Linux-Python-Scapy的TCP扫描
标签:ScapyTCP扫描
>> i=IP()>> t=TCP()>> i.dst=‘10.202.32.0/24‘/连续地址段>> t.sport=8888>> t.dport=[3389,80,21,22,23,443,445,137,138,139]/(1,1024)[]表示多个端口,()表示连续端口>> repose=(i/t)>> repose=(i/t)>> t.flags=‘S‘/产生标志位也可以写数据例如ACK写16
从下到上FIN—SYN—RST—PSH—ACK—URG1 2 4 8 16 32
>> ans,unans=sr(respose)> ans.show()0000 IP / TCP 192.168.80.250:8888 > 10.202.32.1:ssh S ==> IP / TCP 10.202.32.1:ssh > 192.168.80.250:8888 SA / Padding0001 IP / TCP 192.168.80.250:8888 > 10.202.32.74:microsoft_ds S ==> IP / TCP 10.202.32.74:microsoft_ds > 192.168.80.250:8888 SA / Padding0002 IP / TCP 192.168.80.250:8888 > 10.202.32.74:netbios_ns S ==> IP / TCP 10.202.32.74:netbios_ns > 192.168.80.250:8888 RA / Padding0003 IP / TCP 192.168.80.250:8888 > 10.202.32.74:netbios_ssn S ==> IP / TCP 10.202.32.74:netbios_ssn > 192.168.80.250:8888 SA / Padding对数据进行监控:>> sniff(iface="eth0",prn=lambda x:x.show() )对数据进行查看处理:ans.summary( lambda(s,r): r.sprintf("%IP.src% \\t %TCP.sport% \\t %TCP.flags%") )10.200.230.1 ssh SA10.200.230.11 3389 SA10.200.230.11 loc_srv SA10.200.230.11 microsoft_ds SA10.200.230.12 3389 SA10.200.230.12 https SA10.200.230.40 3389 SA10.200.230.41 3389 SA10.200.230.42 loc_srv SA10.200.230.42 microsoft_ds SA10.200.230.50 3389 SA二、TCP ACK 扫描;>> i=IP()>> i.dst=‘10.200.193.0/24‘>> t=TCP()>> t.flags=‘A‘>> t.sport=9999>> t.dport=[3389,21,22,23,80,443]>> respose=(i/t)ans,unans=sr(respose)>> ans.show()0000 IP / TCP 192.168.80.250:9999 > 10.200.193.0:3389 A ==> IP / TCP 10.200.193.0:3389 > 192.168.80.250:9999 R / Padding0001 IP / TCP 192.168.80.250:9999 > 10.200.193.0:ftp A ==> IP / TCP 10.200.193.0:ftp > 192.168.80.250:9999 R / Padding0002 IP / TCP 192.168.80.250:9999 > 10.200.193.0:ssh A ==> IP / TCP 10.200.193.0:ssh > 192.168.80.250:9999 R / Padding