Scapy 发送探测请求并接收探测响应

Posted

技术标签:

【中文标题】Scapy 发送探测请求并接收探测响应【英文标题】:Scapy send probe request and receive probe response 【发布时间】:2017-02-02 18:18:39 【问题描述】:

我正在尝试发送 802.11 探测请求并接收探测响应。但结果并不好。

这是我的发送帧部分,我在python中使用Scapy

  class Scapy80211(): 
    def  __init__(self,intf='wlan0',ssid='test',\
          source='00:00:de:ad:be:ef',\
          bssid='00:11:22:33:44:55',srcip='10.10.10.10'):
    self.rates = "\x03\x12\x96\x18\x24\x30\x48\x60"
    self.ssid    = ssid
    self.source  = source
    self.srcip   = srcip
    self.bssid   = bssid
    self.intf    = intf
    self.intfmon = intf + 'mon'

    def ProbeReq(self,count=10,ssid='',dst='ff:ff:ff:ff:ff:ff', fc=0):
      if not ssid: ssid=self.ssid
      param = Dot11ProbeReq()
      essid = Dot11Elt(ID='SSID',info=ssid)
      rates  = Dot11Elt(ID='Rates',info=self.rates)
      dsset = Dot11Elt(ID='DSset',info='\x01')
      pkt = RadioTap()\
        /Dot11(type=0,subtype=4,FCfield=fc,addr1=dst,addr2=self.source,addr3=self.bssid)\
        /param/essid/rates/dsset

      print '[*] 802.11 Probe Request: SSID=[%s], count=%d' % (ssid,count)
      try:
        sendp(pkt,count=count,inter=0.1,verbose=1)
      except:
        raise

ssid = 'aa' #This is the AP I want to interact with
sdot11 = Scapy80211(intf='mon0')
sdot11.ProbeReq(ssid=ssid)
sniff(count=10, timeout=5, prn=PacketHandler, filter="type mgt subtype probe-resp")

我运行代码20次,有一次可以得到结果。

另外,结果也有点奇怪,当我能收到回复的时候,我经常收到很多。

那么,谁能帮帮我?您通常如何进行发送和接收工作?

我已将代码更改为srp()。我删除了 sniff() 语句并将 sendp() 替换为 srp()。这是我的结果,我对此感到很困惑。 

[*] 802.11 Probe Request: SSID=[aa], count=10
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.

Received 0 packets, got 0 answers, remaining 1 packets
[*] 802.11 Probe Request: SSID=[aa], count=10
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.
Begin emission:
Finished to send 1 packets.

Received 12 packets, got 0 answers, remaining 1 packets

我想从 aa 接收探测响应帧,我向其发送探测请求。

所以结果是没有答案?而且我不确定这是否与我没有填写正确的参数(如 SSID、source、bssid)有关。我应该把目的地从“ff:ff:ff:ff:ff:ff”改成aa的MAC地址吗?

【问题讨论】:

【参考方案1】:

除非我错了,否则您将发送您的探测,然后嗅探响应。如果一个答案到达,它很可能同时到达。

您可能应该使用srp() 函数来完成发送帧和匹配答案的工作。

【讨论】:

是的,这正是我所做的。我已将我的代码更改为srp(),我发布了结果和我的不确定性。你能帮忙看看吗?【参考方案2】:

试试你的代码: 如果不是 ssid:ssid = self.ssid 而不是: 如果 ssid != "":ssid = self.ssid

希望对你有帮助!

【讨论】:

以上是关于Scapy 发送探测请求并接收探测响应的主要内容,如果未能解决你的问题,请参考以下文章

确定服务器是否支持resume get request

ARP探测目标工具arping常用命令集合大学霸IT达人

ARP探测目标工具arping常用命令集合大学霸IT达人

ARP探测目标工具arping常用命令集合大学霸IT达人

主机IP地址探测-ICMP_Scapy

为啥在有探测响应时需要 Beacon