scapy学习笔记（4）简单的sniffing 嗅探

小五义 2024-10-22 13:59:50 原文

转载请注明：@小五义：http://www.cnblogs/xiaowuyi

利用sniff命令进行简单的嗅探，可以抓到一些简单的包。当不指定接口时，将对每一个接口进行嗅探，当指定接口时，仅对该接口进行。

如；

>>> sniff(filter="icmp and host 61.135.169.125",count=)

结果：

<Sniffed: TCP:0 UDP:0 ICMP:0 Other:0>

再比如对ppp0端口的嗅探：

>>> sniff(iface="ppp0",prn=lambda x:x.summary())

此时浏览一下百度，结果如下：

IP / UDP 27.214.219.76:53144 > 122.225.83.67:http / Raw
IP / UDP / DNS Qry "suggestion.baidu.com."

IP / UDP / DNS Qry "suggestion.baidu.com."

IP / UDP / DNS Ans "suggestion.a.shifen.com."

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http S

IP / UDP / DNS Ans "suggestion.a.shifen.com."

IP / ICMP / IPerror / UDPerror / DNS Ans "suggestion.a.shifen.com."

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 SA

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw

IP / UDP 122.225.83.67:http > 27.214.219.76:53144 / Raw

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http S

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 SA

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http PA / Raw

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 PA / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 A / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 61.135.169.125:http > 27.214.219.76:45639 PA / Raw

IP / TCP 27.214.219.76:45639 > 61.135.169.125:http A

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http S

IP / UDP / DNS Qry "t11.baidu.com."

IP / UDP / DNS Qry "t12.baidu.com."

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http S

IP / UDP / DNS Ans "image.jomodns.com."

IP / TCP 27.214.219.76:49797 > 119.188.9.119:http S

IP / TCP 27.214.219.76:49798 > 119.188.9.119:http S

IP / TCP 27.214.219.76:49799 > 119.188.9.119:http S

IP / UDP / DNS Ans "image.jomodns.com."

IP / TCP 27.214.219.76:39103 > 119.188.9.118:http S

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 SA

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.119:http > 27.214.219.76:49797 SA

IP / TCP 27.214.219.76:49797 > 119.188.9.119:http A

IP / TCP 119.188.9.119:http > 27.214.219.76:49798 SA

IP / TCP 27.214.219.76:49798 > 119.188.9.119:http A

IP / TCP 119.188.9.119:http > 27.214.219.76:49799 SA

IP / TCP 27.214.219.76:49799 > 119.188.9.119:http A

IP / TCP 60.55.35.47:http > 27.214.219.76:55193 SA

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http PA / Raw

IP / TCP 119.188.9.118:http > 27.214.219.76:39103 SA

IP / TCP 27.214.219.76:39103 > 119.188.9.118:http A

IP / TCP 60.55.35.47:http > 27.214.219.76:55193 A

IP / TCP 60.55.35.47:http > 27.214.219.76:55193 PA / Raw

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http PA / Raw

IP / TCP 27.214.219.76:49797 > 119.188.9.119:http PA / Raw

IP / TCP 27.214.219.76:49798 > 119.188.9.119:http PA / Raw

IP / TCP 27.214.219.76:49799 > 119.188.9.119:http PA / Raw

IP / TCP 27.214.219.76:39103 > 119.188.9.118:http PA / Raw

IP / TCP 27.214.219.76:38864 > 61.135.169.105:http S

IP / UDP / DNS Qry "a.baidu.com."

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw

IP / TCP 27.214.219.76:59062 > 119.188.9.40:http S

IP / TCP 27.214.219.76:59063 > 119.188.9.40:http S

IP / TCP 119.188.9.119:http > 27.214.219.76:49797 A

IP / TCP 119.188.9.119:http > 27.214.219.76:49797 PA / Raw

IP / TCP 27.214.219.76:49797 > 119.188.9.119:http A

IP / TCP 27.214.219.76:38867 > 61.135.169.105:http S

IP / TCP 119.188.9.119:http > 27.214.219.76:49798 A

IP / TCP 119.188.9.119:http > 27.214.219.76:49798 PA / Raw

IP / TCP 27.214.219.76:49798 > 119.188.9.119:http A

IP / TCP 119.188.9.119:http > 27.214.219.76:49799 A

IP / TCP 119.188.9.119:http > 27.214.219.76:49799 PA / Raw

IP / TCP 27.214.219.76:49799 > 119.188.9.119:http A

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http PA / Raw

IP / TCP 27.214.219.76:50355 > 61.135.185.194:http S

IP / UDP / DNS Qry "api.share.baidu.com."

