OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧五》 Scapy 三

2018-11-05 懸鉤子

與其糾纏 Scapy 『新舊版本』一時間之『環境變數』的問題︰

root@kali:~# scapy 
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
                                      
                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.0
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | Craft packets before they craft
       scccccp///pSP///p          p//Y   | you.
      sY/////////y  caa           S//P   |                      -- Socrate
       cayCyayP//Ya              pY/Ya   |
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
                                       using IPython 5.8.0
>>>

※參考︰

root@kali:~# cd /usr/lib/python2.7/dist-packages/scapy
root@kali:/usr/lib/python2.7/dist-packages/scapy# nano extlib.py
..
    MATPLOTLIB = 0
    MATPLOTLIB_INLINED = 0
    MATPLOTLIB_DEFAULT_PLOT_KARGS = dict()
    log_loading.info("Can't import matplotlib. Won't be able to plot.")

## PYX

def _test_pyx():
    """Returns if PyX is correctly installed or not"""
    try:
        with open(os.devnull, 'wb') as devnull:
            r = subprocess.check_call(["pdflatex", "--version"], stdout=devnull(dirname {PYTHON:-python}
PYTHONPATH=PYTHON -m scapy $@

root@kali:~# python
Python 2.7.15+ (default, Aug 31 2018, 11:56:52) 
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyx
>>>

及在 kali 系統中需要麻煩驗證安裝的 □○︰

apt-get install cython
apt-get install libgeos-dev
apt-get install libproj-dev
pip install cartopy

root@kali:~# python
Python 2.7.15+ (default, Aug 31 2018, 11:56:52) 
[GCC 8.2.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
>>> conf.geoip_city = "/root/test/GeoLite2-City_20181030/GeoLite2-City.mmdb"
>>> ans,uans = traceroute(["www.google.co.uk", "www.secdev.org"], verbose=0)
>>> ans.world_trace()

何不就直接闖蕩『筆記本』之天下呦☆

apt-get install ipython ipython3
apt-get install jupyter-notebook python3-notebook python-notebook
jupyter-notebook –allow-root

scapy/doc/notebooks/Scapy in 15 minutes.ipynb

樹莓派、樹莓派之學習、樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧五》 Scapy 二

2018-11-04 懸鉤子

道德經 (王弼本)

三十三章

知人者智，自知者明。知人者，智而已矣，未若自知者超智之上也。勝人者有力，自勝者強。勝人者，有力而已矣，未若自勝者無物以損其力，用其智於人，未若用其智於己也。用其力於人，未若用其力於己也。明用於己，則物無避焉，力用於己，則物無改焉。知足者富。知足自不失，故富也。強行者有志。勤能行之，其志必獲，故曰強行者有志矣。不失其所者久。以明自察，量力而行，不失其所，必獲久長矣。死而不亡者壽。雖死而以為生之道不亡，乃得全其壽，身沒而道猶存，況身存而道不卒乎。

史實與小說不同，其人其事果能全真乎？

周伯通

周伯通，金朝山東寧海（今山東牟平）人，知名全真道居士。

史實

王重陽始創全真道時曾受其資助。周伯通是全真道北七真中馬鈺、譚處端、王處一、郝大通、孫不二的同鄉。當時在寧海、文登等地傳道的王重陽先後收了丘處機、譚處端、馬鈺、王處一、郝大通為徒。1169年春（金大定九年巳丑四月），王重陽帶領馬、譚、丘、郝四弟子回到寧海，周伯通築庵請王重陽居住，名曰「金蓮堂」。不久馬鈺的妻子孫不二也在金蓮堂出家。八月，王重陽在金蓮堂成立「三教金蓮會」。隨後王重陽赴福山、登州、萊州等地繼續傳道，收劉處玄。

金庸武俠小說裡的周伯通

在金庸的《射鵰英雄傳》及《神鵰俠侶》中，周伯通被演繹為王重陽（書中為「天下五絕」之首，有「中神通」之號）的師弟，全真七子的師叔。為金庸小說中武功最絕頂的高手之一。周伯通滿臉花影，髮鬚烏黑，雖然甚長，卻未見斑白。

生平

周伯通天性純真，又如孩童般任意妄為，常不看場面緩急狀況下胡鬧，故有「老頑童」之稱。他不拘小節，好武成癡，當被生平未見的武功吸引時，有甘願向施功者磕頭拜師求教的舉動。（如初見歐陽鋒施展的輕功、郭靖所練的降龍十八掌、楊過獨創的黯然銷魂掌等）。

與晚輩郭靖（《射鵰英雄傳》男主角）結拜為兄弟。

天生是個樂天派，喜歡無拘無束地玩；雖未隨王重陽出家入道，卻在全真道門內深得道家養生要旨，長壽有道，逍遙自在地生活在天地之間。

武功方面，周伯通早已不下於「天下五絕」，後來因自創絕學「空明拳」、「雙手互搏」令他的武功早與「天下五絕」不相伯仲，於教授郭靖上下卷《九陰真經》時不知不覺間習得，令他武功近乎天下第一，大概已頗不下於其師兄王重陽。於《神鵰俠侶》結尾時，繼承師兄王重陽「中神通」地位得「中頑童」之號，成為了「天下五絕」之首。

