问题
Is it possible to do this?
from scapy.all import *
def action(packet):
print packet[0][1].src + "==>" + packet[0][1].dst
print "Rerouting to localhost"
packet[0][1].dst = '127.0.0.1'
print packet[0][1].src + "==>" + packet[0][1].dst
sendp(packet)
sniff(filter="dst host 203.105.78.163",prn=action)
Something like this but is there a way to send the packet to localhost and drop the packet being sent to 203.105.78.163? (not using iptables)
回答1:
There is no way to do this, because Scapy sniffs packets without interfering with the host's IP stack.
You could send another packet based on a sniffed packet, but you cannot "drop the packet" with Scapy.
The only solution I can think of, under Linux, involves iptables + libnfqueue and its Python bindings + Scapy. But obviously, if you just want to reroute a packet, iptables alone is enough, and much better.
Under any other OS, you need anyway to have some kind of firewall software to either pass the packet to a userland program (like libnfqueue under Linux, here you can do your Scapy magic) or tamper the packet itself.
Maybe you could have a look at IPS softwares (suricata?), since tampering packets based on some criteria is what does an IPS.
来源:https://stackoverflow.com/questions/24112260/modify-packets-on-the-fly-with-scapy