fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15]))[20:24])
def NSHForward(pkt):
if pkt.haslayer(NSH):
print("{" + pkt[NSH].mysummary() + "} " + pkt.summary())
next = pkt
next[NSH].NSI = next[NSH].NSI - 1
sendp(next, iface=egress)
def StartSF():
conf.verb = 0
return sniff(iface=ingress, filter='inbound', prn=lambda x: NSHForward(x))
if __name__ == "__main__":
ingress = "SF1-eth0"
egress = ingress
interact(mydict=globals(),
mybanner="""
Scapy with VxLAN GPE and NSH Support
- Use sniff(iface=ingress) to display incoming packets
- Use StartSF() to forward packets
""")
def StartSF():
conf.verb = 0
return sniff(iface=ingress, filter='ip dst ' + get_ip_address(ingress) + ' and (udp port 6633)',
prn=lambda x: NSHForward(x))
ingress = "eth1"
egress = "vxlan0"
if __name__ == "__main__":
interact(mydict=globals(), mybanner="""
Scapy with VxLAN GPE and NSH Support
- Use sniff(iface=ingress) to display incoming packets
- Use StartSF() to forward packets
""")
#
# Tested topology is the following:
# Each Client / Server / SF1 / SF2 are VMs
#
# The test host machine is Debian Testing with Kernel 3.16
# OVS + NSH is taken from Pritesh'fork of OVS: https://github.com/priteshk/ovs.git (branch nsh-v8)
#
# OVS Configuration for each VxLAN port :
# ovs-vsctl add-port br0 vxlan-$1 -- set interface vxlan-$1 type=vxlan
# options:local_ip=192.168.66.1 options:remote_ip=192.168.$vxlanip
# options:key=flow options:dst_port=6633 options:nsp=flow options:nsi=flow
#
# Each SF uses a VxLAN connected to OVS :
5: "Authentication Failure",
6: "Unacceptable Hold Time"
}),
ByteEnumField(
"UPDATEMessage", 0, {
1: "Malformed Attribute List",
2: "Unrecognized Well-Known Attribute",
3: "Missing Well-Known Attribute",
4: "Attribute Flags Error",
5: "Attribute Length Error",
6: "Invalid ORIGIN Attribute",
7: "AS Routing Loop",
8: "Invalid NEXT_HOP Attribute",
9: "Optional Attribute Error",
10: "Invalid Network Field",
11: "Malformed AS_PATH"
}),
]
bind_layers(TCP, BGPHeader, dport=179)
bind_layers(TCP, BGPHeader, sport=179)
bind_layers(BGPHeader, BGPOpen, type=1)
bind_layers(BGPHeader, BGPUpdate, type=2)
bind_layers(BGPHeader, BGPNotification, type=3)
bind_layers(BGPHeader, BGPHeader, type=4)
if __name__ == "__main__":
from scapy.all import interact
interact(mydict=globals(), mybanner="BGP addon .05")
16: Modbus_WriteMultipleRegistersResp,
23: Modbus_ReadWriteMultipleRegistersResp,
22: Modbus_MaskWriteRegistersResp,
24: Modbus_ReadFIFOQueueResp,
20: Modbus_WriteFileRecordResp,
21: Modbus_ReadFileRecordResp,
# Diagnostic functions
7: Modbus_ReadExceptionStatusResp,
8: Modbus_DiagnosticResp, # Note: Needs sub code (00-18, 20)
11: Modbus_GetComEventCounterResp,
12: Modbus_GetComEventLogResp,
17: Modbus_ReportSlaveIdResp,
43: Modbus_ReadDeviceIDResp, # Sub code 14
# "Other" function
43: Modbus_EncapsulatedInterfaceTransportResp # sub codes 13,14
}
# Modbus is defined as using TCP port 502
scapy_all.bind_layers(scapy_all.TCP, Modbus_MBAP, dport=502) # Request packet
scapy_all.bind_layers(scapy_all.TCP, Modbus_MBAP, sport=502) # Response packet
scapy_all.bind_layers(Modbus_MBAP, Modbus_PDU)
# Shouldn't need 'bind_layers' functions for each function code as we are using the
# 'guess_payload_class' function
# There are too many request and response types to bother with binding layers
if __name__ == "__main__":
scapy_all.interact(mydict=globals(), mybanner="SCAPY MODBUS ADDON V0.01")
if message.cmdstr in self.handlers:
