• scapy学习笔记(4)简单的sniffing 嗅探

    转载请注明:@小五义:http://www.cnblogs/xiaowuyi

          利用sniff命令进行简单的嗅探,可以抓到一些简单的包。当不指定接口时,将对每一个接口进行嗅探,当指定接口时,仅对该接口进行。

    如;

    >>> sniff(filter="icmp and host 61.135.169.125",count=2)

    结果:

    <Sniffed: TCP:0 UDP:0 ICMP:0 Other:0>

    再比如对ppp0端口的嗅探:

    >>> sniff(iface="ppp0",prn=lambda x:x.summary())

    此时浏览一下百度,结果如下:

    IP / UDP 27.214.219.76:53144 > 122.225.83.67:http / Raw
    IP / UDP / DNS Qry "suggestion.baidu.com."
    IP / UDP / DNS Qry "suggestion.baidu.com."
    IP / UDP / DNS Ans "suggestion.a.shifen.com."
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http S
    IP / UDP / DNS Ans "suggestion.a.shifen.com."
    IP / ICMP / IPerror / UDPerror / DNS Ans "suggestion.a.shifen.com."
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 SA
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw
    IP / UDP 122.225.83.67:http > 27.214.219.76:53144 / Raw
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http S
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 SA
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http PA / Raw
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 PA / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 61.135.169.125:http > 27.214.219.76:45639 PA / Raw
    IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http S
    IP / UDP / DNS Qry "t11.baidu.com."
    IP / UDP / DNS Qry "t12.baidu.com."
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http S
    IP / UDP / DNS Ans "image.jomodns.com."
    IP / TCP 27.214.219.76:49797 > 119.188.9.119:http S
    IP / TCP 27.214.219.76:49798 > 119.188.9.119:http S
    IP / TCP 27.214.219.76:49799 > 119.188.9.119:http S
    IP / UDP / DNS Ans "image.jomodns.com."
    IP / TCP 27.214.219.76:39103 > 119.188.9.118:http S
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 SA
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49797 SA
    IP / TCP 27.214.219.76:49797 > 119.188.9.119:http A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49798 SA
    IP / TCP 27.214.219.76:49798 > 119.188.9.119:http A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49799 SA
    IP / TCP 27.214.219.76:49799 > 119.188.9.119:http A
    IP / TCP 60.55.35.47:http > 27.214.219.76:55193 SA
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http PA / Raw
    IP / TCP 119.188.9.118:http > 27.214.219.76:39103 SA
    IP / TCP 27.214.219.76:39103 > 119.188.9.118:http A
    IP / TCP 60.55.35.47:http > 27.214.219.76:55193 A
    IP / TCP 60.55.35.47:http > 27.214.219.76:55193 PA / Raw
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http PA / Raw
    IP / TCP 27.214.219.76:49797 > 119.188.9.119:http PA / Raw
    IP / TCP 27.214.219.76:49798 > 119.188.9.119:http PA / Raw
    IP / TCP 27.214.219.76:49799 > 119.188.9.119:http PA / Raw
    IP / TCP 27.214.219.76:39103 > 119.188.9.118:http PA / Raw
    IP / TCP 27.214.219.76:38864 > 61.135.169.105:http S
    IP / UDP / DNS Qry "a.baidu.com."
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw
    IP / TCP 27.214.219.76:59062 > 119.188.9.40:http S
    IP / TCP 27.214.219.76:59063 > 119.188.9.40:http S
    IP / TCP 119.188.9.119:http > 27.214.219.76:49797 A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49797 PA / Raw
    IP / TCP 27.214.219.76:49797 > 119.188.9.119:http A
    IP / TCP 27.214.219.76:38867 > 61.135.169.105:http S
    IP / TCP 119.188.9.119:http > 27.214.219.76:49798 A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49798 PA / Raw
    IP / TCP 27.214.219.76:49798 > 119.188.9.119:http A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49799 A
    IP / TCP 119.188.9.119:http > 27.214.219.76:49799 PA / Raw
    IP / TCP 27.214.219.76:49799 > 119.188.9.119:http A
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw
    IP / TCP 27.214.219.76:50355 > 61.135.185.194:http S
    IP / UDP / DNS Qry "api.share.baidu.com."
    IP / TCP 119.188.9.118:http > 27.214.219.76:39103 A
    IP / TCP 119.188.9.118:http > 27.214.219.76:39103 PA / Raw
    IP / TCP 27.214.219.76:39103 > 119.188.9.118:http A
    IP / UDP / DNS Ans "asp.e.shifen.com."
    IP / TCP 60.55.35.47:http > 27.214.219.76:55193 PA / Raw
    IP / TCP 27.214.219.76:53605 > 123.125.114.38:http S
    IP / TCP 27.214.219.76:53606 > 123.125.114.38:http S
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http FA
    IP / TCP 61.135.169.105:http > 27.214.219.76:38864 SA
    IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A
