I'm attempting to send a UDP packet from a baremetal embedded device to a script running python.
I see the packet in WireShark and confirmed that everything is correct.
However, the Python script does not see the packet.
I've tested the python code by sending a UDP packet from another python script. The receiving python script does receive it at that point.
I see the packet in the FireWall. It says the packet was allowed and sent to python. I've created a rule in the FireWall to allow traffic from this device. I've also tried disabling the FireWall.
Below is my python script listening for the UDP packet
import socket
UDP_PORT = 5005
sock = socket.socket(socket.AF_INET, # Internet
socket.SOCK_DGRAM) # UDP
sock.bind(('', UDP_PORT))
while True:
data, addr = sock.recvfrom(1024) # buffer size is 1024 bytes
print "received message:", data
print "received from:", addr
Why would Python drop the packet?
Netstat shows it received the UDP packet without any errors:
Netstat before receiving the packet
netstat -s -n -p UDP
UDP Statistics for IPv4
Datagrams Received = 5982014
No Ports = 79096
Receive Errors = 829
Datagrams Sent = 1641811
Netstat after receiving the packet
netstat -s -n -p UDP
UDP Statistics for IPv4
Datagrams Received = 5982130
No Ports = 79100
Receive Errors = 829
Datagrams Sent = 1641932
Related
I have connected two windows machines using ethernet cable and i assigned static ip for each computer. I used wireshark on both machines to monitor the packets. I have used python socket to send UDP packets.
sender.py
import socket
import time
DST_IP="192.168.0.191"
DST_PORT=2000
sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) # UDP
message = b"your very important message"
while True:
sock.sendto(message, (DST_IP,DST_PORT))
print("message sent!")
time.sleep(1)
receiver.py
import socket
import time
UDP_IP = "192.168.0.191"
UDP_PORT = 2000
sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) # UDP
sock.bind((UDP_IP, UDP_PORT))
while True:
data, addr = sock.recvfrom(1024) # buffer size is 1024 bytes
print(data)
sender computer have address 192.168.0.155 and receiver has 192.168.1.191 wireshark shark on sender shows packet is sent and wireshark on receiver shows the packet is received.
But receiver side python doesn't show anything.
Why python socket is not receving anything whereas wireshark does?
I have the following UDP / DGRAM socket in Python:
sock.bind((UDP_IP, UDP_PORT))
while True:
data, addr = sock.recvfrom(1024) # buffer size is 1024 bytes
print "received message:", data
This code is running in a proxy server, so destination IP and port is not matching the socket. I'm using tproxy to intercept the packets.
How can I get the destination IP and port, not the source IP and port?
from the docs of
socket.getsockname():
Return the socket’s own address. This is useful to find out the port number of an IPv4/v6 socket, for instance.
so you'd want to print out sock.getsockname()
I have a server where I have a script which sends UDP packets to my ip address and I have a client script on my PC that receives UDP packets.
#python3.6.1
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('myip', 49999))
data, address = sock.recvfrom(100)
print('Received {}'.format(data.decode('ascii')))
On the server side my scripts connects to ('myip', 49999) and starts sending packets.
I took my ip from ip4.me i tried to bind my socket to '0.0.0.0' too and i tried other ports nothing seems to work.
If that is the server script, i guess it should have a while loop in it:
while True:
data, address = sock.recvfrom(100)
print('Received {}'.format(data.decode('ascii')))
Can anyone tell me the most basic approach to generate UDP, TCP, and IP Packets with Python?
As suggested by jokeysmurf, you can craft packets with scapy
If you you want to send/receive regular, i.e. non-custom, packets then you should use socket or socketserver:
http://docs.python.org/library/socket.html#module-socket
http://docs.python.org/library/socketserver.html#module-SocketServer
For example, to send a TCP HTTP GET request to Google's port 80 use:
import socket
HOST = 'google.com' # The remote host
PORT = 80 # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send('GET / HTTP/1.1\r\nHost: google.com\r\n\r\n')
data = s.recv(1024)
s.close()
print 'Received', repr(data)
To send UDP instead of TCP change SOCK_STREAM to SOCK_DGRAM.
You can do interactive packet manipulation with scapy.
This article is going to get you started on gluing together an IP packet.
Construction of a tcp packet is as easy as:
packet = IP(src="10.0.0.10")
I have set up a server socket (plain raw socket) listening on port A. A client now connects to this server. OS opens up a port for the client for this purpose. Say port B is allocated to this client. Now my question is, can a 3rd script connect to this port B and send data. Or in other words can I spoof a response to the client as if it was coming from the server? I tried spoofing it using scapy, but it wasnt working.
server.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("localhost", A))
s.listen(10)
ns, cli_addr = s.accept()
time.sleep(30) # so that i can trigger my 3rd script
goodclient.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("localhost", A))
print s.getsockname() # to get the local port of client - B
s.recv(1024)
badboy.py
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("localhost", B)) # connection refused error
s.send("hihihi")
scapybadboy.py
pack = IP(src="localhost", dst="localhost") / TCP(sport=A, dport=B) / "Hello"
send(pack) # Packet sent but not received by the client
Because server and client using SOCK_STREAM sockets, they both aware of TCP session(including port, IP and (SEQ_NUMBER,ACK_NUMBER)), so when session is already in process, you will have to perform TCP hikacking and IP spoofing in order to send messages in stream.
In other words, you will have to guess(or steal) ACK number of server in order to send fake messages to client using badclient.
However, if you will make somehow goodclient answer you and not a server you should run the following:
iptables -A FORWARD -j NFQUEUE --queue-num 1 , because your operating system doesn't know about session that you just "opened" with goodclient and it will send RST packet. This command will prevent it.