1、UDP scanning with Scapy

Scapy is a tool that can be used  to craft and inject custom packets into  a network ,in this specific recipe, Scapy will be used to scan for active UDP services ,This can be done by sending empty UDP packet to destionation ports and then identifying the ports that  do not respond  with an ICMP port-unreachable response .whether  a service is running on a give UDP port ,the technique that we will use with Scapy is to identify closed UDP port with ICMP port-unreachable replies ,to send a UDP request to any given port ,so we need to build layer of taht the request , the first layer that we will need to construct is the IP layer

step one :  we used the command  Scapy to invoking the tool   .you don't sent the ip.src ,because the source the ip will automatically  updates associated with the default interface  .   after each setup , you need to check and   confirm it by youself .  we can you  the command  (.display)  .we should do in lab envrionment , I use the metasploitable2 and , the metasploitable2 system can used as remote service over UDP . so let's see the following option :

step two :  view the metasploitable2 ip address  . so the ip.dst=192.168.142.170

step three  :start-up the Scapy  and construct the ip layer  ,and set the dst ip is 192.168.142.170  .   .but hte DNS is a comman service that can often be discovered on network systems , so we can modified by setting the attribute equal to the new port destination value  set  the dport =123

setp four: we have created both the IP layers ,so  here we need to construct the request by the stacking these layers by request=(i/u)

and  then send the request to the remote service

finally  we can look the response.display ()

>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0xc0
  len= 56
  id= 64015
  flags=
  frag= 0
  ttl= 64
  proto= icmp
  chksum= 0xe144
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ ICMP ]###
     type= dest-unreach
     code= port-unreachable
     chksum= 0x9bc7
     reserved= 0
     length= 0
     nexthopmtu= 0
###[ IP in ICMP ]###
        version= 4
        ihl= 5
        tos= 0x0
        len= 28
        id= 1
        flags=
        frag= 0
        ttl= 64
        proto= udp
        chksum= 0xdc1f
        src= 192.168.142.181
        dst= 192.168.142.170
        \options\
###[ UDP in ICMP ]###
           sport= domain
           dport= ntp
           len= 8
           chksum= 0x607d

in  fact the request can be performed without independently building and stacking each layer ,we can use a  single one-line command by calling the function directly and passing them the approprite argument as following . of couse wen scan set the timeout and the verbose .

note  that the response  for these requests  includes an ICMP packet that  type indicating that the host is unreachable and code indicating that the port is unreachable this response is commonly if the UDP oprt is closed ,so we should attempt to modify the request so that it is sent to the destination port  that correspond to an actual service on teh remote system , let's change the destination port back to port 53 and then send the request again .as follows:

when the same request is sent to an actual aervice ,no replay is received , this is beacuse the DNS service running on the system's UDP port 53, will only respond to service-specific request ,this discrepancy can be used to scan for ICMP host-unreachable replies .

so we can identify potential service by flagging the noresponsive ports.  edit a script to scan the port.

Scapy的更多相关文章

  1. python脚本执行Scapy出现IPv6警告WARNING解决办法

    安装完scapy,写了脚本执行后执行: WARNING: No route found for IPv6 destination :: (no default route?) 原因是用 from sc ...

  2. Windows下使用scapy+python2.7实现对pcap文件的读写操作

    scapy在linux环境中对pcap文件进行操作非常方便,但在windows下,特别是在python2.7环境下却会碰到各种各样的依赖包无法使用的问题,最明显的可能就属dnet和pcap的pytho ...

  3. 使用它tshark分析pcap的例子以及scapy下载地址

    转一篇cisco工作人员使用tshark分析pcap的文章,以及scapy的下载地址 http://blogs.cisco.com/security/finding-a-needle-in-a-pca ...

  4. 安装scapy遇到的问题

    1. Mac平台 在mac上安装scapy可以说是困难重重,一来因为scapy实在有些小众和老旧,再加上安装说明文档都是python2.5 也没有详细说明一些安装问题. 折腾了大概三个小时之后终于解决 ...

  5. scapy 安装及简单测试

    关于scapy Scapy的是一个强大的交互式数据包处理程序(使用python编写).它能够伪造或者解码大量的网络协议数据包,能够发送.捕捉.匹配请求和回复包等等.它可以很容易地处理一些典型操作,比如 ...

