防火墙识别:
通过发送SYN和ACK数据包并分析回包可以大概判断端口是否被防火墙过滤,对应关系如下表:
Python代码实现:
1 #!/usr/bin/python 2 from scapy.all import * 3 4 if len(sys.argv) != 3: 5 print "This script needs 2 args!\nExample:./firewall_detect.py 192.168.0.0 80" 6 sys.exit() 7 8 ip = sys.argv[1] 9 port = int(sys.argv[2]) 10 11 r1 = sr1(IP(dst = ip) / TCP(flags = "S", dport = port), timeout = 1, verbose = 0) 12 r2 = sr1(IP(dst = ip) / TCP(flags = "A", dport = port), timeout = 1, verbose = 0) 13 14 if (r1 == None and r2[TCP].flags == "R") or ((r1[TCP].flags == "SA" or r1[TCP].flags == "SR") and r2 == None): 15 print "Filtered!" 16 elif (r1[TCP].flags == "SA" or r1[TCP].flags == "SR") and r2[TCP].flags == "R": 17 print "Unfiltered/Open!" 18 else: 19 print "Closed!"