周伯通之『空明拳』能『雙手互搏』，一心二用至忘我一人之境，是否為『自勝者』耶？因此說其得道家養生要旨，豈是全假呢！！？？不講相機軟件，反倒先講起武俠，不會太無厘頭的嗎？？！！

─── 《樹莓派相機︰ RASPICAM 之軟件《二》》

有容乃大俠客情，含笑駕鶴倚天飛。

有容乃大俠客情，
無慾則剛論政壇，
看破放下五蘊空，
含笑駕鶴倚天飛。

查傳倜

十月三十日，金庸“下午走了，很安详！”

寫故事的人走了，故事在◎

金庸

查良鏞於2007年7月

查良鏞，GBM ，OBE（英語：Louis Cha Jing-yong^[2]^{[註 1]}，1924年3月10日^[3]－2018年10月30日^[4]），男，筆名金庸，浙江海寧人，武俠小說泰斗，1948年移居香港。自1950年代起，其以筆名「金庸」創作多部膾炙人口的武俠小說，包括《射鵰英雄傳》、《神鵰俠侶》、《倚天屠龍記》、《天龍八部》、《笑傲江湖》、《鹿鼎記》等。歷年來金庸筆下的著作屢次改編為電視劇、電影等影視作品，對華人影視文化可謂貢獻重大。這亦奠定其成為華人知名作家的基礎，素有「有華人的地方，就有金庸的武俠」的稱讚。金庸早年於香港創辦《明報》系列報刊，並在1980年代涉足政界，曾任香港基本法起草委員會委員^[5]^[6]。他因其優秀的小說作品而被稱為「香港四大才子」之一^[7]，後與古龍、梁羽生合稱為「中國武俠小說三劍客」。2018年10月30日下午，金庸於香港養和醫院逝世，享壽94歲^[8]。

所謂伯通頑童心，招招是好招，就講點 OpenWrt 裡安裝 scapy ︰

root@LEDE:~# opkg update
root@LEDE:~# opkg upgrade
root@LEDE:~# opkg install python tcpdump unzip
root@LEDE:~# wget  https://github.com/secdev/scapy/archive/master.zip
root@LEDE:~# unzip master
root@LEDE:~# cd scapy-master/
root@LEDE:~# python setup.py install
root@LEDE:~# rm master

耍耍 tcpdump 吧︰

【一終端機，先跑】

tcpdump -i lo -nn

root@LEDE:~# tcpdump -i lo -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
16:48:06.314949 IP6 ::1.60058 > ::1.22: Flags [S], seq 4222582636, win 43690, options [mss 65476,sackOK,TS val 27022763 ecr 0,nop,wscale 7], length 0
16:48:06.315538 IP6 ::1.22 > ::1.60058: Flags [S.], seq 1109362750, ack 4222582637, win 43690, options [mss 65476,sackOK,TS val 27022763 ecr 27022763,nop,wscale 7], length 0
16:48:06.316038 IP6 ::1.60058 > ::1.22: Flags [.], ack 1, win 342, options [nop,nop,TS val 27022763 ecr 27022763], length 0
16:48:06.316459 IP6 ::1.60058 > ::1.22: Flags [P.], seq 1:371, ack 1, win 342, options [nop,nop,TS val 27022763 ecr 27022763], length 370
16:48:06.316987 IP6 ::1.22 > ::1.60058: Flags [.], ack 371, win 350, options [nop,nop,TS val 27022763 ecr 27022763], length 0
16:48:06.320072 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1:323, ack 371, win 350, options [nop,nop,TS val 27022764 ecr 27022763], length 322
16:48:06.320557 IP6 ::1.60058 > ::1.22: Flags [.], ack 323, win 350, options [nop,nop,TS val 27022764 ecr 27022764], length 0
16:48:06.625534 IP6 ::1.22 > ::1.60058: Flags [P.], seq 323:947, ack 371, win 350, options [nop,nop,TS val 27022794 ecr 27022764], length 624
16:48:06.626046 IP6 ::1.60058 > ::1.22: Flags [.], ack 947, win 360, options [nop,nop,TS val 27022794 ecr 27022794], length 0
16:48:09.202957 IP6 ::1.60058 > ::1.22: Flags [P.], seq 371:387, ack 947, win 360, options [nop,nop,TS val 27023052 ecr 27022794], length 16
16:48:09.203326 IP6 ::1.60058 > ::1.22: Flags [P.], seq 387:507, ack 947, win 360, options [nop,nop,TS val 27023052 ecr 27022794], length 120
16:48:09.203895 IP6 ::1.22 > ::1.60058: Flags [P.], seq 947:999, ack 507, win 350, options [nop,nop,TS val 27023052 ecr 27023052], length 52
16:48:09.204403 IP6 ::1.22 > ::1.60058: Flags [P.], seq 999:1067, ack 507, win 350, options [nop,nop,TS val 27023052 ecr 27023052], length 68
16:48:09.204473 IP6 ::1.60058 > ::1.22: Flags [.], ack 999, win 360, options [nop,nop,TS val 27023052 ecr 27023052], length 0
16:48:09.204945 IP6 ::1.60058 > ::1.22: Flags [.], ack 1067, win 360, options [nop,nop,TS val 27023052 ecr 27023052], length 0
16:48:24.264957 IP6 ::1.60058 > ::1.22: Flags [P.], seq 507:591, ack 1067, win 360, options [nop,nop,TS val 27024558 ecr 27023052], length 84
16:48:24.271341 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1067:1103, ack 591, win 350, options [nop,nop,TS val 27024559 ecr 27024558], length 36
16:48:24.271827 IP6 ::1.60058 > ::1.22: Flags [.], ack 1103, win 360, options [nop,nop,TS val 27024559 ecr 27024559], length 0
16:48:24.272188 IP6 ::1.60058 > ::1.22: Flags [P.], seq 591:659, ack 1103, win 360, options [nop,nop,TS val 27024559 ecr 27024559], length 68
16:48:24.272763 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1103:1155, ack 659, win 350, options [nop,nop,TS val 27024559 ecr 27024559], length 52
16:48:24.273508 IP6 ::1.60058 > ::1.22: Flags [P.], seq 659:1051, ack 1155, win 360, options [nop,nop,TS val 27024559 ecr 27024559], length 392
16:48:24.279439 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1155:1255, ack 1051, win 359, options [nop,nop,TS val 27024560 ecr 27024559], length 100
16:48:24.282828 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1255:1755, ack 1051, win 359, options [nop,nop,TS val 27024560 ecr 27024559], length 500
16:48:24.283519 IP6 ::1.60058 > ::1.22: Flags [.], ack 1755, win 370, options [nop,nop,TS val 27024560 ecr 27024560], length 0
16:48:24.294540 IP6 ::1.22 > ::1.60058: Flags [P.], seq 1755:1807, ack 1051, win 359, options [nop,nop,TS val 27024561 ecr 27024560], length 52
16:48:24.328406 IP6 ::1.60058 > ::1.22: Flags [.], ack 1807, win 370, options [nop,nop,TS val 27024565 ecr 27024561], length 0

