I'm trying to do an ARP scan and print MAC addresses of reachable IP addresses.
Here's the part of my code where I use ARP ping method :
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"),timeout=2)
ans.summary(lambda s,r: r.sprintf("%Ether.src% %ARP.psrc%"))
I put a random IP address for the example.
Here's my response, I really don't understand why my packets are not received :
Begin emission:
Finished sending 1 packets.
Received 0 packets, got 0 answers, remaining 1 packets
Related
I am trying to send an IP in IP packet with scapy but I seem to be missing or misunderstanding something. Here is my attempt:
from scapy.all import *
payload = "HelloWorld"
inner = IP(dst="192.168.1.2")
inner.add_payload(payload)
outer = IP(dst="192.168.1.2")
send(outer/inner)
I watched for the packet with wireshark on the destination and it showed that the packet was malformed:
Expert Info (Error/Protocol): IPv6 Hop-by-Hop extension header must
appear immediately after IPv6 header
the destination then sends an ICMP packet back with type 3 (destination unreachable) and code 2 (Protocol unreachable).
I have tried setting several protocols on the outer and inner packets (protocol 4 IPv4 encapsulation feels right) but so far they all send back a "protocol unreachable" ICMP packet.
If it makes a difference my intent is to have the inner packet get sent to a different destination than the outer packet. I just thought I should make the simplest possible example to get started. Once I figure out why I am getting a protocol unreachable message I will change the inner packets destination IP.
Suggestions?
If you want to send an IP in IP packet (Outer IP header, Inner IP header, IP payload), e.g.:
from scapy.all import *
payload = "TEST"
send(IP(dst="192.168.1.2")/IP(dst="192.168.1.2")/UDP(dport=4444)/payload)
I parse pcap file with scapy python , and there is TCP packet in that pcap that I want to know what is the answer of this pcaket, How can I do that?
For example : client and server TCP stream
client-> server : "hi"
server-> client : "how are you"
When I get "hi" packet (with scapy) how can I get "how are you" ?
Look at the TCP sequence number of the message from the client. Call this SeqC.
Then look for the first message from the client whose TCP acknowledgement sequence is higher than SeqC (usually it will be equal to SeqC plus the size of the client's TCP payload). Call this PacketS1.
Starting with PacketS1, collect the TCP payloads from all packets until you see a packet sent by the server with the TCP PSH (push) flag set. This suggests the end of the application-layer message. Call these payloads PayloadS1 to PayloadSN.
Concatenate PayloadS1 to PayloadSN. This is the likely application-layer response to the client message.
I followed the Scapy tutorial and sent a ping packet to a website.
In WireShark, I got the reply packets immediately. But not in scapy python shell.
I built a IP/ICMP packet and sent it with sr() but the only thing I got was endless packet reception.
>>> conf.iface = <NetworkInterface [Npcap Loopback Adapter] ...>
...
>>> p = IP(dst='www.bilibili.com')/ICMP()
>>> res = sr(p)
Scapy tutorial says I can get a normal answer, but actually I got endless dots
Begin emission:
Finished sending 1 packets..
...............................................
(ctrl + c)
Received 36 packets, got 0 answers, remaining 1 packets
the interface you are using is the loopback one = only local packets. check IFACES.show() for the others. My guess would be that you're missing an installation step.
the answer is never received
you could add a timeout=... to sr()
I'm currently making a DNS tunnel in python using Scapy. I can send packets just fine (according to Wireshark). The problem is, when listening on Netcat on what I'm transmitting the dns packets to, I only receive the first packet.
I've heard that when binding, a UDP "connection" (for lack of better words) locks on a port, and drops all other packets from any other source port. However, I defined a source port, so I'm not sure what is going on.
def sendDns(incomingBytes):
print('sending packet data :\n' + incomingBytes.decode('utf-8'))
incomingBytes = base64.encodebytes(incomingBytes)
send(IP(dst=dnsServer)/UDP(dport=53, sport=12345)/DNS(qd=DNSQR(qname=incomingBytes)))
I have a python scripts that captures the packets on the ethernet using dpkt, but how do i differentiate between which packets are tcp and which ones are for udp.
Eventually i would like to have a list of packets for each tcp connection that was established during the time interval.
my code is:
import dpkt
import pcapy
cap=pcap.open_live('eth0',100000,1,0)
(header,payload)=cap.next()
while header:
eth=dpkt.ethernet.Ethernet(str(payload))
ip=eth.data
tcp=ip.data
# i need to know whether it is a tcp or a udp packet here!!!
(header,payload)=cap.next()
IP header contains field protocol. dpkt should allow you to obtain this value and using it you can guess what is on top of IP. Here is a list of valid protocols numbers http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml.
UDP is equal to 17 while TCP is 6.
Edit:
I have checked this issue and as I mentioned dpkg provide p properties to access protocol field of IP. So you can check agains it. But it also automatically parse packet and set data property to instance of class that represent upper protocol like UDP or TCP. So you can check type of data property and you recognize this protocol.
from dpkt.ip import IP, IP_PROTO_UDP
from dpkt.udp import UDP
ip = IP('E\x00\x00"\x00\x00\x00\x00#\x11r\xc0\x01\x02\x03\x04\x01\x02\x03\x04\x00o\x00\xde\x00\x0e\xbf5foobar')
#if ip.p == IP_PROTO_UDP: # checking for protocol field in ip header
if type(ip.data) == UDP : # checking of type of data that was recognized by dpkg
udp = ip.data
print udp.sport
else:
print "Not UDP"
A python script that captures the packets on the ethernet adapter eth0 using dpkt, and differentiates between TCP and UDP packets of the IP.
import dpkt
import pcapy
cap=pcapy.open_live('eth0',100000,1,0)
(header,payload)=cap.next()
while header:
eth=dpkt.ethernet.Ethernet(str(payload))
# Check whether IP packets: to consider only IP packets
if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
continue
# Skip if it is not an IP packet
ip=eth.data
if ip.p==dpkt.ip.IP_PROTO_TCP: # Check for TCP packets
TCP=ip.data
# ADD TCP packets Analysis code here
elif ip.p==dpkt.ip.IP_PROTO_UDP: # Check for UDP packets
UDP=ip.data
# UDP packets Analysis code here
(header,payload)=cap.next()