This should be the combined length of all fragments # Construct payload payload = "A" * 72 # Put 80 bytes in the first fragment (72 byte from payload + 8byte udp header) # Construct the entire packet and send it out pkt = ip / udp / payload # For other fragments, we should use ip/payload send(pkt, verbose=0) pkt.show() #----------------------second fragment--------------------- print( "----------------------------------second fragment---------------------------------" ) ip.proto = 17 payload2 = "B" * 80 # 80 / 8 ip.frag = 10 pkt2 = ip / payload2
weight=1) for j in range(len(list_of_network_addresses)): if j != 0: packet_ihl = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_tos = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_len = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_id = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_frag = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_ttl = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_proto = IP(dst=list_of_network_addresses[j]) / TCP(dport=22) packet_ihl.ihl = 18 packet_tos.tos = 18 packet_len.len = 18 packet_id.id = 18 packet_frag.frag = 18 packet_ttl.ttl = 18 packet_proto.proto = 18 answer_ihl = sr(packet_ihl, timeout=4) answer_tos = sr(packet_tos, timeout=4) answer_len = sr(packet_len, timeout=4) answer_id = sr(packet_id, timeout=4) answer_frag = sr(packet_frag, timeout=4) answer_ttl = sr(packet_ttl, timeout=4) answer_proto = sr(packet_proto, timeout=4) if len(answer_ihl[0]) != 0: if len( nx.dijkstra_path(graph_ihl, list_of_network_addresses[0],
def getIPPacket(self): """ 构造IP数据包 :return: """ # chksum = self.entries[9].get() try: eth = Ether() eth.src = self.entries[0].get() eth.dst = self.entries[1].get() eth.type = int(self.entries[2].get()) ip_packet = IP() ip_packet.versionion = int(self.entries[3].get()) ip_packet.ihl = int(self.entries[4].get()) ip_packet.tos = int(self.entries[5].get()) ip_packet.len = int(self.entries[6].get()) ip_packet.id = int(self.entries[7].get()) ip_packet.flags = int(self.entries[8].get()) ip_packet.frag = int(self.entries[9].get()) ip_packet.ttl = int(self.entries[10].get()) ip_packet.proto = int(self.entries[11].get()) payload = self.entries[16].get() ip_packet.src = self.entries[13].get() ip_packet.dst = self.entries[14].get() # 不含payload计算首部校验和 if payload == '': print("无payload的IP报文") ip_packet.show() checksum_scapy = IP(raw(ip_packet)).chksum # 自主计算验证IP首部检验和并进行填充 print("scapy自动计算的IP首部检验和是:%04x (%s)" % (checksum_scapy, str(checksum_scapy))) # 1.将IP首部和自动设置为0 ip_packet.chksum = 0 # 2.生成ip首部的数据字符串 x = raw(ip_packet) ipString = "".join("%02x" % orb(x) for x in x) # 3.将ip首部的数据字符串转换成字节数组 ipbytes = bytearray.fromhex(ipString) # 4.调用校验和计算函数计算校验和 checksum_self = self.IP_headchecksum(ipbytes) # 5.进行校验和验证 print("验证计算IP首部的检验和是:%04x (%s)" % (checksum_self, str(checksum_self))) # 含payload计算首部校验和 else: print("含有payload的IP报文") ip_packet = ip_packet / payload ip_packet.show() ip_packet.len = 20 + len(payload) checksum_scapy = IP(raw(ip_packet)).chksum print("scapy自动计算的IP首部检验和是:%04x (%s)" % (checksum_scapy, str(checksum_scapy))) ip_packet.chksum = 0 ip_packet.ihl = 5 print('\n 报文长度是:%s' % str(ip_packet.len)) x = raw(ip_packet) ipString = "".join("%02x" % orb(x) for x in x) ipbytes = bytearray.fromhex(ipString) checksum_self = self.IP_headchecksum(ipbytes[0:ip_packet.ihl * 4]) print("验证计算IP首部的检验和是:%04x (%s)" % (checksum_self, str(checksum_self))) if checksum_self == checksum_scapy: print("检验和正确") else: print("检验和不正确") ip_packet.chksum = checksum_self self.entries[12].delete(0, END) self.entries[12].insert(0, hex(ip_packet.chksum)) ip_packet.show() self.resultText.insert('end', ip_packet.summary() + '\n') self.resultText.insert('end', str(ip_packet) + '\n') return eth / ip_packet except Exception as e: print(e.with_traceback()) finally: pass