【另一終端機，後跑】

ssh localhost

root@LEDE:~# ssh localhost

Host 'localhost' is not in the trusted hosts file.
(ssh-rsa fingerprint md5 2c:65:ec:d9:30:65:91:36:d8:4c:bd:75:0a:b1:ed:23)
Do you want to continue connecting? (y/n) y
root@localhost's password: 


BusyBox v1.25.1 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (17.01.6, r3979-2252731af4)
    \________\/    -----------------------------------------------------------

root@LEDE:~#

再次參讀《鳥哥的 Linux 私房菜》文字，自得其中味也！

5.5 封包擷取功能

很多時候由於我們的網路連線出現問題，使用類似 ping 的軟體功能卻又無法找出問題點，最常見的是因為路由與 IP 轉遞後所產生的一些困擾 (請參考防火牆與 NAT 主機部分)，這個時候要怎麼辦？最簡單的方法就是『分析封包的流向』囉！透過分析封包的流向，我們可以瞭解一條連線應該是如何進行雙向的連線的動作，也就會清楚的瞭解到可能發生的問題所在了！底下我們就來談一談這個 tcpdump 與圖形介面的封包分析軟體吧！

5.5.1 文字介面封包擷取器： tcpdump

說實在的，對於 tcpdump 這個軟體來說，你甚至可以說這個軟體其實就是個駭客軟體，因為他不但可以分析封包的流向，連封包的內容也可以進行『監聽』，如果你使用的傳輸資料是明碼的話，不得了，在 router 或 hub 上面就可能被人家監聽走了！我們在第二章談到的 CSMA/CD 流程中，不是說過有所謂的『監聽軟體』嗎？這個 tcpdump 就是啦！很可怕吶！所以，我們也要來瞭解一下這個軟體啊！(註：這個 tcpdump 必須使用 root 的身份執行)

[root@www ~]# tcpdump [-AennqX] [-i 介面] [-w 儲存檔名] [-c 次數] \
                      [-r 檔案] [所欲擷取的封包資料格式]
選項與參數：
-A ：封包的內容以 ASCII 顯示，通常用來捉取 WWW 的網頁封包資料。
-e ：使用資料連接層 (OSI 第二層) 的 MAC 封包資料來顯示；
-nn：直接以 IP 及 port number 顯示，而非主機名與服務名稱
-q ：僅列出較為簡短的封包資訊，每一行的內容比較精簡
-X ：可以列出十六進位 (hex) 以及 ASCII 的封包內容，對於監聽封包內容很有用
-i ：後面接要『監聽』的網路介面，例如 eth0, lo, ppp0 等等的介面；
-w ：如果你要將監聽所得的封包資料儲存下來，用這個參數就對了！後面接檔名
-r ：從後面接的檔案將封包資料讀出來。那個『檔案』是已經存在的檔案，
     並且這個『檔案』是由 -w 所製作出來的。
-c ：監聽的封包數，如果沒有這個參數， tcpdump 會持續不斷的監聽，
     直到使用者輸入 [ctrl]-c 為止。
所欲擷取的封包資料格式：我們可以專門針對某些通訊協定或者是 IP 來源進行封包擷取，
     那就可以簡化輸出的結果，並取得最有用的資訊。常見的表示方法有：
     'host foo', 'host 127.0.0.1' ：針對單部主機來進行封包擷取
     'net 192.168' ：針對某個網域來進行封包的擷取；
     'src host 127.0.0.1' 'dst net 192.168'：同時加上來源(src)或目標(dst)限制
     'tcp port 21'：還可以針對通訊協定偵測，如 tcp, udp, arp, ether 等
     還可以利用 and 與 or 來進行封包資料的整合顯示呢！

