def _establish_conn(self, dport): seq_no = random.randint(0, 2**32 - 1) eph_port = random.randint(30000, 60000) self._reset_conn(eph_port, dport, seq_no) # create connection to the VIP on the alt host, which will accept the SYN syn = \ IP(dst=self.ALT_HOST) / \ UDP(sport=12345, dport=19523) / \ GLBGUE(private_data=GLBGUEChainedRouting(hops=[])) / \ IPv6(src=self.SELF_HOST_V6, dst=self.VIP) / \ TCP(sport=eph_port, dport=dport, flags='S', seq=seq_no) # retrieve the SYN-ACK syn_ack = self._sendrecv6(syn, lfilter=self._match_tuple( self.VIP, self.SELF_HOST_V6, dport, eph_port)) seq_no = syn_ack.ack ack_no = syn_ack.seq + 1 ack = \ IP(dst=self.ALT_HOST) / \ UDP(sport=12345, dport=19523) / \ GLBGUE(private_data=GLBGUEChainedRouting(hops=[])) / \ IPv6(src=self.SELF_HOST_V6, dst=self.VIP) / \ TCP(sport=eph_port, dport=dport, flags='A', seq=seq_no, ack=ack_no) send(ack) return (eph_port, seq_no, ack_no)
def test_scapy_sniffer(self): send_data = [ Ether(src="99:54:8f:91:12:f6", dst="44:35:a2:a6:d0:bd") / IPv6(src="fe80::1", dst="fe80::2") / ICMPv6EchoRequest(), Ether(src="44:35:a2:a6:d0:bd", dst="99:54:8f:91:12:f6") / IPv6(src="fe80::2", dst="fe80::1") / ICMPv6EchoReply(), Ether(src="1f:db:ed:9c:26:6e", dst="18:39:3c:e8:1f:ad") / IPv6(src="2001:db8:8a5a:4020:f160:162:c83d:527d", dst="2001:db8:2932:29c9:35eb:9377:ae68:634d") / UDP(sport=31245, dport=8788) / b"abcdef", Ether(src="18:39:3c:e8:1f:ad", dst="1f:db:ed:9c:26:6e") / IPv6(src="2001:db8:2932:29c9:35eb:9377:ae68:634d", dst="2001:db8:8a5a:4020:f160:162:c83d:527d") / UDP(sport=8788, dport=31245) / b"12345", ] sniffer = AsyncSniffer() sniffer.start() self.spawn.expect(r"Initializing L2listen with arguments") self.spawn.expect(r"Bound socket to '(.*)'\s") remote = self.spawn.match.group(1) # wait a bit to avoid race where socket is not bound yet time.sleep(.5) for packet in send_data: time.sleep(.001) # some spacing for test stability self.assertEqual(len(raw(packet)), self.comm_sock.sendto(raw(packet), remote)) for packet in send_data: self.spawn.expect(r"Receiving on L2listen with arguments") results = sniffer.stop() self.assertIsNotNone(results) self.assertEqual(len(send_data), len(results)) for pkt in send_data: self.assertIn(Ether(raw(pkt)), results)
def spoof_devices(ip, devs, logger): tgt = (ip.gateway, ip.dns_servers[0]) if util.is_spoof_dns(ip) else (ip.gateway, ) for entry in devs: dev_ip = util.get_device_ip(entry) dev_hw = ip.redis.get_device_mac( dev_ip, network=util.get_device_net(entry)) for source in tgt: if util.get_device_enabled(entry) == "1": # sendp(Ether(dst=dev_hw) / ARP(op=2, psrc=ip.gateway, pdst=dev_ip, hwdst=dev_hw)) sendp([ Ether(dst=dev_hw) / IPv6(src=source, dst=dev_ip) / ICMPv6ND_NA(tgt=source, R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.mac) ]) # sendp(Ether(dst=ip.gate_mac) / ARP(op=2, psrc=dev_ip, pdst=ip.gateway, hwdst=ip.gate_mac)) else: # sendp(Ether(dst=dev_hw) / ARP(op=2, psrc=ip.gateway, pdst=dev_ip, hwdst=dev_hw, hwsrc=ip.gate_mac)) # sendp(Ether(dst=ip.gate_mac) / ARP(op=2, psrc=dev_ip, pdst=ip.gateway, hwsrc=dev_hw)) sendp([ Ether(dst=dev_hw) / IPv6(src=source, dst=dev_ip) / ICMPv6ND_NA(tgt=source, R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.gate_mac) ])