  6. Python模块(scapy)

    scapy scapy相当于linux的tcpdump的功能

  7. 小白日记9:kali渗透测试之主动信息收集(二)四层发现:TCP、UDP、nmap、hping、scapy

    四层发现 四层发现的目的是扫描出可能存活的IP地址,四层发现虽然涉及端口扫描,但是并不对端口的状态进行精确判断,其本质是利用四层协议的一些通信来识别主机ip是否存在. 四层发现的优点: 1.可路由且结 ...

  8. 小白日记7:kali渗透测试之主动信息收集-发现(一)--二层发现:arping/shell脚本,Netdiscover,scapy

    主动信息收集 被动信息收集可能不准确,可以用主动信息收集验证   特点:直接与目标系统交互通信,无法避免留下访问痕迹 解决方法:1.使用受控的第三方电脑进行探测,使用代理 (做好被封杀的准备)   2 ...

  9. 小白日记8:kali渗透测试之主动信息收集(二)三层发现:ping、traceroute、scapy、nmap、fping、Hping

    三层发现 三层协议有:IP以及ICMP协议(internet管理协议).icmp的作用是用来实现intenet管理的,进行路径的发现,网路通信情况,或者目标主机的状态:在三层发现中主要使用icmp协议 ...

  10. scapy流量嗅探简单使用

    官方文档:http://scrapy-chs.readthedocs.io/zh_CN/latest/index.html 参考链接:http://blog.csdn.net/Jeanphorn/ar ...

随机推荐

  1. Flask 微信公众号开发

    公众号接口 1. 公众号消息会话 目前公众号内主要有这样几类消息服务的类型,分别用于不同的场景. 群发消息 公众号可以以一定频次(订阅号为每天1次,服务号为每月4次),向用户群发消息,包括文字消息.图 ...

  2. 采用VSPD、ModbusTool模拟串口、MODBUS TCP设备进行Python采集软件开发

    版权声明:本文为博主原创文章,欢迎转载,并请注明出处.联系方式:460356155@qq.com 不少仪器/设备都提供了数据采集的接口,其中不少是串口或网络的MODBUS/TCP协议. 串口是比较简单 ...

  3. D3.js 入门学习(一)

    一.安装D3.js 1.网络连接 <script src="https://d3js.org/d3.v4.min.js"></script> 2.命令行安装 ...

  4. ABP中的拦截器之ValidationInterceptor(上)

    从今天这一节起就要深入到ABP中的每一个重要的知识点来一步步进行分析,在进行介绍ABP中的拦截器之前我们先要有个概念,到底什么是拦截器,在介绍这些之前,我们必须要了解AOP编程思想,这个一般翻译是面向 ...

  5. HttpPost方式调用接口的3种方式

    第一种:需要httpclient的依赖包 <dependency> <groupId>org.apache.httpcomponents</groupId> < ...

  6. openstack oslo.messaging库

    openstack oslo.messaging库 2017年04月13日 22:13:25 li_101357 阅读数:1383   版权声明:本文为博主原创文章,未经博主允许不得转载. https ...

  7. Android N和O中使用adb shell dpm set-device-owner 'com.android.cts.verifier/com.android.cts.verifier.managedprovisioning.DeviceAdminTestReceiver' setup Device Owner失败

    PC端出现如下log: D:\workspace\AndroidO\CTS\CTS_Verifier>adb shell dpm set-device-owner 'com.android.ct ...

  8. kubeadm的安装步骤(HA)

    准备3台主节点:km1/km2/km3 1.编辑kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfigur ...

  9. Supercomputer 解题报告

    Supercomputer 设\(f_i\)为前\(i\)个时间内必须的完成的任务个数,那么答案就是 \[ \max_{i}\lceil\frac{f_i}{i}\rceil \] 现在要支持区间加和 ...

  10. Maze HDU - 4035(期望dp)

    When wake up, lxhgww find himself in a huge maze. The maze consisted by N rooms and tunnels connecti ...