基于UDP的数据渗透收发包测试
郝伟 2021/09/23
本测试主要验证能否通过NAT转换规则,从外网向内网发送UDP数据包。
本测试会有三个IP参与数据通信:
首先,在服务器 ali(121.199.10.158) 上执行以下脚本,实现对8110端口的监听。
import socket new_socket = socket.socket() ip = '0.0.0.0' # 如何使用 "121.199.10.158" 则会报错 port = 8110 new_socket.bind((ip, port)) # 这里有2个括号,输入为元组。 # 开始监听,数字5表示最大客户端最大连接数 print('Listening port ', port) new_socket.listen(5) # new_cil, addr = new_socket.accept() while True: # 建立客户端连接。 print('新进来的客户端的地址:', addr) print('收到消息:', new_cil.recv(1024).decode()) new_cil.send('答案为6'.encode(encoding='utf-8')) new_cil.close()
然后在本机 192.168.3.9 上运行以下程序。
import socket import threading import time # 客户端 ip = "121.199.10.158" port = 8110 new_socket = socket.socket() new_socket.connect((ip, port)) while True: new_socket.send("请求给我计算下1+5=多少?".encode(encoding='utf-8')) #发生数据 print("客户端发给服务端:请求给我计算下1+5=多少?") back_str = new_socket.recv(1024).decode() #结束数据 print("服务端发给客户端:"+back_str) time.sleep(3) print("一次通信结束运行") new_socket.close() #关闭客户端
在Linux中使用以下命令发送UDP数据包,测试可用。
echo 'hello' > /dev/udp/219.36.33.36/12844
使用命令查看 netstat -a|grep 8110 通信端口的状态。
Microsoft Windows [版本 10.0.19042.1237] (c) Microsoft Corporation。保留所有权利。 C:\Users\hwaus>ssh ali Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-126-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage * Canonical Livepatch is available for installation. - Reduce system reboots and improve kernel security. Activate at: https://ubuntu.com/livepatch New release '20.04.3 LTS' available. Run 'do-release-upgrade' to upgrade to it. Welcome to Alibaba Cloud Elastic Compute Service: IP: 121.199.10.158 Web: http://121.199.10.158 To modify this, execute 'vi /etc/motd' (motd=Message Of The Day) Ref: https://www.howtogeek.com/howto/ubuntu/change-ssh-welcome-banner-on-ubuntu/ Last login: Thu Sep 23 11:25:45 2021 from 36.33.36.219 root@server00:~# netstat -a|grep TIME_WAIT tcp 0 0 localhost:46624 localhost:43978 TIME_WAIT tcp 0 0 localhost:44052 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44036 TIME_WAIT tcp 0 0 localhost:44028 localhost:46624 TIME_WAIT tcp 0 0 localhost:34897 localhost:56146 TIME_WAIT tcp 0 0 localhost:46624 localhost:44004 TIME_WAIT tcp 0 0 localhost:44026 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44088 TIME_WAIT tcp 0 0 localhost:46624 localhost:43998 TIME_WAIT tcp 0 0 localhost:46624 localhost:44010 TIME_WAIT tcp 0 0 server00:45600 100.100.45.186:http TIME_WAIT tcp 0 0 localhost:46624 localhost:44018 TIME_WAIT tcp 0 0 server00:47610 100.100.45.106:https TIME_WAIT tcp 0 0 localhost:44046 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44008 TIME_WAIT tcp 0 0 localhost:46624 localhost:44064 TIME_WAIT tcp 0 0 localhost:46624 localhost:44096 TIME_WAIT tcp 0 0 localhost:55564 localhost:43145 TIME_WAIT tcp 0 0 localhost:46624 localhost:43996 TIME_WAIT tcp 0 0 localhost:46624 localhost:44084 TIME_WAIT tcp 0 0 localhost:44030 localhost:46624 TIME_WAIT tcp 0 0 localhost:44042 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:43990 TIME_WAIT tcp 0 0 localhost:44034 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44022 TIME_WAIT tcp 0 0 server00:45534 100.100.45.186:http TIME_WAIT tcp 0 0 localhost:44054 localhost:46624 TIME_WAIT tcp 0 0 localhost:44044 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44020 TIME_WAIT tcp 0 0 localhost:44062 localhost:46624 TIME_WAIT tcp 0 0 localhost:44050 localhost:46624 TIME_WAIT tcp 0 0 server00:36318 212.64.62.183:https TIME_WAIT tcp 0 0 localhost:46624 localhost:44090 TIME_WAIT tcp 0 0 localhost:46624 localhost:44094 TIME_WAIT tcp 0 0 localhost:44032 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:43984 TIME_WAIT tcp 0 0 server00:48184 100.100.167.126:https TIME_WAIT tcp 0 0 localhost:44040 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:43992 TIME_WAIT tcp 0 0 localhost:46624 localhost:44082 TIME_WAIT tcp 0 0 localhost:46624 localhost:44070 TIME_WAIT tcp 0 0 localhost:46624 localhost:43976 TIME_WAIT tcp 0 0 localhost:46624 localhost:44038 TIME_WAIT tcp 0 0 localhost:46624 localhost:44060 TIME_WAIT tcp 0 0 localhost:44058 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44002 TIME_WAIT tcp 0 0 localhost:46624 localhost:44024 TIME_WAIT tcp 0 0 localhost:46624 localhost:43982 TIME_WAIT tcp 0 0 localhost:44048 localhost:46624 TIME_WAIT tcp 0 0 localhost:46624 localhost:44072 TIME_WAIT tcp 0 0 localhost:46624 localhost:44072 TIME_WAIT root@server00:~# netstat -a|grep 8110 tcp 0 0 localhost:8110 0.0.0.0:* LISTEN root@server00:~# netstat -a|grep 8107 tcp6 0 0 [::]:8107 [::]:* LISTEN root@server00:~# netstat -a|grep 8110 tcp 0 0 server00:8110 219.36.33.36.adsl:11300 TIME_WAIT root@server00:~# ps | grep 8110 root@server00:~# ps -aux | grep 8110 root 26145 0.0 0.0 14436 1112 pts/5 S+ 11:34 0:00 grep --color=auto 8110 root@server00:~# kill -9 26145 -bash: kill: (26145) - No such process root@server00:~# kill -9 26145 -bash: kill: (26145) - No such process root@server00:~# netstat -a|grep 8110 tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN root@server00:~# netstat -a|grep 8110 tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN root@server00:~# netstat -a|grep 8110 tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN root@server00:~# netstat -a|grep 8110 tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN tcp 0 0 server00:8110 219.36.33.36.adsl:10936 FIN_WAIT2 root@server00:~# echo 'hello' > 219.36.33.36/10936 -bash: 219.36.33.36/10936: No such file or directory root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936 root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936 root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/10936 root@server00:~# netstat -a|grep 8110 tcp 0 0 0.0.0.0:8110 0.0.0.0:* LISTEN tcp 0 0 server00:8110 219.36.33.36.adsl:12844 ESTABLISHED root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/12844 root@server00:~# echo 'hello' > /dev/udp/219.36.33.36/12844
无法实现通信。
import socket # Server 服务端 0.0.0.0, 127.0.0.1 121.199.10.158 s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) print('bind 8110') address=('0.0.0.0', 8110) s.bind(address) while 1: print('wait for data...') data, addr=s.recvfrom(2048) if data: print("got data from", addr) print(data) s.close()
启动服务后,使用 echo "hello" > /dev/udp/127.0.0.1/8110 可以收到数据。但是使用 echo "hello" > /dev/udp/121.199.10.158/8110 则收不到数据,原因分析中。