了解Scapy"未找到目的地的Mac地址.使用广播." 警告

Question

如果我生成一个没有任何上层有效载荷的以太网帧,并使用sendp()在第二层发送它,那么我收到"Mac address to reach destination not found. Using broadcast."警告并且放到线路的帧确实使用ff:ff:ff:ff:ff:ff作为目标MAC地址.为什么会这样？Scapy不应该发送我构造的框架吗？

我精心制作的包装如下:

>>> ls(x)
dst        : DestMACField         = '01:00:0c:cc:cc:cc' (None)
src        : SourceMACField       = '00:11:22:33:44:55' (None)
type       : XShortEnumField      = 0               (0)
>>> sendp(x, iface="eth0")
WARNING: Mac address to reach destination not found. Using broadcast.
.
Sent 1 packets.
>>> 

Answer 1

大多数人遇到此问题不正确使用send()(或者sr(),sr1(),srloop())而不是sendp()(或者srp(),srp1(),srploop()).对于记录,"无 - p"功能类似于send()发送第3层数据包(send(IP())),而"with- p"变体用于发送第2层数据包(sendp(Ether() / IP())).

如果您x像我在下面那样定义并使用sendp()(而不是send())并且您仍然遇到此问题,那么您应该尝试使用项目的git存储库中的最新版本(请参阅https://github.com/secdev/scapy).

我试过了:

>>> x = Ether(src='01:00:0c:cc:cc:cc', dst='00:11:22:33:44:55')
>>> ls(x)
dst        : DestMACField         = '00:11:22:33:44:55' (None)
src        : SourceMACField       = '01:00:0c:cc:cc:cc' (None)
type       : XShortEnumField      = 0               (0)
>>> sendp(x, iface='eth0')
.
Sent 1 packets.

同时我运行tcpdump:

# tcpdump -eni eth0 ether host 00:11:22:33:44:55
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:33:47.774570 01:00:0c:cc:cc:cc > 00:11:22:33:44:55, 802.3, length 14: [|llc]