Scapy:IPv6数据包作为原始数据包接收

时间:2015-10-02 18:50:28

标签: ipv6 scapy

我正在尝试为IPv6建立TCP握手。发送SYN包。在接口接收SYN / ACK。

我收到了收到的数据包的hexdump以及pkt.show()。我得到了以下输出:

hexdump(pkt)
    0000   00 30 48 FA 2C 4D 64 64  9B 75 60 01 81 00 00 01   .0H.,Mdd.u`.....
    0010   81 00 00 01 88 64 11 00  00 01 00 42 00 57 60 00   .....d.....B.W`.
    0020   00 00 00 18 06 40 20 11  00 01 00 00 00 00 00 00   .....@ .........
    0030   00 00 00 00 00 01 20 11  00 01 00 00 00 00 00 00   ...... .........
    0040   00 00 00 00 00 02 00 50  A1 F0 00 00 00 01 00 00   .......P........
    0050   00 01 60 12 FF FE B5 CA  00 00 02 04 05 98         ..`...........

    pkt.show()
    ###[ Ethernet ]###
      dst       = 00:30:48:fa:2c:4d
      src       = 64:64:9b:75:60:01
      type      = 0x8100
    ###[ 802.1Q ]###
     prio      = 0L
     id        = 0L
     vlan      = 1L
     type      = 0x8100
    ###[ 802.1Q ]###
        prio      = 0L
        id        = 0L
        vlan      = 1L
        type      = 0x8864
    ###[ PPP over Ethernet ]###
           version   = 1L
           type      = 1L
           code      = Session
           sessionid = 0x1
           len       = 66
    ###[ PPP Link Layer ]###
              proto     = Internet Protocol version 6 [Hinden]
    ###[ Raw ]###
                 load      = '`\x00\x00\x00\x00\x18\x06@   \x11\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x11\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00P\xa1\xf0\x00\x00\x00\x01\x00\x00\x00\x01`\x12\xff\xfe\xb5\xca\x00\x00\x02\x04\x05\x98'

为什么IPv6数据包会以原始数据包形式出现?

1 个答案:

答案 0 :(得分:3)

这看起来像是Scapy中的一个错误,可能是在PPP发布者中。下面是一些诊断和解决方法。

我们可以通过以下方式重现您的错误:

import binascii

input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")

from scapy.all import Ether

pkt1=Ether(input)

# Stops at "RAW" after PPP transport
pkt1.show()

如果我们更进一步并检查Raw层,它看起来像一个真正的IPv6数据包。我们可以通过以下方式使用scapy来验证这一点:

import binascii

input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")

from scapy.all import Ether, IPv6, Raw

pkt1=Ether(input)

# Check the rest of the parsing makes sense:
pkt2=IPv6(pkt1[Raw].load)

# Pkt2 is just the IPv6 bit now
pkt2.show()

最后,我们可以将其用于逻辑结论,并使用它来生成包含所有正确图层的Scapy数据包:

import binascii

input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")

from scapy.all import Ether, IPv6, Raw

pkt1=Ether(input)
pkt2=IPv6(pkt1[Raw].load)

del pkt1[Raw]
pkt1=(pkt1/pkt2)
pkt1.show()

然后给我们:

###[ Ethernet ]###
  dst       = 00:30:48:fa:2c:4d
  src       = 64:64:9b:75:60:01
  type      = n_802_1Q
###[ 802.1Q ]###
     prio      = 0L
     id        = 0L
     vlan      = 1L
     type      = n_802_1Q
###[ 802.1Q ]###
        prio      = 0L
        id        = 0L
        vlan      = 1L
        type      = PPP_SES
###[ PPP over Ethernet ]###
           version   = 1L
           type      = 1L
           code      = Session
           sessionid = 0x1
           len       = 66
###[ PPP Link Layer ]###
              proto     = Internet Protocol version 6 [Hinden]
###[ IPv6 ]###
                 version   = 6L
                 tc        = 0L
                 fl        = 0L
                 plen      = 24
                 nh        = TCP
                 hlim      = 64
                 src       = 2011:1::1
                 dst       = 2011:1::2
###[ TCP ]###
                    sport     = http
                    dport     = 41456
                    seq       = 1
                    ack       = 1
                    dataofs   = 6L
                    reserved  = 0L
                    flags     = SA
                    window    = 65534
                    chksum    = 0xb5ca
                    urgptr    = 0
                    options   = [('MSS', 1432)]

更好的解决方法是告诉Scapy关于层本身之间的关系,使用以下内容:

import binascii

input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")

from scapy.all import Ether, IPv6, PPP, bind_layers

bind_layers( PPP,           IPv6,            proto=0x0057)

# Now works correctly out the box
pkt1=Ether(input)
pkt1.show()

如果你想写一个合适的补丁,这个对bind_layers的调用应该在scapy / layers / ppp.py中。