-1

如何创建帧 icmp 我在 python 上标记格式错误的数据包

  1. 导入套接字、结构、uuid、子进程、fcntl、时间、随机

  2. 项目清单

from binascii import hexlify, unhexlify from datetime import datetime tarRed = raw_input('Ingrese nombre de Tarjeta de Red Utilizada:') subprocess.call(['ifconfig', tarRed, 'promisc']) pt = 0x0800 s = socket.socket( socket.AF_PACKET, socket.SOCK_RAW, socket.htons(pt)) s.bind((tarRed, pt)) #GETCheck def getchecksum(ip_header,size): cksum = 0 pointer = 0 while size > 1: cksum += int ((str("%02x" % (ip_header[pointer],)) + str("%02x" % (ip_header[pointer+1],))), 16) size -= 2 pointer += 2 #if size : #这说明了标头为奇数的情况 #cksum += int(ip_header[pointer]) cksum = (cksum >> 16) + (cksum & 0xffff) cksum += (cksum >>16) return (~cksum ) & 0xFFFF def _checksum(data):#计算头部总和 ip_header_sum = sum(struct.unpack_from("6H", data)) #加进位 ip_header_sum = (ip_header_sum & 0xFFFF) + (ip_header_sum >> 8 & 0xFFFF) ip_header_sum = ~ip_header_sum & 0xFFFF return ip_header_sum def i_checksum (checksum_packet): total = 0 num_words = len(checksum_packet) / 2 for chunk in struct.unpack("!%sH" % num_words, checksum_packet[0:num_words*2]): total += chunk if len(checksum_packet) % 2:总计 += ord(checksum_packet[-1]) << 总计 8 += 总计 >> 16 返回 (~total + 0xffff & 0xffff)0xFFFF) ip_header_sum = ~ip_header_sum & 0xFFFF return ip_header_sum def i_checksum(checksum_packet): total = 0 num_words = len(checksum_packet) / 2 for chunk in struct.unpack("!%sH" % num_words, checksum_packet[0:num_words*2] ): total += chunk if len(checksum_packet) % 2: total += ord(checksum_packet[-1]) << 8 total += total >> 16 return (~total + 0xffff & 0xffff)0xFFFF) ip_header_sum = ~ip_header_sum & 0xFFFF return ip_header_sum def i_checksum(checksum_packet): total = 0 num_words = len(checksum_packet) / 2 for chunk in struct.unpack("!%sH" % num_words, checksum_packet[0:num_words*2] ): total += chunk if len(checksum_packet) % 2: total += ord(checksum_packet[-1]) << 8 total += total >> 16 return (~total + 0xffff & 0xffff)16 个回报(〜总数 + 0xffff & 0xffff)16 个回报(〜总数 + 0xffff & 0xffff)

def checksum(source_string):    sum = 0     countTo =
(len(source_string)/2)*2    count = 0   while count<countTo:
            thisVal = ord(source_string[count + 1])*256 + ord(source_string[count])         sum = sum + thisVal         sum = sum &
0xffffffff
            count = count + 2   if countTo<len(source_string):      sum = sum + ord(source_string[len(source_string) - 1])      sum = sum &
0xffffffff  sum = (sum >> 16)  +  (sum & 0xffff)    sum = sum + (sum
>> 16)  answer = ~sum   answer = answer & 0xffff    #answer = answer >> 8 | (answer << 8 & 0xff00)  return answer def
checksuma(source_string):   sum = 0     countTo =
(len(source_string)/2)*2    count = 0   while count<countTo:
            thisVal = ord(source_string[count + 1])*256 + ord(source_string[count])         sum = sum + thisVal         sum = sum &
0xffffffff
            count = count + 2   if countTo<len(source_string):      sum = sum + ord(source_string[len(source_string) - 1])      sum = sum &
0xffffffff  sum = (sum >> 16)  +  (sum & 0xffff)    sum = sum + (sum
>> 16)  answer = ~sum   answer = answer & 0xffff    answer = answer >> 8 | (answer << 8 & 0xff00)   return answer def ultimo(str):
    csum = 0
    countTo = (len(str) / 2) * 2
    count = 0

    while count < countTo:
        thisVal = ord(str[count+1]) * 256 + ord(str[count])
        csum = csum + thisVal
        csum = csum & 0xffffffff
        count = count + 2

    if countTo < len(str):
        csum = csum + ord(str[len(str) - 1])
        csum = csum & 0xffffffff

