我正在尝试为IPv6建立TCP握手。发送SYN包。在接口接收SYN / ACK。
我收到了收到的数据包的hexdump以及pkt.show()。我得到了以下输出:
hexdump(pkt)
0000 00 30 48 FA 2C 4D 64 64 9B 75 60 01 81 00 00 01 .0H.,Mdd.u`.....
0010 81 00 00 01 88 64 11 00 00 01 00 42 00 57 60 00 .....d.....B.W`.
0020 00 00 00 18 06 40 20 11 00 01 00 00 00 00 00 00 .....@ .........
0030 00 00 00 00 00 01 20 11 00 01 00 00 00 00 00 00 ...... .........
0040 00 00 00 00 00 02 00 50 A1 F0 00 00 00 01 00 00 .......P........
0050 00 01 60 12 FF FE B5 CA 00 00 02 04 05 98 ..`...........
pkt.show()
###[ Ethernet ]###
dst = 00:30:48:fa:2c:4d
src = 64:64:9b:75:60:01
type = 0x8100
###[ 802.1Q ]###
prio = 0L
id = 0L
vlan = 1L
type = 0x8100
###[ 802.1Q ]###
prio = 0L
id = 0L
vlan = 1L
type = 0x8864
###[ PPP over Ethernet ]###
version = 1L
type = 1L
code = Session
sessionid = 0x1
len = 66
###[ PPP Link Layer ]###
proto = Internet Protocol version 6 [Hinden]
###[ Raw ]###
load = '`\x00\x00\x00\x00\x18\x06@ \x11\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x11\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00P\xa1\xf0\x00\x00\x00\x01\x00\x00\x00\x01`\x12\xff\xfe\xb5\xca\x00\x00\x02\x04\x05\x98'
为什么IPv6数据包会以原始数据包形式出现?
答案 0 :(得分:3)
这看起来像是Scapy中的一个错误,可能是在PPP发布者中。下面是一些诊断和解决方法。
我们可以通过以下方式重现您的错误:
import binascii
input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")
from scapy.all import Ether
pkt1=Ether(input)
# Stops at "RAW" after PPP transport
pkt1.show()
如果我们更进一步并检查Raw层,它看起来像一个真正的IPv6数据包。我们可以通过以下方式使用scapy来验证这一点:
import binascii
input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")
from scapy.all import Ether, IPv6, Raw
pkt1=Ether(input)
# Check the rest of the parsing makes sense:
pkt2=IPv6(pkt1[Raw].load)
# Pkt2 is just the IPv6 bit now
pkt2.show()
最后,我们可以将其用于逻辑结论,并使用它来生成包含所有正确图层的Scapy数据包:
import binascii
input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")
from scapy.all import Ether, IPv6, Raw
pkt1=Ether(input)
pkt2=IPv6(pkt1[Raw].load)
del pkt1[Raw]
pkt1=(pkt1/pkt2)
pkt1.show()
然后给我们:
###[ Ethernet ]###
dst = 00:30:48:fa:2c:4d
src = 64:64:9b:75:60:01
type = n_802_1Q
###[ 802.1Q ]###
prio = 0L
id = 0L
vlan = 1L
type = n_802_1Q
###[ 802.1Q ]###
prio = 0L
id = 0L
vlan = 1L
type = PPP_SES
###[ PPP over Ethernet ]###
version = 1L
type = 1L
code = Session
sessionid = 0x1
len = 66
###[ PPP Link Layer ]###
proto = Internet Protocol version 6 [Hinden]
###[ IPv6 ]###
version = 6L
tc = 0L
fl = 0L
plen = 24
nh = TCP
hlim = 64
src = 2011:1::1
dst = 2011:1::2
###[ TCP ]###
sport = http
dport = 41456
seq = 1
ack = 1
dataofs = 6L
reserved = 0L
flags = SA
window = 65534
chksum = 0xb5ca
urgptr = 0
options = [('MSS', 1432)]
更好的解决方法是告诉Scapy关于层本身之间的关系,使用以下内容:
import binascii
input=binascii.unhexlify("003048FA2C4D64649B756001810000018100000188641100000100420057600000000018064020110001000000000000000000000001201100010000000000000000000000020050A1F000000001000000016012FFFEB5CA000002040598")
from scapy.all import Ether, IPv6, PPP, bind_layers
bind_layers( PPP, IPv6, proto=0x0057)
# Now works correctly out the box
pkt1=Ether(input)
pkt1.show()
如果你想写一个合适的补丁,这个对bind_layers的调用应该在scapy / layers / ppp.py中。