基于python模拟TCP3次握手连接及发送数据

源码如下

from scapy.all import *
import logging
logging.getLogger('scapy.runtime').setLevel(logging.ERROR)

target_ip    = '192.168.1.1'
target_port   = 80
data      = 'GET / HTTP/1.0 \r\n\r\n'

def start_tcp(target_ip,target_port):
 global sport,s_seq,d_seq  #主要是用于TCP3此握手建立连接后继续发送数据
 try:
   #第一次握手，发送SYN包
   ans = sr1(IP(dst=target_ip)/TCP(dport=target_port,sport=RandShort(),seq=RandInt(),flags='S'),verbose=False)
   sport = ans[TCP].dport  #源随机端口
   s_seq = ans[TCP].ack   #源序列号（其实初始值已经被服务端加1）
   d_seq = ans[TCP].seq + 1 #确认号，需要把服务端的序列号加1
   #第三次握手，发送ACK确认包
   send(IP(dst=target_ip)/TCP(dport=target_port,sport=sport,ack=d_seq,seq=s_seq,flags='A'),verbose=False)
 except Exception,e:
   print '[-]有错误，请注意检查！'
   print e

def trans_data(target_ip,target_port,data):
 #先建立TCP连接
 start_tcp(target_ip=target_ip,target_port=target_port)
 #print sport,s_seq,d_seq
 #发起GET请求
 ans = sr1(IP(dst=target_ip)/TCP(dport=target_port,sport=sport,seq=s_seq,ack=d_seq,flags=24)/data,verbose=False)
 #ans.show()
 #读取服务端发来的数据
 rcv = ans[Raw]
 print rcv

if __name__ == '__main__':
 #start_tcp(target_ip,target_port)
 trans_data(target_ip,target_port,data)

运行结果如下

# python exp3.py
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="wed, 26 Feb 1997 08:21:57 GMT">
<html><head><title>505 HTTP Version not supported</title></head><body><center><h1>505 HTTP Version not supported</h1></center></body></html>
�
p�-1���-1��2��2��D��o�p�-1��`��D

wireshark抓包截图如下：

来源：https://www.cnblogs.com/darkpig/p/7629854.html