Python3 implementation of the ICMP remote control back door (top) _ supplementary article

ICMP backdoor (top) supplemental

Preface

In the previous article Python3 implementation of the ICMP remote backdoor (above), I briefly explained the ICMP protocol, and the implementation of a simple ping function, after the article was published, a lot of friends backstage, saying that the calculation of the checksum is not very understanding, the implementation of the PING function only to achieve the send, Receive is not implemented, how a full ping is implemented, and so on. Originally for the ICMP backdoor to write three articles, but to everyone's doubts temporarily opened up a supplement, the ICMP protocol check mode, and to achieve a full function of ping to everyone to explain in detail.

Section I. ICMP protocol checksum

For the calculation of checksums, I comment on the code that writes the checksum, and note that the annotation will understand the whole process of validation.

DEF checksum (packet): "" "Checksum" "   #packet为icmp头部和data的字节流 where the ICMP checksum field is initialized to 0        sum =0   # Countto: Record packet is the number of 16 bits, because the checksum per two bytes    Countto = (len (packet)//2) * *     count =0 while    count <countto:        #将每两个字节中的第二个字节作为高位, the first byte is the low of the 16-bit value        sum + = ((Packet[count+1] << 8) | packet[count])        count + = 2    #packet并不一定都是偶数字节, may be odd, add the last byte to sum    if Countto<len (packet):        sum + = Packet[len (packet)-1]        sum = sum & 0xffffffff    #sum中超过16位的高位加到低位    sum = (sum >> +)  +  (sum & 0xFFFF)    sum = sum + (sum >>)    #对sum取反    answer = ~sum    #到这应该就结束了, but there is a problem with the byte order, the following is the conversion of host byte order to network byte order    # That is, high turn low, low to high    answer = answer & 0xffff    answer = answer >> 8 | (Answer << 8 & 0xff00)    Return answer

　　

Section II identifier and serial number of the ICMP message

The ICMP echo message (type = 8), which is requested by the host loopback response message (type = 0), has the following basic format:

Loopback message [echo]

Loopback response message [echo REPLY]

• Code = 0,

• Checksum for checksums, focusing on the end of the ICMP header to data (that is, the end of the entire packet)

• Identifier as identifier, set by host, typically set to process number , echo response message is consistent with identifier in loopback message

• Sequence number is the serial numbers, set by the host, typically set to a sequence incremented by 0 , and the Echo response message is consistent with Sequence in the loopback message

• Data, set by host, ECHO response message consistent with data in loopback message

The third section Ping implements

In the previous article, we explained how to send an ICMP request, and then we implemented how to accept the response and calculate the response time, similar to the following:

The code to receive the ping response is as follows:

The timeout mechanism for Ping is implemented through the Select model. For identifier set to the process number, as shown in.

To test the ping effect

Note Run the Python script with administrator privileges and ping www.baidu.com directly

At last

If you think this article can also, must remember recommended yo. Please pay attention to my public number.

Python3 implementation of the ICMP remote control back door (top) _ supplementary article