1. 首页
  2. 问答
  3. Scapy发送探测请求并接收探测响应

Scapy发送探测请求并接收探测响应

2016-09-25 68 views
2

我正在尝试发送802.11探测请求并从中接收探测响应。但结果并不好。Scapy发送探测请求并接收探测响应

这里是我的发送帧的一部分,我在Python中使用Scapy

class Scapy80211(): 
    def __init__(self,intf='wlan0',ssid='test',\ 
      source='00:00:de:ad:be:ef',\ 
      bssid='00:11:22:33:44:55',srcip='10.10.10.10'): 
    self.rates = "\x03\x12\x96\x18\x24\x30\x48\x60" 
    self.ssid = ssid 
    self.source = source 
    self.srcip = srcip 
    self.bssid = bssid 
    self.intf = intf 
    self.intfmon = intf + 'mon' 

    def ProbeReq(self,count=10,ssid='',dst='ff:ff:ff:ff:ff:ff', fc=0): 
     if not ssid: ssid=self.ssid 
     param = Dot11ProbeReq() 
     essid = Dot11Elt(ID='SSID',info=ssid) 
     rates = Dot11Elt(ID='Rates',info=self.rates) 
     dsset = Dot11Elt(ID='DSset',info='\x01') 
     pkt = RadioTap()\ 
     /Dot11(type=0,subtype=4,FCfield=fc,addr1=dst,addr2=self.source,addr3=self.bssid)\ 
     /param/essid/rates/dsset 

     print '[*] 802.11 Probe Request: SSID=[%s], count=%d' % (ssid,count) 
     try: 
     sendp(pkt,count=count,inter=0.1,verbose=1) 
     except: 
     raise 

ssid = 'aa' #This is the AP I want to interact with 
sdot11 = Scapy80211(intf='mon0') 
sdot11.ProbeReq(ssid=ssid) 
sniff(count=10, timeout=5, prn=PacketHandler, filter="type mgt subtype probe-resp")

我跑了20次有一次我能得到的结果有代码。

此外,结果也有点奇怪,当我收到回复时,我经常收到很多。

那么,任何人都可以帮助我吗?你通常如何做收发工作?

我已将我的密码更改为srp()。我删除了sniff()语句,并用srp()替换sendp()。这是我的结果,我对此很困惑。

[*] 802.11 Probe Request: SSID=[aa], count=10 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 

Received 0 packets, got 0 answers, remaining 1 packets 
[*] 802.11 Probe Request: SSID=[aa], count=10 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 
Begin emission: 
Finished to send 1 packets. 

Received 12 packets, got 0 answers, remaining 1 packets

欲接收从AA探测响应帧,所述一个我发送探测请求。

所以结果是没有答案?我不确定它是否与我没有填写SSID,source,bssid等正确的参数有关。我应该将目的地从“ff:ff:ff:ff:ff:ff”更改为MAC地址aa

来源

2016-09-25 Joe Lu

回答

0

除非我错了,否则您正在发送您的探针,然后嗅探响应。如果答案到达,它很可能会在同一时间到达。

您应该使用srp()函数来完成发送帧和匹配答案的工作。

来源

2016-09-26 06:39:55 Pierre

+0

是的,那正是我所做的。我已经将我的代码更改为'srp()',并且我将结果和我的结果不确定地发布。你能帮忙看看吗? –

相关问题

 相关问题