scapy.layers.l2

第2层协议的类和功能.

class scapy.layers.l2.ARP

Bases: scapy.packet.Packet

aliastypes
answers(other)
extract_padding(s)
fields_desc
ARP字段

hwtype

XShortField

1

ptype

XShortEnumField

2048

hwlen

FieldLenField

None

plen

FieldLenField

None

op

ShortEnumField

1

hwsrc

MultipleTypeField

None

psrc

MultipleTypeField

None

hwdst

MultipleTypeField

None

pdst

MultipleTypeField

None

hashret()
mysummary()
route()
class scapy.layers.l2.ARP_am(**kargs)

Bases: scapy.ansmachine.AnsweringMachine

伪造的ARP中继守护程序(farpd)

示例:要在入口接口上响应192.168.100答复的ARP请求,请执行以下操作:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05')

要在其他接口上响应,请添加interface参数:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05',iface='eth0')

要在具有MAC地址ARP_addr的接口上响应任何arp请求,请执行以下操作:

farpd(ARP_addr='00:01:02:03:04:05',iface='eth1')

在给定的界面上使用我的mac addr响应任何arp请求:

farpd(iface='eth1')

可选的精氨酸:

inter=<n>   Interval in seconds between ARP replies being sent
filter = 'arp'
function_name = 'farpd'
is_request(req)
make_reply(req)
parse_options(IP_addr=None, ARP_addr=None)
print_reply(req, reply)
static send_function(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, verbose=None, realtime=None, return_packets=False, socket=None, *args, **kargs)

在第2层发送数据包

Parameters
  • x –数据包

  • -两个分组(默认为0)之间的时间(以秒)

  • 循环 –不确定地发送数据包(默认为0)

  • count –要发送的数据包数量(默认为None = 1)

  • 详细 –详细模式(默认为None = conf.verbose)

  • 实时 –在发送下一个之前检查包是否已发送

  • return_packets –返回发送的数据包

  • socket –要使用的套接字(默认为conf.L3socket(kargs))

  • iface –发送数据包的接口

  • 监视器 –(不是在Linux上)以监视器模式发送

Returns

None

send_reply(reply)
class scapy.layers.l2.ARPingResult(res=None, name='ARPing', stats=None)

Bases: scapy.plist.SndRcvList

show()

打印发现的MAC地址列表.

class scapy.layers.l2.CookedLinux

Bases: scapy.packet.Packet

aliastypes
fields_desc
CookedLinux领域

pkttype

ShortEnumField

0

lladdrtype

XShortField

512

lladdrlen

ShortField

0

src

StrFixedLenField

b''

proto

XShortEnumField

2048

payload_guess

可能的子层: CANEAPOLIPIPv6IrLAPHeadARPDot1ADDot1QEtherLLCPPPoEDPPPoE

class scapy.layers.l2.DestMACField(name)

Bases: scapy.fields.MACField

i2h(pkt, x)
i2m(pkt, x)
class scapy.layers.l2.Dot1AD

Bases: scapy.layers.l2.Dot1Q

aliastypes
fields_desc
Dot1AD字段

prio

BitField (3位)

0

id

BitField (1位)

0

vlan

BitField (12位)

1

type

XShortEnumField

0

payload_guess

可能的子层: MACsecSPBMDot1ADDot1Q

class scapy.layers.l2.Dot1Q

Bases: scapy.packet.Packet

aliastypes
answers(other)
default_payload_class(pay)
extract_padding(s)
fields_desc
Dot1Q字段

prio

BitField (3位)

0

id

BitField (1位)

0

vlan

BitField (12位)

1

type

XShortEnumField

0

mysummary()
payload_guess

可能的子层: EtherCatLLDPDUMACControlMACsecSPBMDot1AD

class scapy.layers.l2.Dot3

Bases: scapy.packet.Packet

aliastypes
answers(other)
classmethod dispatch_hook(_pkt=None, *args, **kargs)
extract_padding(s)
fields_desc
Dot3字段

dst

DestMACField

None

src

SourceMACField

None

len

LenField

None

mysummary()
payload_guess

可能的子层: LLC

class scapy.layers.l2.ERSPAN

Bases: scapy.packet.Packet

aliastypes
fields_desc
ERSPAN字段

ver

BitField (4位)

0

vlan

BitField (12位)

0

cos

BitField (3位)

0

en

BitField (2位)

0

t

BitField (1位)

0

session_id

BitField (10位)

0

reserved

BitField (12位)

0

index

BitField (20位)

0

payload_guess

可能的子层: Ether

class scapy.layers.l2.Ether

Bases: scapy.packet.Packet

aliastypes
answers(other)
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
醚田

dst

DestMACField

None

src

SourceMACField

None

type

XShortEnumField

36864

hashret()
mysummary()
payload_guess

可能的子层: AOEEtherCatHomePlugAVIFESlowProtocolLLDPDUMACControlMACsecMPLSNSHProfinetIOSPBMEAPOLIPIPv6ARPDot1ADDot1QEtherLLCLLTDPPP_ECPPPP_IPCPPPPoEDPPPoE

class scapy.layers.l2.GRE

Bases: scapy.packet.Packet

aliastypes
deprecated_fields = {'seqence_number': ('sequence_number', '2.4.4')}
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
GRE领域

chksum_present

BitField (1位)

0

routing_present

BitField (1位)

0

key_present

BitField (1位)

0

seqnum_present

BitField (1位)

