I want to send a packet with scapy to another interface.
I have the wlan2 interface and i want my packet (that i generate) to be send there.
I've tried using send with iface but it has no effect.
I also tried using srp and just sendp but i am getting this strange result:
answer = srp(pkt[Ether]/ip/new_pkt/html1, iface="wlan2")
pkt[Ether] is a valid pkt that comes from the wlan2 interface and i can sniff it.
i am trying to generate an http response packet using its Ethernet layer.
But my response is always going to another interface and i think this is the problem.
Wireshark Ethernet II
The packets are grey...
The question is how to fix this? how do i send a legit packet to the wlan2 interface.
Related
I work on windows 10 machine and I am using scapy for some project I am doing.
When I use the sniff function to sniff packets form my ethernet interface it is working as expected but when I use srp1 to send packet from the same interface it send my packet trough my vEthernet interface and not trough my physical ethernet interface(so the packet never gets to it destination).
Here is my code of sniff versus srp1:
a = sniff(count = 1, iface = "Ethernet")
p = srp1(pkt, iface = "Ethernet")
as you can see in both calls I use "Ethernet" interface name.
Can someone tell me what to do so my packet will be send trough Ethernet and not vEthernet?
If you open a Scapy shell and type IFACES (Windows only ATM), you will be shown the exact list of interfaces.
You can then use the interface object, rather than the name. (see help(IFACES) for the various util functions such as IFACES.dev_from_id()... to get it).
Example:
from scapy.arch.windows import IFACES
a = IFACES.dev_from_id(5)
sr1(IP(dst="www.google.com")/ICMP(), iface=a)
See also https://stackoverflow.com/a/55093154/5459467
I have implemented a custom packet/protocol in scapy and sent it to a device on the network. The custom protocol is a hardware broadcast to discover the receiving devices mac address.
Using wireshark, I have confirmed that the device is responding to the packet, however when I do the following:
def check_connections(interface):
src_mac = get_if_hwaddr(interface)
dest_mac = 'FF:FF:FF:FF:FF:FF'
packet = Narp(dest=dest_mac, src=src_mac)
response = srp1(packet, iface=interface, verbose=False, timeout=2)
print response
response is nonetype, meaning scapy did not perceive a response.
In wireshark the packet being sent from the responding device is being addressed to the same hardware interface I used to send the packet from.
Any idea what could be causing scapy to not identify the incoming packet as a response?
You need to implement a way for Scapy to match the answers.
Have a look at https://stackoverflow.com/a/27974093/5459467. It explains that you'll need to implement answers.
You can find quite a few code examples online.
I am doing allot of network developing and I am starting a new research.
I need to send a packet which will then cause another SYN packet to be sent.
This is how I want it to look:
I send syn --> --> sends another SYN before SYN/ACK packet.
How can I cause?
I am using Scapy + Python.
I don't know if I understand you correctly. Is there any difference between your two SYN packets? If so, just create two SYN as you want and then send them together. If not, send same packets twice using scapy.send(pkt, 2).I don't remember the specific parameters, but I'm sure scapy.send can send as many packets and fast as you like.
I want to make a client-server model where server will send some UDP packet and client will receive them. I am thinking of using Scapy to send packets. Does Scapy gives any facility to receive packets(listen for packets)?
Scapy is able to craft packets, i.e. to build specific packets according to your needs. And yes, sending and receiving functions are the core functions of scapy. However, This is more for debugging purposes than for production systems. You should consider using Python's socket module directly.
I am trying to use scapy to run a complete HTTP session. That is to say, I want to manually perform the three way handshake, GET request, acknowledgements as necessary to receive the HTML file, and terminating the connection. Using [1] I have completed the three way handshake and the GET request, but I can't seem to capture the raw HTML packets sent from the server, and I obviously can't send an ack packet back for more. Any ideas?
Additionally, I'd ultimately like to be able to parse the raw packet for HTML. If anyone knows how to do that from a scapy packet I'd appreciate it.
[1] http://www.thice.nl/creating-ack-get-packets-with-scapy/
Gimbi,
I am at work and can only parse and not initiate connections in scapy right now. So i will address your second request. We are looking at something like I have provided here. The layer that contains the html as well as the http requests is (Raw).load if the packet contains html or an http request I would first test to see if the layer exists (haslayer) and then if the packet is a 'http packet" here is just check for 80 in the IF statement, however you could potentially just use the port in the sniff netfilter. I have included the option to sniff directly off the wire or pull in a pcap here in this snippet. (adjust ports etc if you are using non standards)
#!/usr/bin/python -tt
from scapy import *
import sys
def parse(pkt):
if pkt.haslayer(TCP) and pkt.getlayer(TCP).dport == 80 and pkt.haslayer(Raw):
print pkt.getlayer(Raw).load
if '-l' in sys.argv:
sniff(prn=parse)
else:
pkts = rdpcap(sys.argv[1])
for pkt in pkts:
parse(pkt)
Of course use this as a start you can adjust line 8 to pick up not just dport but also sport for example. Let me know if this helps at all and good luck!
P.S. change the following
from scapy import *
to
from scapy.all import *
depending on your version..