1. ACK Scan
>>>ans,unans=sr(IP(dst=)/TCP(dport=[,],flags=)
After scanning, find the unused Port:
s,r s[TCP].dport==+
Filtered:
s +
2. Xmas Scan
>>>ans,unans=sr(IP(dst=)/TCP(dport=,flags=))
RST indicates that the port is closed.
3. IP Scan
>>> ans,unans=sr(IP(dst=,proto=(,))/,retry=)
4. ARP ping
>>> ans,unans=srp(Ether(dst=)/ARP(pdst=),timeout=)
Result:
>>> ans.summary(lambda (s,r): r.sprintf() )
5、ICMP ping
>>> ans,unans=sr(IP(dst=)/ICMP())
The following statement is used to display the result:
>>> ans.summary(lambda (s,r): r.sprintf() )
6. TCP ping
>>> ans,unans=sr( IP(dst=)/TCP(dport=,flags=) )
The following statement is used to display the result:
>>> ans.summary( lambda(s,r) : r.sprintf() )
7. UDP ping
>>> ans,unans=sr( IP(dst=)/UDP(dport=) )
Result:
>>> ans.summary( lambda(s,r) : r.sprintf() )
8. ARP cache repair oning
>>> send( Ether(dst=clientMAC)/ARP(op=, psrc=gateway, pdst=client),inter=RandNum(,), loop= )
9. TCP Port Scanning
>>> res,unans = sr( IP(dst=)/TCP(flags=, dport=(,)) )
10. IKE Scanning
>>> res,unans = sr( IP(dst=)/UDP()/ISAKMP(init_cookie=RandString(), exch_type=)/ISAKMP_payload_SA(prop=>>> res.nsummary(prn=lambda (s,r): r.src, lfilter=lambda (s,r): r.haslayer(ISAKMP) )
11. Advanced traceroute
(1) tcp syn traceroute
>>> ans,unans=sr(IP(dst=,ttl=(,))/TCP(dport=,flags=>>> ans.summary( lambda(s,r) : r.sprintf(. time-. time-. time-. time-. time-. time-. SA
(2) UDP traceroute
>>> res,unans = sr(IP(dst=, ttl=(,))/UDP()/DNS(qd=DNSQR(qname=>>> res.make_table(lambda (s,r): (s.dst, s.ttl, r.src))
(3) DNS traceroute
>>> ans,unans=traceroute(,l4=UDP(sport=RandShort())/DNS(qd=DNSQR(qname=*....******...******.***...****Finished to send *****...*** packets, got answers, remaining . . . . . . . .
(4) Etherleaking
>>> sr1(IP(dst=)/<IP src=. proto= [...] |<ICMP code= type= [...]|<Padding load=’0O\x02\x01\x00\x04\x06public\xa2B\x02\x02\x1e’ |>>>
(5) ICMP leaking
>>> sr1(IP(dst=, options=)/<IP src=. [...] |<ICMP code= type= [...] |<IPerror src=. options=’\x02\x00\x00\x00’ [...] |<ICMPerror code= type= id= seq= chksum= |<Padding load=’\x00[...]\x00\x1d.\x00V\x1f\xaf\xd9\xd4;\xca’ |>>>>>
(6) VLAN hopping
>>> sendp(Ether()/Dot1Q(vlan=)/Dot1Q(vlan=)/IP(dst=target)/ICMP())
(7) Wireless sniffing
>>> sniff(iface=,prn=lambda x:x.sprintf(::::: netgear ESS+privacy+::::: wireless_100 -slot+ESS+::::: linksys -slot+ESS+::::: NETGEAR -slot+ESS+privacy+-preamble