# 範例一：以 IP 與 port number 捉下 eth0 這個網路卡上的封包，持續 3 秒
[root@www ~]# tcpdump -i eth0 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:01:47.360523 IP 192.168.1.101.1937 > 192.168.1.100.22: Flags [.], ack 196, win 65219, 
17:01:47.362139 IP 192.168.1.100.22 > 192.168.1.101.1937: Flags [P.], seq 196:472, ack 1,
17:01:47.363201 IP 192.168.1.100.22 > 192.168.1.101.1937: Flags [P.], seq 472:636, ack 1,
17:01:47.363328 IP 192.168.1.101.1937 > 192.168.1.100.22: Flags [.], ack 636, win 64779,
<==按下 [ctrl]-c 之後結束
6680 packets captured              <==捉下來的封包數量
14250 packets received by filter   <==由過濾所得的總封包數量
7512 packets dropped by kernel     <==被核心所丟棄的封包

如果你是第一次看 tcpdump 的 man page 時，肯定一個頭兩個大，因為 tcpdump 幾乎都是分析封包的表頭資料，使用者如果沒有簡易的網路封包基礎，要看懂粉難吶！所以，至少你得要回到網路基礎裡面去將 TCP 封包的表頭資料理解理解才好啊！ ^_^！至於那個範例一所產生的輸出範例中，我們可以約略區分為數個欄位，我們以範例一當中那個特殊字體行來說明一下：

17:01:47.362139：這個是此封包被擷取的時間，『時:分:秒』的單位；
IP：透過的通訊協定是 IP ；
192.168.1.100.22 > ：傳送端是 192.168.1.100 這個 IP，而傳送的 port number 為 22，你必須要瞭解的是，那個大於 (>) 的符號指的是封包的傳輸方向喔！
192.168.1.101.1937：接收端的 IP 是 192.168.1.101，且該主機開啟 port 1937 來接收；
[P.], seq 196:472：這個封包帶有 PUSH 的資料傳輸標誌，且傳輸的資料為整體資料的 196~472 byte；
ack 1：ACK 的相關資料。

最簡單的說法，就是該封包是由 192.168.1.100 傳到 192.168.1.101，透過的 port 是由 22 到 1937 ，使用的是 PUSH 的旗標，而不是 SYN 之類的主動連線標誌。呵呵！不容易看的懂吧！所以說，上頭才講請務必到 TCP 表頭資料的部分去瞧一瞧的啊！

自會興起修煉 Scapy 心法之念乎？

Usage

Starting Scapy

Scapy’s interactive shell is run in a terminal session. Root privileges are needed to send the packets, so we’re using sudo here:

root@LEDE:~# python
Python 2.7.14 (default, Aug 17 2018, 14:24:19) 
[GCC 5.4.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
>>> a=IP(ttl=10)
>>> a
<IP  ttl=10 |>
>>> a.src
'127.0.0.1'
>>> a.dst="192.168.1.1"
>>> a
<IP  ttl=10 dst=192.168.1.1 |>
>>> a.src
'192.168.11.6'
>>> del(a.ttl)
>>> a
<IP  dst=192.168.1.1 |>
>>> a.ttl
64
>>>

root@LEDE:~# ifconfig 
br-lan    Link encap:Ethernet  HWaddr B8:27:EB:8C:82:7A  
          inet addr:5.168.166.88  Bcast:5.168.166.255  Mask:255.255.255.0
          inet6 addr: fd42:80c5:b618::1/60 Scope:Global
          inet6 addr: fe80::ba27:ebff:fe8c:827a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:997 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:73846 (72.1 KiB)  TX bytes:339688 (331.7 KiB)

br-wan    Link encap:Ethernet  HWaddr B8:27:EB:D9:D7:2F  
          inet addr:5.168.168.20  Bcast:5.168.168.255  Mask:255.255.255.0
          inet6 addr: fe80::ba27:ebff:fed9:d72f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10834179 errors:0 dropped:135684 overruns:0 frame:0
          TX packets:10975069 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:955251837 (910.9 MiB)  TX bytes:1078967781 (1.0 GiB)

eth0      Link encap:Ethernet  HWaddr B8:27:EB:D9:D7:2F  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10834440 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10975069 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:955271954 (911.0 MiB)  TX bytes:1204429761 (1.1 GiB)

eth1      Link encap:Ethernet  HWaddr 00:0E:C6:81:79:01  
          inet addr:5.168.128.66  Bcast:5.168.128.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:c6ff:fe81:7901/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:1224 (1.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:128 errors:0 dropped:0 overruns:0 frame:0
          TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:14784 (14.4 KiB)  TX bytes:14784 (14.4 KiB)

wlan0     Link encap:Ethernet  HWaddr B8:27:EB:8C:82:7A  
          inet6 addr: fe80::ba27:ebff:fe8c:827a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1195 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:73846 (72.1 KiB)  TX bytes:398848 (389.5 KiB)