def send_packet(context, srcaddr=None, hlim=None, valid=3600, pref=1800): from scapy.all import get_if_hwaddr from scapy.all import sendp, Ether, IPv6 from scapy.all import ICMPv6ND_RA from scapy.all import ICMPv6NDOptPrefixInfo in_if = "test10" out_if = "test11" p = Ether(dst=get_if_hwaddr(out_if), src=get_if_hwaddr(in_if)) if srcaddr or hlim: if hlim: p /= IPv6(dst="ff02::1", hlim=int(hlim)) else: p /= IPv6(dst="ff02::1", src=srcaddr) else: p /= IPv6(dst="ff02::1") valid, pref = int(valid), int(pref) p /= ICMPv6ND_RA() p /= ICMPv6NDOptPrefixInfo(prefix="fd00:8086:1337::", prefixlen=64, validlifetime=valid, preferredlifetime=pref) sendp(p, iface=in_if) sendp(p, iface=in_if) sleep(3)
def _icmpv6_handler(self, pkt): """This method is called for each ICMPv6 echo reply packet or multicast listener report packet received through scapy's sniff function. Incoming packets are used to spoof involved devices and add new devices to the redis db. Args: pkt (str): Received packet via scapy's sniff (through socket.recv). """ # add transmitting device to redis db self.ip.redis.add_device(pkt[IPv6].src, pkt[Ether].src) # impersonate gateway if not self.ip.redis.check_device_disabled(pkt[Ether].src): sendp( Ether(dst=pkt[Ether].src) / IPv6(src=self.ip.gateway, dst=pkt[IPv6].src) / ICMPv6ND_NA(tgt=self.ip.gateway, R=1, S=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ip.mac) ) # impersonate DNS server if necessary if util.is_spoof_dns(self.ip): if not self.ip.redis.check_device_disabled(pkt[Ether].src): sendp( Ether(dst=pkt[Ether].src) / IPv6(src=self.ip.dns_servers[0], dst=pkt[IPv6].src) / ICMPv6ND_NA(tgt=self.ip.dns_servers[0], R=1, S=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ip.mac) )
def craft_MDNS_IPv6(self, packet: Packet) -> Packet: """ This function crafts a MDNS-IPv6 packet. """ name = packet[DNSQR].qname return ( [ IPv6(dst=self.multicast_v6) / UDP(sport=5353, dport=5353) / DNS( qr=1, aa=1, rd=0, ancount=self.ipv6_number, an=self.craft_DNSv6_response(name), ), IPv6(dst=self.multicast_v6) / UDP(sport=5353, dport=5353) / DNS( qr=1, aa=1, rd=0, ancount=1, an=DNSRR(ttl=30, rrname=name, rdata=self.ip), ), ], packet[IPv6].src, name, "DNS", )
def test_ipv6_ext_frag_send_full_pktbuf(child, s, iface, ll_dst): length = pktbuf_size(child) # remove some slack for meta-data and header and 1 addition fragment header length -= (len(IPv6() / IPv6ExtHdrFragment() / UDP()) + (len(IPv6() / IPv6ExtHdrFragment())) + 96) port = s.getsockname()[1] # trigger neighbor discovery so it doesn't fill the packet buffer udp_send(child, ll_dst, port, 1) data, _ = s.recvfrom(1) last_nd = time.time() count = 0 while True: if (time.time() - last_nd) > 5: # trigger neighbor discovery so it doesn't fill the packet buffer udp_send(child, ll_dst, port, 1) data, _ = s.recvfrom(1) last_nd = time.time() udp_send(child, ll_dst, port, length) count += 1 try: data, _ = s.recvfrom(length) except socket.timeout: # 8 is the alignment unit of the packet buffer # and 20 the size of a packet snip, so take next multiple of 8 to # 28 length -= 24 else: break finally: pktbuf_empty(child) assert (count > 1)
def test_scapy_srp1(self): send_data = Ether(src="99:54:8f:91:12:f6", dst="44:35:a2:a6:d0:bd") / \ IPv6(src="fe80::1", dst="fe80::2") / \ ICMPv6EchoRequest() exp_reply = Ether(src="44:35:a2:a6:d0:bd", dst="99:54:8f:91:12:f6") / \ IPv6(src="fe80::2", dst="fe80::1") / \ ICMPv6EchoReply() self._test_sndrcv1(srp1, "L2socket", send_data, exp_reply)
