scapy新手。试图了解sr（）

Question

我是scapy的新手，我试图使用sr和sr1函数来理解它们的工作原理。

我试图制作下面的数据包，我发现它已发送1个数据包，但它表示已收到581个数据包。有人可以帮我理解为什么它显示收到这么多的数据包。

收到1373包，得到0答案，剩下的1包

>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23)) 
.Begin emission: 
.....Finished to send 1 packets. 
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C 
Received 581 packets, got 0 answers, remaining 1 packets 
>>> p 
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>) 

我tcpdump的输出并不表明它收到这么多的数据包。

Answer 1

sr()和sr1()函数将发送一个数据包并在网络上侦听相应的应答，在sr()的情况下，sr1()只会等待一个答案。

收到但没有答案的数据包是Scapy在寻找对原始数据包的响应时嗅探到的数据包。我不确定在使用Scapy的同时如何嗅探tcpdump会影响您的结果 - 不确定内核将数据包传递到哪个进程。

这是来自ThePacketGeek的Sending and Receiving with Scapy的优秀教程。

另外请确保在解释器中使用各种Scapy函数的__doc__属性来获取相关文档。

>>> print sr1.__doc__ 
Send packets at layer 3 and return only the first answer 
nofilter: put 1 to avoid use of bpf filters 
retry: if positive, how many times to resend unanswered packets 
      if negative, how many times to retry when no more packets are answered 
timeout: how much time to wait after the last packet has been sent 
verbose: set verbosity level 
multi: whether to accept multiple answers for the same stimulus 
filter: provide a BPF filter 
iface: listen answers only on the given interface 
>>>