1. 首頁
  2. 問答
  3. Scapy發送探測請求並接收探測響應

Scapy發送探測請求並接收探測響應

2016-09-25 96 views
2

我正在嘗試發送802.11探測請求並從中接收探測響應。但結果並不好。Scapy發送探測請求並接收探測響應

這裏是我的發送幀的一部分,我在Python中使用Scapy

class Scapy80211(): 
    def __init__(self,intf='wlan0',ssid='test',\ 
      source='00:00:de:ad:be:ef',\ 
      bssid='00:11:22:33:44:55',srcip='10.10.10.10'): 
    self.rates = "\x03\x12\x96\x18\x24\x30\x48\x60" 
    self.ssid = ssid 
    self.source = source 
    self.srcip = srcip 
    self.bssid = bssid 
    self.intf = intf 
    self.intfmon = intf + 'mon' 

    def ProbeReq(self,count=10,ssid='',dst='ff:ff:ff:ff:ff:ff', fc=0): 
     if not ssid: ssid=self.ssid 
     param = Dot11ProbeReq() 
     essid = Dot11Elt(ID='SSID',info=ssid) 
     rates = Dot11Elt(ID='Rates',info=self.rates) 
     dsset = Dot11Elt(ID='DSset',info='\x01') 
     pkt = RadioTap()\ 
     /Dot11(type=0,subtype=4,FCfield=fc,addr1=dst,addr2=self.source,addr3=self.bssid)\ 
     /param/essid/rates/dsset 

     print '[*] 802.11 Probe Request: SSID=[%s], count=%d' % (ssid,count) 
     try: 
     sendp(pkt,count=count,inter=0.1,verbose=1) 
     except: 
     raise 

ssid = 'aa' #This is the AP I want to interact with 
sdot11 = Scapy80211(intf='mon0') 
sdot11.ProbeReq(ssid=ssid) 
sniff(count=10, timeout=5, prn=PacketHandler, filter="type mgt subtype probe-resp")

我跑了20次有一次我能得到的結果有代碼。

此外,結果也有點奇怪,當我收到回覆時,我經常收到很多。

那麼,任何人都可以幫助我嗎?你通常如何做收發工作?

我已將我的密碼更改爲srp()。我刪除了sniff()語句,並用srp()替換sendp()。這是我的結果,我對此很困惑。

[*] 802.11 Probe Request: SSID=[aa], count=10 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 

Received 0 packets, got 0 answers, remaining 1 packets 
[*] 802.11 Probe Request: SSID=[aa], count=10 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 

Received 12 packets, got 0 answers, remaining 1 packets

欲接收從AA探測響應幀,所述一個我發送探測請求。

所以結果是沒有答案?我不確定它是否與我沒有填寫SSID,source,bssid等正確的參數有關。我應該將目的地從「ff:ff:ff:ff:ff:ff」更改爲MAC地址aa

來源

2016-09-25 Joe Lu

回答

0

除非我錯了,否則您正在發送您的探針,然後嗅探響應。如果答案到達,它很可能會在同一時間到達。

您應該使用srp()函數來完成發送幀和匹配答案的工作。

來源

2016-09-26 06:39:55 Pierre

+0

是的,那正是我所做的。我已經將我的代碼更改爲'srp()',並且我將結果和我的結果不確定地發佈。你能幫忙看看嗎? –

相關問題

 相關問題