基于UDP的数据渗透收发包测试 郝伟 2021/09/23 [TOC]
1. 测试内容
本测试主要验证能否通过NAT转换规则,从外网向内网发送UDP数据包。 本测试会有三个IP参与数据通信:
- 内网内网IP:192.168.3.9
- 局域网出口IP:219.36.33.36
- 服务器IP:ali(121.199.10.158)
1.1. 第1步 服务端程序
首先,在服务器 ali(121.199.10.158) 上执行以下脚本,实现对8110端口的监听。
import socket
new_socket = socket.socket()
ip = '0.0.0.0' # 如何使用 "121.199.10.158" 则会报错
port = 8110
new_socket.bind((ip, port)) # 这里有2个括号,输入为元组。
# 开始监听,数字5表示最大客户端最大连接数
print('Listening port ', port)
new_socket.listen(5)
#
new_cil, addr = new_socket.accept()
while True:
# 建立客户端连接。
print('新进来的客户端的地址:', addr)
print('收到消息:', new_cil.recv(1024).decode())
new_cil.send('答案为6'.encode(encoding='utf-8'))
new_cil.close()
1.2. 第2步 客户端程序
然后在本机 192.168.3.9 上运行以下程序。
import socket
import threading
import time
# 客户端
ip = "121.199.10.158"
port = 8110
new_socket = socket.socket()
new_socket.connect((ip, port))
while True:
new_socket.send("请求给我计算下1+5=多少?".encode(encoding='utf-8')) #发生数据
print("客户端发给服务端:请求给我计算下1+5=多少?")
back_str = new_socket.recv(1024).decode() #结束数据
print("服务端发给客户端:"+back_str)
time.sleep(3)
print("一次通信结束运行")
new_socket.close() #关闭客户端
1.3. 第3步 使用命令发送UDP数据包
在Linux中使用以下命令发送UDP数据包,测试可用。
echo 'hello' > /dev/udp/219.36.33.36/12844
使用命令查看 netstat -a|grep 8110 通信端口的状态。
Microsoft Windows [版本 10.0.19042.1237]
(c) Microsoft Corporation。保留所有权利。
C:\Users\hwaus>ssh ali
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-126-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
New release '20.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Welcome to Alibaba Cloud Elastic Compute Service:
IP: 121.199.10.158
Web: http://121.199.10.158
To modify this, execute 'vi /etc/motd' (motd=Message Of The Day)
Ref: https://www.howtogeek.com/howto/ubuntu/change-ssh-welcome-banner-on-ubuntu/
Last login: Thu Sep 23 11:25:45 2021 from 36.33.36.219
root@server00:~# netstat -a|grep TIME_WAIT
tcp 0 0 localhost:46624 localhost:43978 TIME_WAIT
tcp 0 0 localhost:44052 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44036 TIME_WAIT
tcp 0 0 localhost:44028 localhost:46624 TIME_WAIT
tcp 0 0 localhost:34897 localhost:56146 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44004 TIME_WAIT
tcp 0 0 localhost:44026 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44088 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43998 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44010 TIME_WAIT
tcp 0 0 server00:45600 100.100.45.186:http TIME_WAIT
tcp 0 0 localhost:46624 localhost:44018 TIME_WAIT
tcp 0 0 server00:47610 100.100.45.106:https TIME_WAIT
tcp 0 0 localhost:44046 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44008 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44064 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44096 TIME_WAIT
tcp 0 0 localhost:55564 localhost:43145 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43996 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44084 TIME_WAIT
tcp 0 0 localhost:44030 localhost:46624 TIME_WAIT
tcp 0 0 localhost:44042 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43990 TIME_WAIT
tcp 0 0 localhost:44034 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44022 TIME_WAIT
tcp 0 0 server00:45534 100.100.45.186:http TIME_WAIT
tcp 0 0 localhost:44054 localhost:46624 TIME_WAIT
tcp 0 0 localhost:44044 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44020 TIME_WAIT
tcp 0 0 localhost:44062 localhost:46624 TIME_WAIT
tcp 0 0 localhost:44050 localhost:46624 TIME_WAIT
tcp 0 0 server00:36318 212.64.62.183:https TIME_WAIT
tcp 0 0 localhost:46624 localhost:44090 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44094 TIME_WAIT
tcp 0 0 localhost:44032 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43984 TIME_WAIT
tcp 0 0 server00:48184 100.100.167.126:https TIME_WAIT
tcp 0 0 localhost:44040 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43992 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44082 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44070 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43976 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44038 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44060 TIME_WAIT
tcp 0 0 localhost:44058 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44002 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44024 TIME_WAIT
tcp 0 0 localhost:46624 localhost:43982 TIME_WAIT
tcp 0 0 localhost:44048 localhost:46624 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44072 TIME_WAIT
tcp 0 0 localhost:46624 localhost:44072 TIME_WAIT
root@server00:~# netstat -a|grep 8110
tcp 0 0 localhost:8110 0.0.0.0:* LISTEN
root@server00:~# netstat -a|grep 8107
tcp6 0 0 [::]:8107 [::]:* LISTEN
root@server00:~# netstat -a|grep 8110
tcp 0 0 server00:8110 219.36.33.36.adsl:11300 TIME_WAIT
root@server00:~# ps | grep 8110
root@server00:~# ps -aux | grep 8110
root 26145 0.0 0.0 14436 1112 pts/5 S+ 11:34 0:00 grep --color=auto 8110
root@server00:~# kill -9 26145
-bash: kill: (26145) - No such process
root@server00:~# kill -9 26145
-bash: kill: (26145) - No such process
root@server00:~# netstat -a|grep 8110
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN
root@server00:~# netstat -a|grep 8110
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN
root@server00:~# netstat -a|grep 8110
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN
root@server00:~# netstat -a|grep 8110
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN
tcp 0 0 server00:8110 219.36.33.36.adsl:10936 FIN_WAIT2
root@server00:~# echo 'hello' > 219.36.33.36/10936
-bash: 219.36.33.36/10936: No such file or directory
root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936
root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936
root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936
root@server00:~# netstat -a|grep 8110
tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN
tcp 0 0 server00:8110 219.36.33.36.adsl:12844 ESTABLISHED
root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/12844
root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/12844
2. 结论
无法实现通信。
3. 相关资料
3.1. UDP测试
import socket
# Server 服务端 0.0.0.0, 127.0.0.1 121.199.10.158
s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
print('bind 8110')
address=('0.0.0.0', 8110)
s.bind(address)
while 1:
print('wait for data...')
data, addr=s.recvfrom(2048)
if data:
print("got data from", addr)
print(data)
s.close()
启动服务后,使用 echo "hello" > /dev/udp/127.0.0.1/8110 可以收到数据。但是使用 echo "hello" > /dev/udp/121.199.10.158/8110 则收不到数据,原因分析中。