    csum = (csum >> 16) + (csum & 0xffff)
    csum = csum + (csum >> 16)
    answer = ~csum
    answer = answer & 0xffff
    answer = answer >> 8 | (answer << 8 & 0xff00)
    return answer
#GETCheck
#MACs adst='ffffffffffff' mac_destino = unhexlify(adst) ma = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) info =
fcntl.ioctl(ma.fileno(), 0x8927,  struct.pack('256s', tarRed[:15]))
asrc = ''.join(['%02x:' % ord(char) for char in info[18:24]])[:-1]
sd = asrc.split(':') asrc = sd[0]+sd[1]+sd[2]+sd[3]+sd[4]+sd[5]
mac_origen = unhexlify(asrc)
#MACs cabEther = struct.pack('!6s6sh',mac_destino,mac_origen,pt)
#datosIP
#version = '4'
#IHL = '5' tipoServicio = unhexlify('00') longitudT = struct.pack('!BB',00,24) identificador = struct.pack('!BB',00,01)
flag_Pos = 0x4000 tiempoVida = 05 ptIP = unhexlify('01') SCC = 0
#IPs ip = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) ipO= str( socket.inet_ntoa(fcntl.ioctl(ip.fileno(),0x8915,struct.pack('256s',
tarRed[:15]))[20:24])) ipO1 = ipO.split('.') ipOr =
struct.pack("!BBBB",int(ipO1[0]),int(ipO1[1]),int(ipO1[2]),int(ipO1[3]))
ipD = raw_input('Ingrese la direccion IP destino:  ') ipD1 =
ipD.split('.') ipDest =
struct.pack("!BBBB",int(ipD1[0]),int(ipD1[1]),int(ipD1[2]),int(ipD1[3]))
#IPs
#datosIP cabIP = struct.pack('!1s1s2s2shB1sH4s4s',unhexlify('45'),tipoServicio,longitudT,identificador,flag_Pos,tiempoVida,ptIP,SCC,ipOr,ipDest)
SCC = checksum(cabIP) cabIP =
struct.pack('!1s1s2s2shB1sH4s4s',unhexlify('45'),tipoServicio,longitudT,identificador,flag_Pos,tiempoVida,ptIP,socket.htons(SCC),ipOr,ipDest)
#datosIcmp tipo = 8 codigo = 0x00 check = 0x0000 identificador = int((id(1) * random.random()) % 65535) secuencia = 0x0000
#datos = 'qwertyasdfghzxcvbn0102030405060708091011121314151617181920' datos =
1 * 'Q'
#datosIcmp cabIcmp = struct.pack('!bbHHh',tipo,0,0,identificador,1) my_checksum = ultimo(cabIcmp + datos) cabIcmp =
struct.pack('!bbHHh',tipo,0,socket.htons(my_checksum),identificador,1)
cabIcmp = cabIcmp + datos tiempo = datetime.now() print tiempo for i
in range(15):   s.send(cabEther + cabIP + cabIcmp,0)
4

1 回答 1

4

你的问题几乎无法理解。您似乎在询问如何创建 ICMP ECHO 数据包,因为您在列出的代码中创建的数据包被系统报告为格式错误。我将尝试回答为什么您的代码不起作用。

首先,您使用的套接字类型不正确。您需要类型 1,而不是 8。这可以通过第三个参数轻松完成:

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)

(请注意,您需要 root 或管理员权限才能进行此调用。)

其次,在创建套接字之后,您需要创建 ICMP 标头。ICMP 标头由以下结构组成:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                         REST OF HEADER                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

注意后四个字节“REST OF HEADER”。这第二组四个字节取决于前两个字节中的类型/代码。例如,如果 TYPE 为 0 且 CODE 为 0,则意味着您正在处理回显回复,因此,后四个字节将成为 2 字节标识符和 2 字节序列号字段,从偏移量 4 开始,如图所示,在偏移量 7 处结束:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |     Data ...
   +-+-+-+-+-

要创建此标头,我将使用类型 8,即回显请求结构(请注意,此创建中的字节 4-5 和 6-7 仅用于说明,通常这将是除零以外的不同值) :

icmp = struct.pack(">BBHHH", 8, 0, 0, 0, 0)

在这个头的初始创建中,校验和为零。我们现在需要的是实际计算校验和(使用此零值),然后使用此新校验和值重新创建标头:

icmp = struct.pack(">BBHHH", 8, 0, cksum(icmp), 0, 0)

但这是您的代码再次不正确的地方。的执行i_checksum()是错误的。要解决这个问题,我会留给你解决。校验和称为 1 的补码,网上有很多关于它的文章,以及实现它的 Linux 系统上的 C 代码。

一旦你有了标头及其正确的校验和(很重要,因为如果不正确,你的系统不会发送数据包),你只需将它发送到某个地方:

s.sendto(icmp, (SOME_REMOTE_HOST, 0))

然后收到回复(如果有):

s.recvfrom(1500)

(注意我选择了 1500 字节,因为那是 IP 帧的 MTU,因此回复不太可能比这更大,尽管这当然是可能的。)

在这一点上,您的代码完全失败- 仅仅是因为您没有执行最后两个步骤的代码,更不用说额外的代码来处理如何处理回复和标题字段的结构解析。

至于您定义的其他两个函数,它们很奇怪。其中一个似乎暗示它正在处理链路层字段——这在套接字上绝不是这种情况,因为套接字只处理 IP 层及更高层——而另一个似乎是试图计算校验和......尽管不正确(再次)。

简而言之,正如abarnert所暗示的,请澄清(并添加更多)代码和您的问题。

于 2014-03-17T16:38:17.133 回答