wlan1     Link encap:Ethernet  HWaddr E8:4E:06:4F:C5:5C  
          inet addr:192.168.11.6  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: fe80::ea4e:6ff:fe4f:c55c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15841 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7172 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7513885 (7.1 MiB)  TX bytes:699124 (682.7 KiB)

root@LEDE:~#

樹莓派、樹莓派之學習、樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧五》 Scapy 一

2018-11-03 懸鉤子

當我們所知甚少，很多文章讀來恐難知痛癢︰

What makes Scapy so special

First, with most other networking tools, you won’t build something the author did not imagine. These tools have been built for a specific goal and can’t deviate much from it. For example, an ARP cache poisoning program won’t let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.

Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved for human beings. Some programs try to mimic this behavior. For instance they say “this port is open” instead of “I received a SYN-ACK”. Sometimes they are right. Sometimes not. It’s easier for beginners, but when you know what you’re doing, you keep on trying to deduce what really happened from the program’s interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.

Third, even programs which only decode do not give you all the information they received. The network’s vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the Ethernet padding?

Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don’t know. Scapy has a flexible model that tries to avoid such arbitrary limits. You’re free to put any value you want in any field you want and stack them like you want. You’re an adult after all.

In fact, it’s like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy.

After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance.

Fast packet design

Other tools stick to the program-that-you-run-from-a-shell paradigm. The result is an awful syntax to describe a packet. For these tools, the solution adopted uses a higher but less powerful description, in the form of scenarios imagined by the tool’s author. As an example, only the IP address must be given to a port scanner to trigger the port scanning scenario. Even if the scenario is tweaked a bit, you still are stuck to a port scan.

Scapy’s paradigm is to propose a Domain Specific Language (DSL) that enables a powerful and fast description of any kind of packet. Using the Python syntax and a Python interpreter as the DSL syntax and interpreter has many advantages: there is no need to write a separate interpreter, users don’t need to learn yet another language and they benefit from a complete, concise and very powerful language.

Scapy enables the user to describe a packet or set of packets as layers that are stacked one upon another. Fields of each layer have useful default values that can be overloaded. Scapy does not oblige the user to use predetermined methods or templates. This alleviates the requirement of writing a new tool each time a different scenario is required. In C, it may take an average of 60 lines to describe a packet. With Scapy, the packets to be sent may be described in only a single line with another line to print the result. 90% of the network probing tools can be rewritten in 2 lines of Scapy.

Probe once, interpret many

Network discovery is blackbox testing. When probing a network, many stimuli are sent while only a few of them are answered. If the right stimuli are chosen, the desired information may be obtained by the responses or the lack of responses. Unlike many tools, Scapy gives all the information, i.e. all the stimuli sent and all the responses received. Examination of this data will give the user the desired information. When the dataset is small, the user can just dig for it. In other cases, the interpretation of the data will depend on the point of view taken. Most tools choose the viewpoint and discard all the data not related to that point of view. Because Scapy gives the complete raw data, that data may be used many times allowing the viewpoint to evolve during analysis. For example, a TCP port scan may be probed and the data visualized as the result of the port scan. The data could then also be visualized with respect to the TTL of response packet. A new probe need not be initiated to adjust the viewpoint of the data.

Scapy decodes, it does not interpret

A common problem with network probing tools is they try to interpret the answers received instead of only decoding and giving facts. Reporting something like Received a TCP Reset on port 80 is not subject to interpretation errors. Reporting Port 80 is closed is an interpretation that may be right most of the time but wrong in some specific contexts the tool’s author did not imagine. For instance, some scanners tend to report a filtered TCP port when they receive an ICMP destination unreachable packet. This may be right, but in some cases, it means the packet was not filtered by the firewall but rather there was no host to forward the packet to.

Interpreting results can help users that don’t know what a port scan is but it can also make more harm than good, as it injects bias into the results. What can tend to happen is that so that they can do the interpretation themselves, knowledgeable users will try to reverse engineer the tool’s interpretation to derive the facts that triggered that interpretation. Unfortunately, much information is lost in this operation.

這時回顧其本，或可自己認識深淺也︰

《鳥哥的 Linux 私房菜》

2.1 網路是個什麼玩意兒

全世界的人種有很多，人類使用的語言種類也多的很。那如果你想要跟外國人溝通時，除了比手劃腳之外，你要如何跟對方講話？大概只有兩種方式囉，一種是強迫他學中文，一種則是我們學他的語言，這樣才能溝通啊。在目前世界上的強勢語言還是屬於英語系國家，所以囉，不管是啥人種，只要學好英文，那麼大家都講英文，彼此就能夠溝通了。希望不久的未來，咱們的中文能夠成為強勢語言啊！

這個觀念延伸到網路上面也是行的通的，全世界的作業系統多的很，不是只有 Windows/Linux 而已，還有蘋果電腦自己的作業系統， Unix like 的作業系統也非常多！那麼多的作業系統 (人種) 要如何進行網路溝通 (語言) 呢？那就得要制訂共同遵守的標準才行了。這個標準是由國際組織規範的，你的系統裡面只要提供可以加入該標準的程式碼，那你就能夠透過這個標準與其他系統進行溝通！所以囉，網路是跨平台的，並不是只有 Linux 才這麼做！因此，這部份的資料你學完後，是可以應用在所有作業系統上面的！觀念都相同啊！

