我正在尝试开发一个代码,我可以通过过滤和阻止某种类型的数据包来测试连接到Web服务器的客户端的错误情况。
对于初学者,我想分析客户端在无法通过过滤和阻止DHCP数据包获取其IP时的行为。 我使用'scapy'来嗅探并创建DHCP数据包的'PCAP'日志,但我无法阻止数据包。
有什么办法可以阻止数据包到达客户端吗?
I am trying to develop a code where I can test error conditions of a client connected to a web server by filtering and blocking some type of packets.
For starters, I want to analyse the behavior of the client when it cannot obtain its IP by filtering and blocking the DHCP packets. I used 'scapy' to sniff and create a 'PCAP' log of the DHCP packets but I cannot block the packets.
Is there any way in which I can block the packets from reaching the client?
最满意答案
基本上,这就是“防火墙”可以做的事情。 它必须在内核级别而不是在应用程序级别上发生。 如果你在Linux上,那么通过iptables使用netfilter内核模块。 在您感到满意之前,您必须对此主题进行一些研究。
Basically, this is what a "firewall" can do. It has to happen on kernel level rather than on the application level. If you are on Linux, then make use of the netfilter kernel modules via iptables. You will have to perform some research on this topic before you'll feel comfortable with it.
更多推荐
发布评论