def test_03_accepted_on_secondary_chain_host(self): eph_port = random.randint(30000, 60000) # force RST for this tuple rst = \ IP(dst=self.ALT_HOST) / \ UDP(sport=12345, dport=19523) / \ GLBGUE(private_data=GLBGUEChainedRouting(hops=[])) / \ IPv6(src=self.SELF_HOST_V6, dst=self.VIP) / \ TCP(sport=eph_port, dport=22, flags='R', seq=1234) send(rst) # create connection to the VIP on the alt host, which will accept the SYN syn = \ IP(dst=self.ALT_HOST) / \ UDP(sport=12345, dport=19523) / \ GLBGUE(private_data=GLBGUEChainedRouting(hops=[])) / \ IPv6(src=self.SELF_HOST_V6, dst=self.VIP) / \ TCP(sport=eph_port, dport=22, flags='S', seq=1234) # retrieve the SYN-ACK resp_ip = self._sendrecv6(syn, filter='ip6 host {} and port 22'.format( self.VIP)) assert isinstance(resp_ip, IPv6) assert_equals(resp_ip.src, self.VIP) assert_equals(resp_ip.dst, self.SELF_HOST_V6) resp_tcp = resp_ip.payload assert isinstance(resp_tcp, TCP) assert_equals(resp_tcp.sport, 22) assert_equals(resp_tcp.dport, eph_port) assert_equals(resp_tcp.flags, 'SA') assert_equals(resp_tcp.ack, syn.seq + 1) syn_ack = resp_ip # now send an ACK to the primary proxy host, it should get accepted on the second hop ack = \ IP(dst=self.PROXY_HOST) / \ UDP(sport=12345, dport=19523) / \ GLBGUE(private_data=GLBGUEChainedRouting(hops=[self.ALT_HOST, self.SELF_HOST])) / \ IPv6(src=self.SELF_HOST_V6, dst=self.VIP) / \ TCP(sport=eph_port, dport=22, flags='A', seq=syn_ack.ack, ack=syn_ack.seq + 1) # ensure we get a PSH from the host, since SSH should send us the banner resp_ip = self._sendrecv6(ack, filter='ip6 host {} and port 22'.format( self.VIP)) assert isinstance(resp_ip, IPv6) assert_equals(resp_ip.src, self.VIP) assert_equals(resp_ip.dst, self.SELF_HOST_V6) resp_tcp = resp_ip.payload assert isinstance(resp_tcp, TCP) assert_equals(resp_tcp.sport, 22) assert_equals(resp_tcp.dport, eph_port) assert_equals(resp_tcp.flags, 'PA')
def gen_packet(eth_only=False): """Generate a random network packet. By default, function generates a random IPv4 or IPv6 packet, possibly with TCP or UDP payloads. If the 'eth_only' parameter is set to True, the returned packet is an Ethernet frame that does not include any packet headers above layer 2. """ # generate ethernet frame with fixed MAC addresses pkt = Ether(src="53:00:00:00:00:01", dst="53:00:00:00:00:02") if not eth_only: # encapsulate IP packet if randint(0, 1) == 0: pkt /= IP(src=RandIP()._fix(), dst=RandIP()._fix()) else: pkt /= IPv6(src=RandIP6()._fix(), dst=RandIP6()._fix()) if IP in pkt: # generated packet L3 is IPv4 rand = random() if rand < 0.1: # mark some packets as fragmeents if randint(0, 1) == 0: pkt[IP].flags = 1 # set MF flag else: pkt[IP].frag = randint(1, 2**13 - 1) # frag offset elif rand < 0.2: # encapsulate an IPv6 packet in some others pkt /= IPv6(src=RandIP6()._fix(), dst=RandIP6()._fix()) elif rand < 0.8: # encapsulate TCP / UDP payload in some more if randint(0, 1) == 0: pkt /= TCP(sport=randint(0, 2**16 - 1), dport=randint(0, 2**16 - 1)) else: pkt /= UDP(sport=randint(0, 2**16 - 1), dport=randint(0, 2**16 - 1)) else: # do not encalsulate in all others pass elif IPv6 in pkt: # generated packet L3 is IPv6 rand = random() if rand < 0.8: # encapsulate TCP / UDP payload in some more if randint(0, 1) == 0: pkt /= TCP(sport=randint(0, 2**16 - 1), dport=randint(0, 2**16 - 1)) else: pkt /= UDP(sport=randint(0, 2**16 - 1), dport=randint(0, 2**16 - 1)) else: # encapsulate nothing pass # append some random payload pkt /= ''.join(chr(randint(0, 255)) for _ in range(randint(50, 1000))) return pkt
