关于scapy
Scapy的是一个强大的交互式数据包处理程序(使用python编写)。它能够伪造或者解码大量的网络协议数据包,能够发送、捕捉、匹配请求和回复包等等。它可以很容易地处理一些典型操作,比如端口扫描,tracerouting,探测,单元测试,攻击或网络发现(可替代hping,NMAP,arpspoof,ARP-SK,arping,tcpdump,tethereal,P0F等)。最重要的他还有很多更优秀的特性——发送无效数据帧、注入修改的802.11数据帧、在WEP上解码加密通道(VOIP)、ARP缓存攻击(VLAN)等,这也是其他工具无法处理完成的。
安装:
sudo apt-get install scapy
测试:
安装barefoot修改过的scapy(支持vxlan)
git clone git@github.com:Wasdns/scapy-vxlan.git
sudo python setup.py install
barefoot ReadMe
Barefoot modified scapy, which supports VXLAN. Waiting for VXLAN support to be
added to the main scapy repo.
This modified repo now also supports a ERSPAN-like header.
To install:
sudo python setup.py install
To check that the modifications work, open a scapy CLI (just type 'scapy' in a
terminal) and type the following:
Welcome to Scapy (2.2.0-dev)
>>> load_contrib('vxlan')
>>> Ether()/IP()/UDP()/VXLAN()/Ether()/IP()/TCP()
<Ether type=0x800 |<IP frag=0 proto=udp |<UDP dport=4789 |<VXLAN |<Ether
type=0x800 |<IP frag=0 proto=tcp |<TCP |>>>>>>>
>>> load_contrib('erspan')
>>> Ether()/IP()/GRE()/ERSPAN()/Ether()/IP()/TCP()
<Ether type=0x800 |<IP frag=0 proto=gre |<GRE proto=0x22eb |<ERSPAN |<Ether
type=0x800 |<IP frag=0 proto=tcp |<TCP |>>>>>>>
>>>
Note how the UDP dport and the GRE proto number are updated automatically.
测试结果
./run_scapy
2016/11/27