另外，這一個章節旨在引導網路新鮮人快速進入網路的世界，所以鳥哥寫的比較淺顯一些些，基本上，還有一堆網路硬體與通訊協定並沒有被包含在這篇短文裡頭。如果你的求知慾已經高過本章節，那麼請自行到書局尋找適合你自己的書籍來閱讀！當然，你也可以在網際網路上面找到你所需要的資料。在本章最後的參考資料可以瞧一瞧吶！

……

5.5 封包擷取功能

5.5.1 文字介面封包擷取器： tcpdump

………

企圖會通，先曉『 Sca 』py 之

『S』timulus response 『c』apture 『a』nalysis

root@kali:~# scapy 
WARNING: No route found for IPv6 destination :: (no default route?)
                                      
                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.0
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | We are in France, we say Skappee.
       scccccp///pSP///p          p//Y   | OK? Merci.
      sY/////////y  caa           S//P   |             -- Sebastien Chabal
       cayCyayP//Ya              pY/Ya   |
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
                                       using IPython 5.8.0
>>>

『意指』呦☆

樹莓派、樹莓派之學習、樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧五》 Scapy

2018-11-02 懸鉤子

一日半夢半醒之間，依稀聽聞網友問︰追過韓劇《賣菜郎傳奇》嗎？答之︰沒有。你不正在 Open Write 耶？趕緊看去！

忽耳不知哪來的抄本，只見裡頭寫道︰

第八七回

邱大委強辯陪睡梗
管甚媽曲解摩天輪

俗言道︰真人不說假話，明人不做暗事。

諸位既來指教，何不打開天窗說亮話，直接抖露講明白。

……

剛欲細讀，突然月光耀眼，不復記憶也☻

醒後琢磨這個沒頭沒尾之夢境，能跟近日苦思冥想『 Scapy 』名字由來有甚關係呢？？不過不想『名不正，言不順』，感覺『怪怪的』而已☺

莫非遇着了『巧合現象』！！

瑞士知名心理學家 Carl Gustav Jun 提出了一個『共時性』理論，用於解釋『因果律』難以說明的『現象』── 夢境成真，說曹操曹操到… ──，這些『表面』上沒有因果關聯的事件，卻有著『深層』的意義聯繫，常常取決於個人的『主觀經驗』。一九五二年榮格在《論共時性 On Synchronicity 》一文中說︰
他認為共時性是一種巧合現象，並不局限於心理的領域，事件可以從『心靈母體之內』與『外於人之世界』，一般是由一方或由另一方跨進了人的『意識』，但當兩者偶然『同時』發生時便稱為『共時性』現象。
有人說了一則逸事︰
一八零五年，法國詩人Deschamps 曾為陌生人Monsieur de Fontgibu 邀請吃乾果布丁。十年後他在巴黎某餐廳想點乾果布丁吃時，侍者告訴他最後的一個已給了另一位客人，那人卻是 de Fontgibu 。到了 1832 年，Deschamps 在一個飯局上正吃著乾果布丁，跟朋友聊起以往之事。剛一講起，此時de Fontgibu 就現身了。

雖然依稀似曾相識，但是這個理論卻很難用科學方法證實。

─── 摘自《知未知‧既未濟》

於是眼花地再三再四圈點檢讀︰

Scapy

Scapy is a packet manipulation tool for computer networks,^[1]^[2] written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.

Scapy provides a Python interface into libpcap, (WinPCap/Npcap on Windows), in a similar way to that in which Wireshark provides a view and capture GUI. It can interface with a number of other programs to provide visualisation including Wireshark for decoding packets, GnuPlot for providing graphs, graphviz or VPython for visualisation, etc.

Scapy supports Python version 3 since 2018 (scapy 2.4.0+).

Kamene (http://github.com/phaethon/kamene) is an independent fork of scapy. Initially, it was created with a purpose to add python3 support to scapy and was named scapy3k. Since 2018, it is renamed to kamene and continues independent development.

Scapy

Packet crafting for Python2 and Python3

About Scapy

What is Scapy

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc. Seeinteractive tutorial and the quick demo: an interactive session (some examples may be outdated).

What makes scapy different from most other networking tools

First, with most other tools, you won’t build something the author did not imagine. These tools have been built for a specific goal and can’t deviate much from it. For example, an ARP cache poisoning program won’t let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.

Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved for human beings. Some programs try to mimic this behavior. For instance, they say “this port is open” instead of “I received a SYN-ACK”. Sometimes they are right. Sometimes not. It’s easier for beginners, but when you know what you’re doing, you keep on trying to deduce what really happened from the program’s interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.

In fact, it’s like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy.

Scapy Project

Scapy runs natively on Linux, and on most Unixes with libpcap, libdnet and their respective python wrapper (see scapy’s installation page). The same code base now runs natively on both Python 2 and Python 3.