self.handlers[message.cmdstr](message)
return message
def send_message(self, message):
print('sending')
message.show()
self.socket.sendall(bytes(message))
def _recv_n_bytes(self, n):
data = b''
while len(data) < n:
try:
chunk = self.socket.recv(n - len(data))
if chunk == '':
break
data += chunk
except BlockingIOError:
pass
return data
if __name__ == '__main__':
client = BitcoinClient(ip='::ffff:217.248.23.25', port=8333)
# client.start()
interact(mydict=globals(),
mybanner='Type "client.start()" to start the client')
while obj:
f = obj.pop()
g = fields_rfc.pop()
for x in a:
prog=re.compile(g+":", re.IGNORECASE)
result=prog.search(x)
if result:
self.setfieldval(f.name, x+'\r\n')
a.remove(x)
return "\r\n".join(a)
def guess_payload_class(self, payload):
prog=re.compile("^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)")
result=prog.search(payload)
if result:
return HTTPrequest
else:
prog=re.compile("^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*")
result=prog.search(payload)
if result:
return HTTPresponse
return Packet.guess_payload_class(self, payload)
bind_layers(TCP, HTTP)
if __name__ == "__main__":
interact(mydict=globals(), mybanner="HTTP Scapy extension")
p = p[:2+wl]+struct.pack("!H", l)+p[4+wl:]
return p+pay
class BGPNotification(Packet):
name = "BGP Notification fields"
fields_desc = [
ByteEnumField("ErrorCode",0,{1:"Message Header Error",2:"OPEN Message Error",3:"UPDATE Messsage Error",4:"Hold Timer Expired",5:"Finite State Machine",6:"Cease"}),
ByteEnumField("ErrorSubCode",0,{1:"MessageHeader",2:"OPENMessage",3:"UPDATEMessage"}),
LongField("Data", 0),
]
class BGPErrorSubcodes(Packet):
name = "BGP Error Subcodes"
Fields_desc = [
ByteEnumField("MessageHeader",0,{1:"Connection Not Synchronized",2:"Bad Message Length",3:"Bad Messsage Type"}),
ByteEnumField("OPENMessage",0,{1:"Unsupported Version Number",2:"Bad Peer AS",3:"Bad BGP Identifier",4:"Unsupported Optional Parameter",5:"Authentication Failure",6:"Unacceptable Hold Time"}),
ByteEnumField("UPDATEMessage",0,{1:"Malformed Attribute List",2:"Unrecognized Well-Known Attribute",3:"Missing Well-Known Attribute",4:"Attribute Flags Error",5:"Attribute Length Error",6:"Invalid ORIGIN Attribute",7:"AS Routing Loop",8:"Invalid NEXT_HOP Attribute",9:"Optional Attribute Error",10:"Invalid Network Field",11:"Malformed AS_PATH"}),
]
bind_layers( TCP, BGPHeader, dport=179)
bind_layers( TCP, BGPHeader, sport=179)
bind_layers( BGPHeader, BGPOpen, type=1)
bind_layers( BGPHeader, BGPUpdate, type=2)
bind_layers( BGPHeader, BGPNotification, type=3)
bind_layers( BGPHeader, BGPHeader, type=4)
if __name__ == "__main__":
from scapy.all import interact
interact(mydict=globals(), mybanner="BGP addon .05")
obj.reverse()
fields_rfc.reverse()
while obj:
f = obj.pop()
g = fields_rfc.pop()
for x in a:
prog = re.compile(g + ":", re.IGNORECASE)
result = prog.search(x)
if result:
self.setfieldval(f.name, x + '\r\n')
a.remove(x)
return "\r\n".join(a)
def guess_payload_class(self, payload):
prog = re.compile("^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT)")
result = prog.search(payload)
if result:
return HTTPrequest
else:
prog = re.compile("^HTTP/((0\.9)|(1\.0)|(1\.1))\ [0-9]{3}.*")
result = prog.search(payload)
if result:
return HTTPresponse
return Packet.guess_payload_class(self, payload)
bind_layers(TCP, HTTP)
if __name__ == "__main__":
interact(mydict=globals(), mybanner="HTTP Scapy extension")