我正在玩 scapy,我正在尝试对操作系统进行指纹识别。所以我做了以下事情:
>>> load_module("p0f")
>>> pkts = sniff(iface="wlan0",count=1,filter="tcp")
>>> pkts
<Sniffed: TCP:1 UDP:0 ICMP:0 Other:0>
但是在打电话时p0f()我得到了一个错误:
>>> pkts[0]
<Ether dst=XX:XX:XX:XX:XX:XX src=XX:XX:XX:XX:XX:XX type=0x800 |<IP version=4L ihl=5L tos=0x0 len=60 id=54922 flags=DF frag=0L ttl=64 proto=tcp chksum=0xd51a src=XXX.XXX.XXX.XXX dst=XXX.XXX.XXX.XXX options=[] |<TCP sport=58370 dport=www seq=2898076075 ack=0 dataofs=10L reserved=0L flags=S window=14600 chksum=0xd450 urgptr=0 options=[('MSS', 1460), ('SAckOK', ''), ('Timestamp', (28571425, 0)), ('NOP', None), ('WScale', 7)] |>>>
>>> p0f(pkts[0])
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/scapy/modules/p0f.py", line 278, in p0f
d = p0f_correl(sig,b)
File "/usr/lib/python2.7/site-packages/scapy/modules/p0f.py", line 238, in p0f_correl
d += (y[1] >= x[1] and y[1] - x[1] < 32)
TypeError: unsupported operand type(s) for -: 'str' and 'int'
我不确定问题是什么。有任何想法吗?
- Scapy 是 2.2.0 版
- p0f.fp 数据库已安装 (p0f 3.0b)
[更新]
一些附加信息:
- pylibpcap-0.6.4
- libpcap 1.4.0-1
- Linux 3.9.8-1-ARCH x86_64
使用 p0f-2.0.8 的数据库产生:
>>> load_module("p0f")
>>> pkts = sniff(iface="wlan0", filter="tcp", count=1)
>>> pkts[0]
<Ether dst=XX:XX:XX:XX:XX:XX src=XX:XX:XX:XX:XX:XX type=0x800 |<IP version=4L ihl=5L tos=0x0 len=60 id=20361 flags=DF frag=0L ttl=64 proto=tcp chksum=0xf723 src=XXX.XXX.XXX.XXX dst=XXX.XXX.XXX.XXX options=[] |<TCP sport=59013 dport=www seq=4006166884 ack=0 dataofs=10L reserved=0L flags=S window=14600 chksum=0xf32f urgptr=0 options=[('MSS', 1460), ('SAckOK', ''), ('Timestamp', (29888237, 0)), ('NOP', None), ('WScale', 7)] |>>>
>>> p0f(pkts[0])
[]