IP / TCP 119.188.9.118:http > 27.214.219.76:39103 A

IP / TCP 119.188.9.118:http > 27.214.219.76:39103 PA / Raw

IP / TCP 27.214.219.76:39103 > 119.188.9.118:http A

IP / UDP / DNS Ans "asp.e.shifen.com."

IP / TCP 60.55.35.47:http > 27.214.219.76:55193 PA / Raw

IP / TCP 27.214.219.76:53605 > 123.125.114.38:http S

IP / TCP 27.214.219.76:53606 > 123.125.114.38:http S

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http FA

IP / TCP 61.135.169.105:http > 27.214.219.76:38864 SA

IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A

IP / TCP 27.214.219.76:38864 > 61.135.169.105:http PA / Raw

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw

IP / TCP 119.188.9.40:http > 27.214.219.76:59062 SA

IP / TCP 27.214.219.76:59062 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59063 SA

IP / TCP 27.214.219.76:59063 > 119.188.9.40:http A

IP / TCP 61.135.169.105:http > 27.214.219.76:38867 SA

IP / TCP 27.214.219.76:38867 > 61.135.169.105:http A

IP / UDP / DNS Ans "api.share.n.shifen.com."

IP / TCP 27.214.219.76:47655 > 61.135.162.115:http S

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 123.125.114.101:http > 27.214.219.76:37968 PA / Raw

IP / TCP 27.214.219.76:37968 > 123.125.114.101:http A

IP / TCP 61.135.185.194:http > 27.214.219.76:50355 SA

IP / TCP 27.214.219.76:50355 > 61.135.185.194:http A

IP / TCP 27.214.219.76:50355 > 61.135.185.194:http PA / Raw

IP / TCP 123.125.114.38:http > 27.214.219.76:53605 SA

IP / TCP 27.214.219.76:53605 > 123.125.114.38:http A

IP / TCP 27.214.219.76:53605 > 123.125.114.38:http PA / Raw

IP / TCP 123.125.114.38:http > 27.214.219.76:53606 SA

IP / TCP 27.214.219.76:53606 > 123.125.114.38:http A

IP / TCP 61.135.169.105:http > 27.214.219.76:38864 A

IP / TCP 61.135.169.105:http > 27.214.219.76:38864 PA / Raw

IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A

IP / TCP 61.135.169.105:http > 27.214.219.76:38864 PA / Raw

IP / TCP 27.214.219.76:38864 > 61.135.169.105:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 61.135.162.115:http > 27.214.219.76:47655 SA

IP / TCP 27.214.219.76:47655 > 61.135.162.115:http A

IP / TCP 27.214.219.76:47655 > 61.135.162.115:http PA / Raw

IP / TCP 60.55.35.47:http > 27.214.219.76:55193 FA

IP / TCP 27.214.219.76:55193 > 60.55.35.47:http A

IP / TCP 61.135.185.194:http > 27.214.219.76:50355 A

IP / TCP 61.135.185.194:http > 27.214.219.76:50355 PA / Raw

IP / TCP 27.214.219.76:50355 > 61.135.185.194:http A

IP / TCP 123.125.114.38:http > 27.214.219.76:53605 A

IP / TCP 123.125.114.38:http > 27.214.219.76:53605 PA / Raw

IP / TCP 27.214.219.76:53605 > 123.125.114.38:http A

IP / TCP 61.135.162.115:http > 27.214.219.76:47655 A

IP / TCP 61.135.162.115:http > 27.214.219.76:47655 PA / Raw

IP / TCP 27.214.219.76:47655 > 61.135.162.115:http A

IP / UDP / DNS Qry "sclick.baidu.com."

IP / UDP / DNS Qry "c.baidu.com."

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw

IP / UDP / DNS Ans "s.a.shifen.com."

