主要使用Scapy来完成
基础环境
VM1(192.168.1.226)
|
|
VM2(192.168.1.125)
vm1封装icmp包发给vm2
vm1脚本:
#! /usr/bin/env python from scapy.all import * target = "192.168.1.125"
ip = IP()
icmp = ICMP()
ip.dst = target icmp.type = 0
icmp.code = 0
send(ip/icmp)
vm2脚本
from scapy.all import * packetCount = 0 def customAction(packet):
global packetCount
packetCount += 1
if len(packet)>0 and len(packet[0])>1:
if hasattr(packet[0][1],'src') and packet[0][1].src == '192.168.1.226' and packet[0][1].dst=='192.168.1.125':
print packet.show()
#return "Packet #%s: %s ==> %s" % (packetCount, packet[0][1].src, packet[0][1].dst)
return None sniff(filter="ip",prn=customAction)
这样我们就可以使用iptables来添加规则限制icmp的各种type各种code包了
参考