    IP / TCP 27.214.219.76:38864 > 61.135.169.105:http PA / Raw
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw
    IP / TCP 119.188.9.40:http > 27.214.219.76:59062 SA
    IP / TCP 27.214.219.76:59062 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59063 SA
    IP / TCP 27.214.219.76:59063 > 119.188.9.40:http A
    IP / TCP 61.135.169.105:http > 27.214.219.76:38867 SA
    IP / TCP 27.214.219.76:38867 > 61.135.169.105:http A
    IP / UDP / DNS Ans "api.share.n.shifen.com."
    IP / TCP 27.214.219.76:47655 > 61.135.162.115:http S
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw
    IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A
    IP / TCP 61.135.185.194:http > 27.214.219.76:50355 SA
    IP / TCP 27.214.219.76:50355 > 61.135.185.194:http A
    IP / TCP 27.214.219.76:50355 > 61.135.185.194:http PA / Raw
    IP / TCP 123.125.114.38:http > 27.214.219.76:53605 SA
    IP / TCP 27.214.219.76:53605 > 123.125.114.38:http A
    IP / TCP 27.214.219.76:53605 > 123.125.114.38:http PA / Raw
    IP / TCP 123.125.114.38:http > 27.214.219.76:53606 SA
    IP / TCP 27.214.219.76:53606 > 123.125.114.38:http A
    IP / TCP 61.135.169.105:http > 27.214.219.76:38864 A
    IP / TCP 61.135.169.105:http > 27.214.219.76:38864 PA / Raw
    IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A
    IP / TCP 61.135.169.105:http > 27.214.219.76:38864 PA / Raw
    IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 61.135.162.115:http > 27.214.219.76:47655 SA
    IP / TCP 27.214.219.76:47655 > 61.135.162.115:http A
    IP / TCP 27.214.219.76:47655 > 61.135.162.115:http PA / Raw
    IP / TCP 60.55.35.47:http > 27.214.219.76:55193 FA
    IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A
    IP / TCP 61.135.185.194:http > 27.214.219.76:50355 A
    IP / TCP 61.135.185.194:http > 27.214.219.76:50355 PA / Raw
    IP / TCP 27.214.219.76:50355 > 61.135.185.194:http A
    IP / TCP 123.125.114.38:http > 27.214.219.76:53605 A
    IP / TCP 123.125.114.38:http > 27.214.219.76:53605 PA / Raw
    IP / TCP 27.214.219.76:53605 > 123.125.114.38:http A
    IP / TCP 61.135.162.115:http > 27.214.219.76:47655 A
    IP / TCP 61.135.162.115:http > 27.214.219.76:47655 PA / Raw
    IP / TCP 27.214.219.76:47655 > 61.135.162.115:http A
    IP / UDP / DNS Qry "sclick.baidu.com."
    IP / UDP / DNS Qry "c.baidu.com."
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw
    IP / UDP / DNS Ans "s.a.shifen.com."
    IP / TCP 27.214.219.76:47154 > 123.125.115.95:http S
    IP / UDP / DNS Ans "c.e.shifen.com."
    IP / TCP 27.214.219.76:56976 > 123.125.114.64:http S
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    IP / TCP 27.214.219.76:56977 > 123.125.114.64:http S
    IP / TCP 27.214.219.76:47157 > 123.125.115.95:http S
    IP / TCP 123.125.115.95:http > 27.214.219.76:47154 SA
    IP / TCP 27.214.219.76:47154 > 123.125.115.95:http A
    IP / TCP 27.214.219.76:47154 > 123.125.115.95:http PA / Raw
    IP / TCP 123.125.114.64:http > 27.214.219.76:56976 SA
    IP / TCP 27.214.219.76:56976 > 123.125.114.64:http A
    IP / TCP 27.214.219.76:56976 > 123.125.114.64:http PA / Raw
    IP / TCP 123.125.114.64:http > 27.214.219.76:56977 SA
    IP / TCP 27.214.219.76:56977 > 123.125.114.64:http A
    IP / TCP 123.125.115.95:http > 27.214.219.76:47157 SA
    IP / TCP 27.214.219.76:47157 > 123.125.115.95:http A
    IP / TCP 123.125.115.95:http > 27.214.219.76:47154 A
    IP / TCP 123.125.115.95:http > 27.214.219.76:47154 PA / Raw
    IP / TCP 27.214.219.76:47154 > 123.125.115.95:http A
    IP / TCP 123.125.115.95:http > 27.214.219.76:47154 FA
    IP / TCP 27.214.219.76:47154 > 123.125.115.95:http FA
    IP / TCP 123.125.114.64:http > 27.214.219.76:56976 A
    IP / TCP 123.125.114.64:http > 27.214.219.76:56976 PA / Raw
    IP / TCP 27.214.219.76:56976 > 123.125.114.64:http A
    IP / TCP 123.125.114.64:http > 27.214.219.76:56976 FA
    IP / TCP 27.214.219.76:56976 > 123.125.114.64:http FA
    IP / UDP / DNS Qry "trust.baidu.com."
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw
    IP / TCP 123.125.115.95:http > 27.214.219.76:47154 A
    IP / UDP / DNS Ans "trust.e.shifen.com."
    IP / TCP 123.125.114.64:http > 27.214.219.76:56976 A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A
    IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw
    IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A
    ^C<Sniffed: TCP:208 UDP:20 ICMP:1 Other:0>