IP / TCP 27.214.219.76:47154 > 123.125.115.95:http S

IP / UDP / DNS Ans "c.e.shifen.com."

IP / TCP 27.214.219.76:56976 > 123.125.114.64:http S

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A / Raw

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

IP / TCP 27.214.219.76:56977 > 123.125.114.64:http S

IP / TCP 27.214.219.76:47157 > 123.125.115.95:http S

IP / TCP 123.125.115.95:http > 27.214.219.76:47154 SA

IP / TCP 27.214.219.76:47154 > 123.125.115.95:http A

IP / TCP 27.214.219.76:47154 > 123.125.115.95:http PA / Raw

IP / TCP 123.125.114.64:http > 27.214.219.76:56976 SA

IP / TCP 27.214.219.76:56976 > 123.125.114.64:http A

IP / TCP 27.214.219.76:56976 > 123.125.114.64:http PA / Raw

IP / TCP 123.125.114.64:http > 27.214.219.76:56977 SA

IP / TCP 27.214.219.76:56977 > 123.125.114.64:http A

IP / TCP 123.125.115.95:http > 27.214.219.76:47157 SA

IP / TCP 27.214.219.76:47157 > 123.125.115.95:http A

IP / TCP 123.125.115.95:http > 27.214.219.76:47154 A

IP / TCP 123.125.115.95:http > 27.214.219.76:47154 PA / Raw

IP / TCP 27.214.219.76:47154 > 123.125.115.95:http A

IP / TCP 123.125.115.95:http > 27.214.219.76:47154 FA

IP / TCP 27.214.219.76:47154 > 123.125.115.95:http FA

IP / TCP 123.125.114.64:http > 27.214.219.76:56976 A

IP / TCP 123.125.114.64:http > 27.214.219.76:56976 PA / Raw

IP / TCP 27.214.219.76:56976 > 123.125.114.64:http A

IP / TCP 123.125.114.64:http > 27.214.219.76:56976 FA

IP / TCP 27.214.219.76:56976 > 123.125.114.64:http FA

IP / UDP / DNS Qry "trust.baidu.com."

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http PA / Raw

IP / TCP 123.125.115.95:http > 27.214.219.76:47154 A

IP / UDP / DNS Ans "trust.e.shifen.com."

IP / TCP 123.125.114.64:http > 27.214.219.76:56976 A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 A

IP / TCP 119.188.9.40:http > 27.214.219.76:59056 PA / Raw

IP / TCP 27.214.219.76:59056 > 119.188.9.40:http A

^C<Sniffed: TCP:208 UDP:20 ICMP:1 Other:0>

也要以用show()来显示：

>>> sniff(iface="ppp0",prn=lambda x:x.show())

