我正在嗅探wlan以获取ftp数据包,然后启动与免费ftp服务器的ftp连接,一旦检测到任何已发送/接收的ftp数据包,我便获得了源/目标地址并向自己发送了一个新的ftp数据包只是为了测试。
但是我不知道如何检测我创建的数据包是否被我方成功接收。我可以在Wireshark上看到它,并且可以在我的代码中收到两次(发送一次,收到一次),但是在文件系统中哪里可以找到它?
下面是我的代码:
from scapy.all import *
from scapy.layers.inet import IP,TCP,Ether
interface = "wlp3s0"
def check_pkt(pkt):
if pkt.haslayer(TCP) and pkt.haslayer(Raw):
# If port 21 is used by source or destination "FTP server port"
if pkt[TCP].dport == 21:
client_mac_address = pkt[Ether].src
server_mac_address = pkt[Ether].dst
server_address = pkt[IP].dst
client_address = pkt[IP].src
server_port = pkt[TCP].dport
client_port = pkt[TCP].sport
print("Server Mac: "+server_mac_address)
print("Client Mac: " + client_mac_address)
print("Server IP: " + server_address)
print("Client IP: " + client_address)
print("Server port: " + str(server_port))
print("Client port: " + str(client_port))
print("######################################")
new_packet = Ether()/IP()/TCP()/Raw()
# Swap the addresses
new_packet[Ether].dst = client_mac_address
new_packet[Ether].src = server_mac_address
new_packet[IP].dst = client_address
new_packet[IP].src = server_address
new_packet[TCP].dport = client_port
new_packet[TCP].sport = server_port
# Adjust the packet load
new_packet[Raw].load = "New packet payload"
# Let Scapy calculate the length and checksums of the packet after modifications
del new_packet[IP].len
del new_packet[IP].chksum
del new_packet[TCP].chksum
del new_packet[TCP].seq
sendp(new_packet, iface=interface)
return True
return False
print("Sniffing started on "+interface+"...")
try:
sniff(iface=interface, prn=check_pkt, store=0)
except Exception as e:
print(e)
print("Sniffing stopped")