    也要以用show()来显示:

    >>> sniff(iface="ppp0",prn=lambda x:x.show())

    部分结果:

    ###[ IP ]###
      version= 4L
      ihl= 5L
      tos= 0x0
      len= 40
      id= 52068
      flags= DF
      frag= 0L
      ttl= 64
      proto= tcp
      chksum= 0x8151
      src= 27.214.219.76
      dst= 61.135.185.112
      options
    ###[ TCP ]###
         sport= 59617
         dport= http
         seq= 3932617191L
         ack= 411565738
         dataofs= 5L
         reserved= 0L
         flags= FA
         window= 182
         chksum= 0xee34
         urgptr= 0
         options= {}
    ^C<Sniffed: TCP:1 UDP:0 ICMP:0 Other:0>
  • 相关阅读:
    java 获取文本一行一行读
    postman 测试api接口
    MariaDB 默认是禁止远程访问的 我们改掉它
    mysql 查询近三个月数据
    Springboot配置拦截器
    springboot 基于@Scheduled注解 实现定时任务
    springboot 配置访问本地图片
    springboot上传文件大小限制的配置
    vue中toggle切换的3种写法
    vue怎么给自定义组件绑定原生事件
  • 原文地址:https://www.cnblogs.com/xiaowuyi/p/3342460.html
Copyright © 2020-2023  润新知