TCP通信

A

from scapy.all import *

网络配置常量

A_IP = "192.168.17.157"
B_IP = "192.168.17.154"
A_PORT = 50002
B_PORT = 8888

✅ 步骤 1（A → B）：SYN（第一次握手）

syn = IP(dst=B_IP)/TCP(sport=A_PORT, dport=B_PORT, flags="S", seq=1000)
send(syn)

等待SYN-ACK

syn_filter = f"host {B_IP} and tcp port {A_PORT} and tcp[13] & 18 == 18"  # SYN+ACK
syn_pkts = sniff(filter=syn_filter, count=1, timeout=5)

syn_ack = syn_pkts[0]
print(f"✅ 收到SYN-ACK: seq={syn_ack[TCP].seq}, ack={syn_ack[TCP].ack}")

✅ 步骤 3（A → B）：ACK（第三次握手，完成连接）

send(IP(dst=B_IP)/TCP(sport=A_PORT, dport=B_PORT, flags="A", seq=1001, ack=2001))

✅ 步骤 5（A → B）：A 发送第一条聊天消息

msg_a = "[1] Hi B!\n"
pkt_a = IP(dst=B_IP)/TCP(sport=A_PORT, dport=B_PORT, flags="PA", seq=1001, ack=2001)/Raw(load=msg_a)
send(pkt_a)

## 等待B的回复（等待20秒）
## 监听B的回复（PSH+ACK包）
resp_filter = f"host {B_IP} and tcp port {A_PORT} and tcp[13] & 24 == 24"  # PSH+ACK
resp_pkts = sniff(filter=resp_filter, count=1, timeout=30)

resp_b = resp_pkts[0]

✅ 步骤 6（A → B）：A 发送第二条消息

msg_b_len = len(resp_b[Raw])
b_msg_content = resp_b[Raw].load.decode('utf-8', errors='ignore')


## 计算下一个序列号和确认号
next_seq = 1001 + len(msg_a)      # A的下一个序列号
next_ack = resp_b[TCP].seq + msg_b_len  # 期望B的下一个序列号
## A发送对B回复的ACK确认
ack_pkt = IP(dst=B_IP)/TCP(sport=A_PORT, dport=B_PORT, flags="A", 
                               seq=next_seq, ack=next_ack)
send(ack_pkt)

A发送第二条消息

msg2 = "[2] How are you?\n"

pkt2 = IP(dst=B_IP)/TCP(sport=A_PORT, dport=B_PORT, flags="PA", 
                           seq=next_seq, ack=next_ack)/Raw(load=msg2)
send(pkt2)

等待B对第二条消息的ACK

ack_filter = f"host {B_IP} and tcp port {A_PORT} and tcp[13] & 16 == 16"  # ACK
ack_pkts = sniff(filter=ack_filter, count=1, timeout=10)

B

from scapy.all import *

## 网络配置常量
A_IP = "192.168.17.157"
B_IP = "192.168.17.154"
A_PORT = 50002
B_PORT = 8888

✅ 步骤 2（B → A）：SYN+ACK（第二次握手）

syn_ack_pkt = IP(dst=A_IP)/TCP(sport=B_PORT, dport=A_PORT, flags="SA", seq=2000, ack=1001)
send(syn_ack_pkt)

✅ 步骤 4 B计算机等A的数据包,并且

filter_str = f"host {A_IP} and tcp port {B_PORT} and tcp[13] & 24 == 24"  # PSH+ACK
pkts = sniff(filter=filter_str, count=1, timeout=30)
pkt_from_a = pkts[0]

msg_a_len = len(pkt_from_a[Raw]) if Raw in pkt_from_a else 0
msg_content = pkt_from_a[Raw].load.decode('utf-8', errors='ignore') if Raw in pkt_from_a else "无数据"

✅ 步骤 6（B → A）：B 回复 ACK + 聊天消息

6a. 先单独 ACK A 的消息, 6b. B 发送自己的回复消息

ack_seq = pkt_from_a[TCP].ack
ack_ack = pkt_from_a[TCP].seq + msg_a_len

ack_pkt = IP(dst=A_IP)/TCP(sport=B_PORT, dport=A_PORT, flags="A", 
                           seq=ack_seq, ack=ack_ack)
send(ack_pkt)

## 6b
msg_b = "[1] Hello A!\n"
msg_b_len = len(msg_b)

## 计算序列号：继续使用之前的序列号
## 确认号：期望A的下一个序列号
data_pkt = IP(dst=A_IP)/TCP(sport=B_PORT, dport=A_PORT, flags="PA", 
                           seq=ack_seq, ack=ack_ack)/Raw(load=msg_b)
send(data_pkt)

posted on 2025-12-08 20:37 suiseiseki 阅读(0) 评论(0) 收藏举报