Scapy ≥ 2.4.x needs Python2 ≥ 2.7, or Python3 ≥ 3.4.
Scapy ≥ 2.x needs Python2 ≥ 2.7.
Scapy 1.x needs Python2 ≥ 2.5. Scapy 1.x is now deprecated.

Introduction

About Scapy

Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

In other words, Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark).

Scapy also performs very well on a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

The idea is simple. Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

On top of this can be build more high level functions, for example, one that does traceroutes and give as a result only the start TTL of the request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report.

終究得回到出處︰

secdev

Me

- mail: phil@secdev.org
- PGP Key
- Security Power Tools was out in August 2007. I wrote a complete chapter on Scapy and one on shellcodes.

……

LSM 2003 : presentation of Scapy and presentation of shellforge

………

If you trust me, you can trust my website

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Issuer: C=FR, ST=IdF, L=Paris, O=secdev.org, OU=secdev.org, CN=*.secdev.org
SHA1 Fingerprint=EA:EE:C0:3F:53:B8:C8:AD:6A:05:24:32:85:F4:54:8D:87:21:34:7D
MD5 Fingerprint=0D:07:6B:00:E7:86:C6:3C:B8:55:EB:02:6A:FC:E0:9C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIMfI3Xuj/Xz2aQ+IRAmKbAKC25LEoT753HUqMfqNLyh0/LikftwCfbDlv
Ju6Rwb59JxlZIR+J6TKwE78=
=wexP
-----END PGP SIGNATURE-----

啊哈☆『S』『c』『a』實有『多義』，其一是

『S』end 『c』reate packets 『a』ttack

樹莓派、樹莓派之學習、樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧四》

2018-11-01 懸鉤子

萬聖夜剛過，怎了想起了

斯巴達

古斯巴達疆域

斯巴達（希臘語：Σπάρτη），又稱拉刻代蒙（Λακεδαίμων, Lakedaímōn）是古代希臘城邦之一，斯巴達城位於中拉哥尼亞平原的南部，埃夫羅塔斯河的西岸。斯巴達城是個戰略要衝，三面環山，扼守著塔伊耶托斯山脈，塔伊耶托斯山脈上的隘口是進入拉科尼亞和南部伯羅奔尼撒半島的必經之路，斯巴達城並不靠海，離她的海港吉雄有27英里的距離。

斯巴達以其名。斯巴達是寡頭政治，和當時雅典的民主制度形成鮮明對比。斯巴達規定所有男人必須從軍。斯巴達擁有眾多國的奴隸，稱為黑勞士，因此「斯巴達式」也成為艱苦地進行的代名詞。在伯羅奔尼撒戰爭中，斯巴達及其同盟者戰勝雅典軍隊並霸權整個希臘。但斯巴達在稱霸希臘不久後便被新興的底比斯打敗，在北方的馬其頓崛起後，斯巴達失去了在希臘的影響力。

？或因『劊客』多半不睡覺的吧！

今天既是『諸聖之日』，且講點『整合工具』好了︰

SPARTA

Network Infrastructure Penetration Testing Tool

What is SPARTA?

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.

Features

– Run nmap from SPARTA or import nmap XML output.
– Transparent staged nmap: get results quickly and achieve thorough coverage.
– Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA.
– You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse.
– Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service).
– Default credentials check for most common services. Of course, this can also be configured to run automatically.
– Identify password reuse on the tested infrastructure. If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: sysadmins reuse passwords).
– Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again.
– Website screenshot taker so that you don’t waste time on less interesting web servers.

………

Authors:

SECFORCE

Antonio Quina (@st3r30byt3)

Leonidas Stavliotis (@lstavliotis)

Known issues

SPARTA uses a third-party tool called Cutycapt to take screenshots. One of the problems with the version that is currently in Kali’s repositories is that it fails to take screenshots of HTTPS pages when self-signed certificates are in use. A way around this is to compile the Cutycapt executable yourself and edit SPARTA’s configuration file to specify the path to the compiled executable.

It can be compiled in Kali by following these instructions:

% sudo apt-get install subversion libqt4-webkit libqt4-dev g++
% svn co svn://svn.code.sf.net/p/cutycapt/code/ cutycapt
% cd cutycapt/CutyCapt
% qmake
% make
% ./CutyCapt --url=http://www.example.org --out=example.png

Credits

Credits where credits are due. The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified by us. SPARTA relies heavily on nmap, hydra, cutycapt, python, PyQt, Elixir and many other tools and technologies so we would like to thank all of the people involved in the creation of those. Credits to Bernardo Damele A.G. for the ms08-067_check script used by smbenum.sh. Credit to Diana Guardão (https://www.behance.net/didoquinhasfaaa) for the logo design. Thanks as well to our incredible team at SECFORCE for the countless bug reports and feedback. Last but not least, thank you for using SPARTA. Let us know how we can improve it! Happy hacking!

………

DOCUMENTATION

This documentation will grow organically and is a work in progress.

Configuration

At the moment, SPARTA can be configured by editing the sparta.conf file located in SPARTA’s root folder. At launch time, SPARTA checks if this file exists and if it does not, a new file is created with default values. In the future, there will be a settings menu which will remove the need to manually edit this file and will make changing the configuration easier and safer.

WARNING: Apart from tools, do not remove any lines from sparta.conf as it could break functionality. Also, assume that setting values are case-sensitive.