0

strict_route_source

BitField (1位)

0

recursion_control

BitField (3位)

0

flags

BitField (5位)

0

version

BitField (3 bits)

0

proto

XShortEnumField

0

chksum

XShortField (Cond)

None

offset

XShortField (Cond)

None

key

XIntField (Cond)

None

sequence_number

XIntField (Cond)

None

payload_guess

可能的子层: MPLSNSHEAPOLIPIPv6ARPDot1ADDot1QERSPANEtherGREroutingLLC

post_build(p, pay)
class scapy.layers.l2.GRE_PPTP

Bases: scapy.layers.l2.GRE

与PPTP RFC 2637一起使用的增强型GRE标头

aliastypes
deprecated_fields = {'seqence_number': ('sequence_number', '2.4.4')}
fields_desc
GRE_PPTP字段

chksum_present

BitField (1位)

0

routing_present

BitField (1位)

0

key_present

BitField (1位)

1

seqnum_present

BitField (1位)

0

strict_route_source

BitField (1位)

0

recursion_control

BitField (3 bits)

0

acknum_present

BitField (1位)

0

flags

BitField (4位)

0

version

BitField (3位)

1

proto

XShortEnumField

34827

payload_len

ShortField

None

call_id

ShortField

None

sequence_number

XIntField (Cond)

None

ack_number

XIntField (Cond)

None

payload_guess

可能的子层: EAPOLIPIPv6ARPDot1ADDot1QERSPANEtherGREroutingLLCPPP

post_build(p, pay)
class scapy.layers.l2.GRErouting

Bases: scapy.packet.Packet

aliastypes
fields_desc
路由字段

address_family

ShortField

0

SRE_offset

ByteField

0

SRE_len

FieldLenField

None

routing_info

StrLenField

b''

payload_guess

可能的子层: GREroutingRaw

class scapy.layers.l2.LLC

Bases: scapy.packet.Packet

aliastypes
fields_desc
LLC领域

dsap

XByteField

0

ssap

XByteField

0

ctrl

ByteField

0

payload_guess

可能的子层: _create_cln_pduSNAPSTP

class scapy.layers.l2.LoIntEnumField(name, default, enum)

Bases: scapy.fields.IntEnumField

i2m(pkt, x)
m2i(pkt, x)
class scapy.layers.l2.Loopback

Bases: scapy.packet.Packet

* BSD回送层

aliastypes
fields_desc
回送字段

type

LoIntEnumField

2

payload_guess

可能的子层: IPIPv6

class scapy.layers.l2.MPacketPreamble

Bases: scapy.packet.Packet

aliastypes
fields_desc
MPacketPreamble字段

preamble

StrFixedLenField

b''

fcs

FCSField

0

payload_guess

可能的子层: Ether

class scapy.layers.l2.Neighbor

Bases: object

register_l3(l2, l3, resolve_method)
resolve(l2inst, l3inst)
class scapy.layers.l2.SNAP

Bases: scapy.packet.Packet

aliastypes
fields_desc
SNAP fields

OUI

X3BytesField

0

code

XShortEnumField

0

payload_guess

可能的子层: CDPv2_HDRDTPVTPEAPOLIPIPv6ARPDot1ADDot1QEtherSTP

class scapy.layers.l2.STP

Bases: scapy.packet.Packet

aliastypes
fields_desc
STP字段

proto

ShortField

0

version

ByteField

0

bpdutype

ByteField

0

bpduflags

ByteField

0

rootid

ShortField

0

rootmac

MACField

'00:00:00:00:00:00'

pathcost

IntField

0

bridgeid

ShortField

0

bridgemac

MACField

'00:00:00:00:00:00'

portid

ShortField

0

age

BCDFloatField

1

maxage

BCDFloatField

20

hellotime

BCDFloatField

2

fwddelay

BCDFloatField

15

class scapy.layers.l2.SourceMACField(name, getif=None)

Bases: scapy.fields.MACField

getif
i2h(pkt, x)
i2m(pkt, x)
scapy.layers.l2.arpcachepoison(target, victim, interval=60)

Poison target’s cache with (your MAC,victim’s IP) couple arpcachepoison(target, victim, [interval=60]) -> None

scapy.layers.l2.arping(net, timeout=2, cache=0, verbose=None, **kargs)

发送有请求的ARP以确定哪些主机已建立arping(net,[cache = 0,] [iface = conf.iface,] [verbose = conf.verb])->无如果要建立arp,请设置cache = True修改内部ARP缓存

scapy.layers.l2.arpleak(target, plen=255, hwlen=255, **kargs)

利用ARP泄漏漏洞,例如NetBSD-SA2017-002.

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

scapy.layers.l2.etherleak(target, **kargs)

利用Etherleak漏洞

scapy.layers.l2.getmacbyip(ip, chainCC=0)

返回与给定IP地址相对应的MAC地址

scapy.layers.l2.is_promisc(ip, fake_bcast='ff:ff:00:00:00:00', **kargs)

尝试猜测目标是否处于混杂模式. 目标由其ip提供.

scapy.layers.l2.l2_register_l3(l2, l3)
scapy.layers.l2.l2_register_l3_arp(l2, l3)
scapy.layers.l2.promiscping(net, timeout=2, fake_bcast='ff:ff:ff:ff:ff:fe', **kargs)

发送有请求的ARP,以确定哪些主机处于混杂模式promiscping(net,iface = conf.iface)