我在尝试使用 Scapy 以 AH 隧道模式重建数据包时遇到问题。数据包使用 raw() 方法通过套接字发送。
设置:
from scapy.all import SecurityAssociation, AH, IP, ICMP, raw
# Security Association Setup
sa = SecurityAssociation(AH, spi=0x222, auth_algo='SHA2-384-192', auth_key=b'secret key', tunnel_header=IP(src='192.168.100.4', dst='192.168.100.6'))
# Packet definition and encryption
packet = packet_from_Interface # inner IP and ICMP details
e1 = sa.encrypt(packet)
print("AH packet:")
e1.show()
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 140
id = 1
flags =
frag = 0
ttl = 64
proto = ah
chksum = 0x30e3
src = 192.168.100.4
dst = 192.168.100.6
\options \
###[ AH ]###
nh = 4
payloadlen= 7
reserved = None
spi = 0x222
seq = 2
icv = 266cd31bc38315f1091b8c9affb181b9ec8b33a43b9cb50d
padding = None
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 84
id = 7564
flags = DF
frag = 0
ttl = 64
proto = icmp
chksum = 0x71b
src = 10.0.1.2
dst = 10.0.1.1
\options \
###[ ICMP ]###
type = echo-request
code = 0
chksum = 0xc8bb
id = 0x7
seq = 0x1
unused = ''
###[ Raw ]###
load = '\x0e\\x8fLf\x00\x00\x00\x00\x12t\x03\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'
接收方收到数据包后,使用 Scapy 对其进行重构,如下所示:
recv_packet = IP(byte_packet_received)
recv_packet.show()```
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 128
id = 1
flags =
frag = 0
ttl = 64
proto = ah
chksum = 0x30ef
src = 192.168.100.4
dst = 192.168.100.6
\options \
###[ AH ]###
nh = 4
payloadlen= 4
reserved = 0
spi = 0x222
seq = 1
icv = ebf23a021ee0bbf47fab24ac
padding =
###[ Raw ]###
load = 'E\x00\x00T\\xabS@\x00@\x01yS\n\x00\x01\x02\n\x00\x01\x01\x08\x00\\xabB\x00\x08\x00\x01ߒLf\x00\x00\x00\x00X\\xe8\t\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'
重建的数据包不包含内部 IP 详细信息,并且使用 AH 解密方法会产生“不正确”结果。看来问题可能与接收方如何构造数据包有关。 有人对如何解决这个问题有建议吗?
bind_layers()
函数。
scapy.packet.bind_layers(scapy.AH, scapy.IP, nh=4)