Adding new actions

In SPARTA we separate actions in three classes:

Host Actions: are invoked by right-clicking on a host and their tool output will be stored and displayed in SPARTA
Port Actions: are invoked by right-clicking on a port or service and their tool output will be stored and displayed in SPARTA (Eg: Nikto)
Terminal Actions: are invoked by right-clicking on a port and will spawn an external terminal window (Eg: Connect with netcat)

………

大概不必多言，就可知其『目的』乎？！

more /etc/sparta.conf

[GeneralSettings]
default-terminal=gnome-terminal
tool-output-black-background=False
screenshooter-timeout=15000
web-services="http,https,ssl,soap,http-proxy,http-alt,https-alt"
enable-scheduler=True
enable-scheduler-on-import=False
max-fast-processes=10
max-slow-processes=10

[BruteSettings]
store-cleartext-passwords-on-exit=True
username-wordlist-path=/usr/share/wordlists/
password-wordlist-path=/usr/share/wordlists/
default-username=root
default-password=password
services="asterisk,afp,cisco,cisco-enable,cvs,firebird,ftp,ftps,http-head,http-g
et,https-head,https-get,http-get-form,http-post-form,https-get-form,https-post-f
orm,http-proxy,http-proxy-urlenum,icq,imap,imaps,irc,ldap2,ldap2s,ldap3,ldap3s,l
dap3-crammd5,ldap3-crammd5s,ldap3-digestmd5,ldap3-digestmd5s,mssql,mysql,ncp,nnt
p,oracle-listener,oracle-sid,pcanywhere,pcnfs,pop3,pop3s,postgres,rdp,rexec,rlog
in,rsh,s7-300,sip,smb,smtp,smtps,smtp-enum,snmp,socks5,ssh,sshkey,svn,teamspeak,
telnet,telnets,vmauthd,vnc,xmpp"
...

何不盡己所學，藉此攻向自家 OpenWrt 『路由器』也！？

看看費幾多時，成也不成，蓋『評估』那個『密碼』安不安全哩☺

[quark@localhost ~]$  ssh -l root 5.168.168.20
root@5.168.168.20's password: 


BusyBox v1.25.1 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (17.01.6, r3979-2252731af4)
    \________\/    -----------------------------------------------------------

root@LEDE:~#

彷彿傳說『八卦爐』裡，方能練得這樣『火眼精睛』呦︰

日後讀文能聽『弦外之音』☆

Secure your router’s access

There are some possibilities to grant access to the router (or to any PC/Server):

ask for nothing: anybody who can establish a connection gets access
ask for username and password on an unsecured connection (e.g. telnet)
ask for username and password on an encrypted connection (e.g. SSH) (e.g. by following walkthrough_login)
ask for username and merely a signature instead of a password (e.g. SSH with signature.authentication)

If you ask for username/password, an attacker has to guess the combination. If you use an unencrypted connection, he could eavesdrop on you and obtain them.

If you use an encrypted connection, any eavesdropper would have to decrypt the packets first. This is always possible. How long it takes to decrypt the content, depends on the algorithm and key length you used.

Also, as long as an attacker has network access to the console, he can always run a brute-force attack to find out username and password. He does not have to do that himself: he can let his computer(s) do the guessing. To render this option improbable or even impossible you can:

not offer access from the Internet at all, or restrict it to certain IP addresses or IP address ranges
1. by letting the SSH server dropbear and the web-Server uhttpd not listen on the external/WAN port
2. by blocking incoming connections to those ports (TCP 22, 80 and 443 by default) in your firewall
make it more difficult to guess:
1. don’t use the username root
2. don’t use a weak password with 8 or less characters
3. don’t let the SSH server dropbear listen on the default port (22)
use the combination of
1. username different than root
2. tell dropbear to listen on a random port (should be >1024): System → Administration → Dropbear Instance → Port
3. public key authentication. Your public keys can be specified in Administation → System → SSH-keys. The guide to DropBear SSH public key authentication has detailed information on generating SSH keypairs which include the public key(s) you should upload to your configuration.

觀法能有『清涼之見』☆

robzr/dropBrute

Lightweight fail2ban alternative for OpenWRT – inspects ssh log for brute force attacks and blocks via iptables – w/ whitelist and blacklist support

dropBrute

dropBrute has been superceeded by bearDropper

—

Lightweight fail2ban alternative for OpenWRT

Runs via cron; inspects ssh log for brute force attacks and blocks via iptables. Includes whitelist and blacklist support.

Initial version posted 10/31/2011 at https://forum.openwrt.org/viewtopic.php?pid=224122

自由自在，豈不快活耶◎◎

2018 年 11 月
日	一	二	三	四	五	六
« 10 月				12 月 »
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

三十三章

史實

金庸武俠小說裡的周伯通

生平

Usage

Fast packet design

Probe once, interpret many

Scapy decodes, it does not interpret

About Scapy

What is Scapy

What makes scapy different from most other networking tools

Scapy Project

About Scapy

Me

If you trust me, you can trust my website

Network Infrastructure Penetration Testing Tool

Known issues

Credits

Configuration

Adding new actions

robzr/dropBrute

dropBrute

輕。鬆。學。部落客