def create_igmp(src_mac, src_ip, group_ip, igmp_type=IGMP_QUERY): """Creates a new IGMP packet based on the given addresses.""" a = Ether(src=src_mac) b = IP(src=src_ip) c = IGMP(type=igmp_type, gaddr=group_ip) c.igmpize(b, a) return a / b / c
def inject_packet(self, iface, dst_mac): ether_part = Ether(src='00:00:00:00:00:00', dst=dst_mac) ip_part = IP(ttl=1, src='0.0.0.0', dst='224.0.0.1') igmp_part = IGMP(type=0x11) igmp_part.mrtime = (self.max_resp_time / 100) & 0xff igmp_part.igmpize(ether=ether_part, ip=ip_part) # Make this IGMP query packet as an unicast packet ether_part.dst = dst_mac sendp(ether_part / ip_part / igmp_part, iface=iface, verbose=False)
def handle_packet(pkt): if IGMP not in pkt or pkt[IGMP].type != 0x11 or pkt[IP].dst != '224.0.0.1': return for channel, watchers in self.channels_being_watched.items(): if not watchers: continue print 'sending ping for %s' % channel ether = Ether(src=get_mac_addr(local_nic)) ip = IP(src=get_ip_address(local_nic)) igmp = IGMP(type=0x16, gaddr=self.config['channels'][channel].split(':')[0]) igmp.igmpize(ip, ether) packet = ether/ip/igmp sendp(packet, iface=local_nic)
def run(self): """Sends IGMP general query packets using the multicast address 224.0.0.1. Received replies are processed by a SniffThread. """ # create IGMP general query packet ether_part = Ether(src=self.mac) ip_part = IP(ttl=self._TTL, src=self.ip, dst=self._IGMP_MULTICAST) igmp_part = IGMP(type=self._IGMP_GENERAL_QUERY) # Called to explicitely fixup associated IP and Ethernet headers igmp_part.igmpize(ether=ether_part, ip=ip_part) while True: sendp(ether_part / ip_part / igmp_part) time.sleep(self._SLEEP)
def calc_IPv4_overhead(IP_prot, src_IP, dst_IP, src_port, dst_port, TOS_val, TCP_flags, dTime): # Init packet p = IP() # ICMP Protocol if IP_prot == 1: # * This will only work with University of Oregon ICMP Netflow * # Discard for other netflows, or derive type and code another way temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ ICMP(type=type, code=code) # IGMP Protocol if IP_prot == 2: # * This will only work with University of Oregon IGMP Netflow * # Discard for other netflows, or derive type and code another way temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ IGMP(type=type, mrcode=code) # TCP Protocol elif IP_prot == 6: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ TCP(sport=src_port, dport=dst_port, flags=TCP_flags, window=dTime) # UDP Protocol elif IP_prot == 17: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ UDP(sport=src_port, dport=dst_port) # GRE (Generic Routing Encapsulation) Protocol elif IP_prot == 47: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ GRE() # ESP (Encapsulating Security Payload) Protocol elif IP_prot == 50: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ ESP() # Rare packets else: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) return p
def gen_IPv4(src_IP, dst_IP, src_port, dst_port, IP_prot, TOS_val, TCP_flags, packets, bytes, dTime): # Init packet p = IP() overhead = calc_IPv4_overhead(IP_prot, src_IP, dst_IP, src_port, dst_port, TOS_val, TCP_flags, dTime) # This creates a tiny degree of error bytes_left = bytes - len(overhead) * packets packet_size = int(bytes_left / packets) # Create a fake payload that justifies byte count of packets to correct amount payload = bytearray(random.getrandbits(8) for _ in xrange(packet_size)) if IP_prot == 1: temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ ICMP(type=type, code=code, length=packet_size) / Raw(payload) elif IP_prot == 2: temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ IGMP(type=type, mrcode=code) / Raw(payload) elif IP_prot == 6: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ TCP(sport=src_port, dport=dst_port, flags=TCP_flags) / Raw(payload) elif IP_prot == 17: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ UDP(sport=src_port, dport=dst_port, len=packet_size) / Raw(payload) elif IP_prot == 47: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ GRE() / Raw(payload) elif IP_prot == 50: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ ESP(data=payload) else: p = IP(src=src_IP, dst=dst_IP, proto=IP_prot, tos=TOS_val) / \ Raw(payload) return p
def sub(m_addr): addr = socket.gethostbyname(Network.get_default_gateway_linux()) mc_addr = socket.gethostbyname(m_addr) iface = Network.get_if() pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01') pkt = pkt / IP(dst=addr) / IGMP(type=0x17, gaddr=mc_addr) sendp(pkt, iface=iface, verbose=False) Log.info("Unsubscribed to", str(mc_addr))
