scapy新手。試圖瞭解sr（）

Question

我是scapy的新手，我試圖使用sr和sr1函數來理解它們的工作原理。

我試圖製作下面的數據包，我發現它已發送1個數據包，但它表示已收到581個數據包。有人可以幫我理解爲什麼它顯示收到這麼多的數據包。

收到1373包，得到0答案，剩下的1包

>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23)) 
.Begin emission: 
.....Finished to send 1 packets. 
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C 
Received 581 packets, got 0 answers, remaining 1 packets 
>>> p 
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>) 

我tcpdump的輸出並不表明它收到這麼多的數據包。

Answer 1

sr()和sr1()函數將發送一個數據包並在網絡上偵聽相應的應答，在sr()的情況下，sr1()只會等待一個答案。

收到但沒有答案的數據包是Scapy在尋找對原始數據包的響應時嗅探到的數據包。我不確定在使用Scapy的同時如何嗅探tcpdump會影響您的結果 - 不確定內核將數據包傳遞到哪個進程。

這是來自ThePacketGeek的Sending and Receiving with Scapy的優秀教程。

另外請確保在解釋器中使用各種Scapy函數的__doc__屬性來獲取相關文檔。

>>> print sr1.__doc__ 
Send packets at layer 3 and return only the first answer 
nofilter: put 1 to avoid use of bpf filters 
retry: if positive, how many times to resend unanswered packets 
      if negative, how many times to retry when no more packets are answered 
timeout: how much time to wait after the last packet has been sent 
verbose: set verbosity level 
multi: whether to accept multiple answers for the same stimulus 
filter: provide a BPF filter 
iface: listen answers only on the given interface 
>>>