445这个端口是一个开放的端口

dst目标的ipp地址

ACK-----TCP Port-----RST                           
Scapy
i=IP()   
i.dst"1.1.1.1"
t=TCP()  
t.flags='A' 
r=(i/t)  
a=sr1(r) 
a.display()
a=sr1(IP(dst="1.1.1.1")/TCP(dport=80,flags='A'),timeout=1))
ACK_ping.py

#!/usr/bin/python
#!coding=utf-8

import sys
from scapy.all import *

if len(sys.argv)!=2:
    print "./ack_ping prefix"
    print "Example ./ack_ping 192.168.10"
    sys.exit()

prefix = str(sys.argv[1])

try:
    for index in range(1,254):
        response = sr1(IP(dst=str(prefix)+'.'+str(index))/TCP(flags='A',dport=80),timeout=0.3,verbose=0)
        try:
            if(response):
                print prefix+'.'+str(index)
        except KeyboardInterrupt:
            print
            break
except KeyboardInterrupt:
    print
 

四层发现

scapy

 Scapy

 i = IP()

 i.dst="1.1.1.1"

 t = TCP()

 t.flags='A'

r = (i/t)

 a = sr1(r)

 a.display()

 a = sr1(IP(dst="1.1.1.1")/TCP(dport=80,flags='A') ,timeout=1))

ACK_Ping.p

python的scapy库:抓包，分析，创建，修改，注入网络流量

>>> ARP().display()

###[ ARP ]###

  hwtype= 0x1

  ptype= 0x800

  hwlen= 6

  plen= 4

  op= who-has

  hwsrc= 00:0c:29:9f:b8:42

  psrc= 172.18.6.43

  hwdst= 00:00:00:00:00:00

  pdst= 0.0.0.0

>>> arp=ARP()

>>> arp.hwtype

1

>>> arp.pdst="172.18.6.86"

>>> arp.pdst

'172.18.6.86'

>>> sr1(arp)

.Begin emission:

*Finished to send 1 packets.

m=sr1(IP(dst='172.18.6.34')/TCP(dport=80,flags='S'),timeout=1)