def main(): addr = socket.gethostbyname(get_default_gateway_linux()) mc_addr = socket.gethostbyname(sys.argv[2]) iface = get_if() if sys.argv[1] == "subscribe": igmp_type = 0x16 else: igmp_type = 0x17 #print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01') pkt = pkt / IP(dst=addr) / IGMP(type=igmp_type, gaddr=mc_addr) sendp(pkt, iface=iface, verbose=False) if igmp_type == 0x16: print "Subscribed to " + str(mc_addr) if igmp_type == 0x17: print "Unsubscribed from " + str(mc_addr)
def calc_IPv6_overhead(IP_prot, src_IP, dst_IP, src_port, dst_port, TCP_flags, dTime): # Init packet p = IPv6() # ICMP Protocol if IP_prot == 1: # * This will only work with University of Oregon ICMP Netflow * # Discard for other netflows, or derive type and code another way temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ ICMP(type=type, code=code) # IGMP Protocol if IP_prot == 2: # * This will only work with University of Oregon IGMP Netflow * # Discard for other netflows, or derive type and code another way temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ IGMP(type=type, mrcode=code) # TCP Protocol elif IP_prot == 6: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ TCP(sport=src_port, dport=dst_port, flags=TCP_flags, window=dTime) # UDP Protocol elif IP_prot == 17: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ UDP(sport=src_port, dport=dst_port) # GRE (Generic Routing Encapsulation) Protocol elif IP_prot == 47: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ GRE() # ESP (Encapsulating Security Payload) Protocol elif IP_prot == 50: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ ESP() # ICMP Protocol for IPv6 elif IP_prot == 58: # * This will only work with University of Oregon IPv6 ICMP Netflow * # Discard for other netflows, derive type and code another way, or disregard type & code attributes temp = dst_port.split('.') type, code = int(temp[0]), int(temp[1]) p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ ICMP(type=type, code=code) # OSPF Protocol (Assuming OSPF Hello Packet) elif IP_prot == 89: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) / \ OSPF_Hello(hellointerval=dTime) # Rare packets else: p = IPv6(src=src_IP, dst=dst_IP, nh=IP_prot) return p
""" from scapy.utils import rdpcap from scapy.contrib.igmp import IGMP eth = Ether(dst='01:00:5e:00:00:fb', type=0x800) ipoption = IPOption_Router_Alert(copy_flag=1, optclass='control', option='router_alert', length=4, alert='router_shall_examine_packet') number_of_packets = 10000 for p in range(number_of_packets): hi = p // 256 lo = p - 256 * hi gaddr = "224.224." + str(hi) + "." + str(lo) ip = IP(version=4, proto=2, ttl=1, src='10.255.0.1', dst=gaddr, options=[ipoption]) igmp = IGMP(type=0x16, mrcode=0, gaddr=gaddr) pkt = eth / ip / igmp pkt[IGMP].igmpize() sendp(pkt, iface='ens33') # interface on which the packets are sent out
# https://github.com/levigross/Scapy/blob/master/scapy/contrib/igmp.py # The function adjusts the IP header based on conformance rules # and the group address encoded in the IGMP message. # The rules are: # 1. Send General Group Query to 224.0.0.1 (all systems) # 2. Send Leave Group to 224.0.0.2 (all routers) # 3a.Otherwise send the packet to the group address # 3b.Send reports/joins to the group address #!/usr/bin/env python from scapy.all import * from scapy.contrib.igmp import IGMP eth = Ether() # Send General Group Query to 224.0.0.1 (all systems) iph = IP(src='192.168.1.1', dst='224.0.0.1', proto=2) igmp = IGMP(type=0x11, gaddr='0.0.0.0', mrtime=20) igmp.igmpize(iph,eth) sendp(eth/iph/igmp, iface="eth1", count=1) # Send Leave Group to 224.0.0.2 (all routers) iph = IP(src='192.168.1.42', dst='224.0.0.2', proto=2) igmp = IGMP(type=0x17, gaddr='239.0.0.58', mrtime=20) igmp.igmpize(iph,eth) sendp(eth/iph/igmp, iface="eth1", count=1) # Send reports/joins to the group address iph = IP(src='192.168.1.42', dst='239.0.0.59', proto=2) igmp = IGMP(type=0x16, gaddr='239.0.0.59', mrtime=20) igmp.igmpize(iph,eth) sendp(eth/iph/igmp, iface="eth1", count=1)
ipSet = [] with open(fileLocation) as f: lines = f.readlines() for line in lines: ipSet.append(line.strip('\n')) return ipSet testIpArr = readIpSetFromFile('ipSetV2.txt') while True: for i in range(len(testIpArr)): ip = testIpArr[i] ipIpy = IPy.IP(ip) ipYan = ipIpy.strBin()[-23:] ipYan = '0000000100000000010111100' + ipYan mac = hex(int(ipYan, 2))[2:] if (len(hex(int(ipYan, 2))[2:]) < 12): for j in range(12 - len(hex(int(ipYan, 2))[2:])): mac = '0' + mac mulMac = mac[0:2] + ':' + mac[2:4] + ':' + mac[4:6] + ':' + mac[6:8] + ':' + mac[8:10] + ':' + mac[10:12] print ip print mulMac p_join = Ether(dst=mulMac, src='a0:8c:fd:9e:2d:f1') / IP(src='10.0.0.123', dst=ip, ttl=1) /IGMP(type=0x16,gaddr=ip,mrcode=0x00) sendp(p_join,iface=interface) print '----------------' time.sleep(5)