部分结果：

###[ IP ]###
version= 4L

ihl= 5L

tos= 0x0

len= 40

id= 52068

flags= DF

frag= 0L

ttl= 64

proto= tcp

chksum= 0x8151

src= 27.214.219.76

dst= 61.135.185.112

\options\

###[ TCP ]###

sport= 59617

dport= http

seq= 3932617191L

ack= 411565738

dataofs= 5L

reserved= 0L

flags= FA

window= 182

chksum= 0xee34

urgptr= 0

options= {}

^C<Sniffed: TCP:1 UDP:0 ICMP:0 Other:0>

scapy学习笔记（4）简单的sniffing 嗅探的更多相关文章

JSP学习笔记(三):简单的Tomcat Web服务器
注意:每次对Tomcat配置文件进行修改后,必须重启Tomcat 在E盘的DATA文件夹中创建TomcatDemo文件夹,并将Tomcat安装路径下的webapps/ROOT中的WEB-INF文件夹复 ...
JAVA WEB学习笔记(三):简单的基于Tomcat的Web页面
注意:每次对Tomcat配置文件进行修改后,必须重启Tomcat 在E盘的DATA文件夹中创建TomcatDemo文件夹,并将Tomcat安装路径下的webapps/ROOT中的WEB-INF文件夹复 ...
Spark学习笔记0——简单了解和技术架构
目录 Spark学习笔记0--简单了解和技术架构什么是Spark 技术架构和软件栈 Spark Core Spark SQL Spark Streaming MLlib GraphX 集群管理器受 ...
Html学习笔记(二) 简单标签
标签的重点标签的用途标签在浏览器中的默认样式 <body>标签: 在网页上显示的内容 <p>标签: 添加段落 <hx>标签: 添加标题标签一共有6个,h1.h ...
Netty学习笔记(六) 简单的聊天室功能之WebSocket客户端开发实例
在之前的Netty相关学习笔记中,学习了如何去实现聊天室的服务段,这里我们来实现聊天室的客户端,聊天室的客户端使用的是Html5和WebSocket实现,下面我们继续学习. 创建客户端接着第五个笔记 ...
scapy学习笔记（3）发送包,SYN及TCP traceroute 扫描
转载请注明:@小五义:http://www.cnblogs/xiaowuyi 在安装完scapy(前两篇笔记有介绍)后,linux环境下,执行sudo scapy运行scapy. 一.简单的发送包 1 ...
scapy学习笔记（3）
转自:@小五义:http://www.cnblogs/xiaowuyi 在安装完scapy(前两篇笔记有介绍)后,linux环境下,执行sudo scapy运行scapy. 一.简单的发送包 1.se ...
Java设计模式学习笔记(二) 简单工厂模式
前言本篇是设计模式学习笔记的其中一篇文章,如对其他模式有兴趣,可从该地址查找设计模式学习笔记汇总地址正文开始... 1. 简介简单工厂模式不属于GoF23中设计模式之一,但在软件开发中应用也较为 ...
CSS学习笔记09 简单理解BFC
引子在讲BFC之前,先来看看一个例子 <!DOCTYPE html> <html lang="en"> <head> <meta cha ...

随机推荐

Chromium源码--网络请求流程分析
转载请注明出处:http://www.cnblogs.com/fangkm/p/3784660.html 本文探讨一下chromium中加载URL的流程,具体来说是从地址栏输入URL地址到通过URLR ...
Sql Server分页储存过程
--分页储存过程if exists (select * from sys.procedures where name='Page')drop proc Pagegocreate proc Page@P ...
关于SDN
传统网络: 一:它们是纯分布式控制二:控制面和转发面在同一个设备中,紧密耦合三:管理员无法直接操控转发行为四:网络协议对转发行为的影响是有固定模式的而SDN的特性: 一:控制面与转发面分离二 ...
MySQL两种存储引擎: MyISAM和InnoDB
MySQL两种存储引擎: MyISAM和InnoDB 简单总结 MyISAM是MySQL的默认数据库引擎(5.5版之前),由早期的ISAM(Indexed Sequential Access Me ...
【代码笔记】iOS-动画的跳转
一,工程图. 二,代码. //点击任何处跳转到页面 -(void)touchesBegan:(NSSet *)touches withEvent:(UIEvent *)event { CATransi ...
VS 2015 报错 " 'unistd.h': No such file or directory" 的解决办法
使用 Visual Studio 2015 进行程序开发工作时,如果编译的是来自于Linux平台的源文件,该源文件可能会包含头文件 uninstd.h,这样会产生报错信息: "fatal e ...
用例设计之APP用例覆盖准则
基本原则本文主要讨论APP功能用例的覆盖,基本原则: 用户场景闭环(从哪来到哪去) 遍历所有的实现逻辑路径需求点覆盖覆盖维度 APP功能用例设计主要使用传统的黑盒用例设计方法.同时,作为移动AP ...
LeetCode题解之Merge k Sorted Lists 解法二
1.题目描述 2.分析利用 vector 存储指针,同时合并k个链表. 3.代码 ListNode* mergeKLists(vector<ListNode*>& lists) ...
C# socket 发送图片和文件
先说服务端:界面:如图: 界面设计源码 namespace SocketJPGToTxt { partial class Form1 { /// <summary> /// 必需的设计器变 ...
IP地址的分类——a，b，c 类是如何划分的【转】
ip分类已经是耳熟能详了.但是说的都比较繁琐,这里简述一下,便于以后复习. IP地址,一共分成了5类,范围分别如下: A类IP:从0.0.0.0 – 127.255.255.255,共有1677721 ...