def test_encap_ipv6_two_segment(self): packet_in = \ Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb") / \ IPv6(src="2001:db8::1", dst="2001:db8::3") / \ TCP() packet_out = \ Ether(src="bb:bb:bb:bb:bb:bb", dst="aa:aa:aa:aa:aa:aa") / \ IPv6(src="fc00::1", dst="fc00::3") / \ IPv6ExtHdrSegmentRouting(len=(16 * 2) / 8, segleft=1, lastentry=1, addresses=["fc00::2", "fc00::3"]) / \ IPv6(src="2001:db8::1", dst="2001:db8::3") / \ TCP() self._run_test(packet_in, packet_out, BPF.XDP_TX)
def setUp(self): self.conf = helpers.get_conf() self.sfc = helpers.addr_services(self.conf, BulkListTestCase.services) ip6 = IPv6(src=self.sfc[-1], dst=self.sfc[0]) sr = IPv6ExtHdrSegmentRouting(addresses=self.sfc[::-1], nseg=len(self.sfc) - 1, fseg=len(self.sfc) - 1) self.hdr = (ip6 / sr / IPv6()) self.sport = 50000 self.dport = 60000
def handle_pkt(pkt): #if UDP in pkt and pkt[UDP].dport == 2152: #if UDP in pkt: print "got a packet" pkt.show2() #hexdump(pkt) print "===================================ENVIANDO PACOTE ALTERADO=============================" #new implementation time.sleep(5) if pkt.segleft >= 0: new = Ether(src=pkt[Ether].dst, dst=pkt[Ether].src) extension = IPv6ExtHdrRouting() extension.segleft = pkt.segleft - 1 extension.addresses = pkt.addresses if extension.segleft == 1: new = new / IPv6( dst=extension.addresses[1], src="2001:0DB8:AC10:FE01:0000:0000:0000:0003" ) / extension / UDP( sport=64515, dport=2152) / GTP_U_Header(TEID=32) / IPv6( dst="2001:0DB8:AC10:FE01:0000:0000:0000:0001", src="2001:0DB8:AC10:FE01:0000:0000:0000:0006") / "host3" if extension.segleft == 0: new = new / IPv6( dst=extension.addresses[0], src="2001:0DB8:AC10:FE01:0000:0000:0000:0003" ) / extension / UDP( sport=64515, dport=2152) / GTP_U_Header(TEID=32) / IPv6( dst="2001:0DB8:AC10:FE01:0000:0000:0000:0001", src="2001:0DB8:AC10:FE01:0000:0000:0000:0006") / "host3" new.show2() sendp(new, loop=0, count=1) #end of new implementation #old implementation #time.sleep(5) #pkt2 = pkt #temp = pkt[Ether].src #pkt2[Ether].src = pkt2[Ether].dst #pkt2[Ether].dst = temp #pkt2.segleft = pkt2.segleft - 1 #if pkt2.segleft == 1: # pkt2[IPv6].dst = pkt2.addresses[1]; #if pkt2.segleft == 0: # pkt2[IPv6].dst = pkt2.addresses[0]; #pkt2[Raw] = (b"host3") #pkt2.show2() #sendp(pkt2, loop=0, count=1) #sr1(sendp(pkt2, loop=1, verbose = False)) ja estava comentado main()
def packets_for_test(request, ptfadapter, duthost, config_facts, tbinfo, ip_and_intf_info): ip_version = request.param src_addr_v4, src_addr_v6, ptf_intf = ip_and_intf_info ptf_intf_index = int(ptf_intf.replace('eth', '')) ptf_intf_mac = ptfadapter.dataplane.get_mac(0, ptf_intf_index) vlans = config_facts['VLAN'] topology = tbinfo['topo']['name'] dut_mac = '' for vlan_details in vlans.values(): if 'dualtor' in topology: dut_mac = vlan_details['mac'].lower() else: dut_mac = duthost.shell( 'sonic-cfggen -d -v \'DEVICE_METADATA.localhost.mac\'' )["stdout_lines"][0].decode("utf-8") break if ip_version == 'v4': tgt_addr = increment_ipv4_addr(src_addr_v4) out_pkt = testutils.simple_arp_packet(eth_dst='ff:ff:ff:ff:ff:ff', eth_src=ptf_intf_mac, ip_snd=src_addr_v4, ip_tgt=tgt_addr, arp_op=1, hw_snd=ptf_intf_mac) exp_pkt = testutils.simple_arp_packet(eth_dst=ptf_intf_mac, eth_src=dut_mac, ip_snd=tgt_addr, ip_tgt=src_addr_v4, arp_op=2, hw_snd=dut_mac, hw_tgt=ptf_intf_mac) elif ip_version == 'v6': tgt_addr = increment_ipv6_addr(src_addr_v6) ll_src_addr = generate_link_local_addr(ptf_intf_mac) multicast_tgt_addr = in6_getnsma(inet_pton(socket.AF_INET6, tgt_addr)) multicast_tgt_mac = in6_getnsmac(multicast_tgt_addr) out_pkt = Ether(src=ptf_intf_mac, dst=multicast_tgt_mac) out_pkt /= IPv6(dst=inet_ntop(socket.AF_INET6, multicast_tgt_addr), src=ll_src_addr) out_pkt /= ICMPv6ND_NS(tgt=tgt_addr) out_pkt /= ICMPv6NDOptSrcLLAddr(lladdr=ptf_intf_mac) exp_pkt = Ether(src=dut_mac, dst=ptf_intf_mac) exp_pkt /= IPv6(dst=ll_src_addr, src=generate_link_local_addr(dut_mac)) exp_pkt /= ICMPv6ND_NA(tgt=tgt_addr, S=1, R=1, O=0) exp_pkt /= ICMPv6NDOptSrcLLAddr(type=2, lladdr=dut_mac) exp_pkt = mask.Mask(exp_pkt) exp_pkt.set_do_not_care_scapy(packet.IPv6, 'fl') return ip_version, out_pkt, exp_pkt
def test_end_ipv4_valid(self): packet_in = \ Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb") / \ IPv6(src="fc00::1", dst="fc00::3") / \ IPv6ExtHdrSegmentRouting(len=(16 * 2) / 8, segleft=1, lastentry=1, addresses=["fc00::2", "fc00::3"]) / \ IP(src="192.168.1.1", dst="192.168.1.3") / \ TCP() packet_out = \ Ether(src="bb:bb:bb:bb:bb:bb", dst="aa:aa:aa:aa:aa:aa") / \ IPv6(src="fc00::1", dst="fc00::2") / \ IPv6ExtHdrSegmentRouting(len=(16 * 2) / 8, segleft=0, lastentry=1, addresses=["fc00::2", "fc00::3"]) / \ IP(src="192.168.1.1", dst="192.168.1.3") / \ TCP() self._run_test(packet_in, packet_out, BPF.XDP_TX)
def build_reply_headers(pkt): src_ether = pkt[Ether].src src_ip = pkt[IPv6].src sport = pkt[UDP].sport dport = pkt[UDP].dport return Ether(dst=src_ether) / IPv6(dst=src_ip) / \ UDP(sport=dport, dport=sport)
def ndpPing(mac, vlan, ip): src_mac = get_ether_address(network.BRIDGE_NAME) packet = Ether(src=src_mac, dst=mac) if_name = vlan if '.' in vlan: if_name, vlan_id = vlan.rsplit('.', 1) vlan_id = int(vlan_id) if vlan_id: packet = packet / Dot1Q(vlan=vlan_id) local_ip = None for ip6 in netconf.get_current_ipv6(cidr=False)['ips']: if ip6.startswith('fe80'): local_ip = ip6 else: src_ip = ip6 break else: if local_ip is None: src_ip = 'fe80::66:66' # we need a source IP... else: src_ip = local_ip packet = packet / IPv6(src=src_ip, dst=ip) packet = packet / ICMPv6ND_NS(tgt=ip) sendp(packet, iface=if_name)
def main(): if len(sys.argv)<2: print 'pass 2 arguments: <destination>' exit(1) #addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, sys.argv[1]) while True: print s = str(raw_input('Type space separated port nums ' '(example: "4 3 1 2 2 ") or "q" to quit: ')) if s == "q": break; print pkt = Ether(src=get_if_hwaddr(iface), dst='00:aa:00:00:00:01') pkt = pkt / IPv6(dst=sys.argv[1], nh=150) / MRI(count=0, swtraces=[]) #pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0) #pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0) #pkt = pkt / UDP(dport=4321, sport=1234) / "P4 is cool" pkt.show2() for i in range(int(sys.argv[2])): sendp(pkt, iface=iface, verbose=False) sleep(1)
def test_forward_uncomp_not_first_ext_hdr(child, iface, hw_dst, ll_dst, ll_src): dummy = "affe::1" hl = random.randint(2, 255) # sniffing for packets to dummy sniffer.start_sniff(lambda p: p[Ether].src == hw_dst) # add dummy IPv6 address dst_iface = get_first_interface(child) hw_src = get_host_hwaddr(iface) add_neighbor(child, dst_iface, dummy, hw_src) sendp(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src, hlim=hl) / IPv6ExtHdrHopByHop() / IPv6ExtHdrRouting(type=3, segleft=1, addresses=[dummy]), iface=iface, verbose=0) ps = sniffer.wait_for_sniff_results() p = [p for p in ps if p[Ether].src == hw_dst] assert (len(p) > 0) p = p[0] assert (IPv6 in p) assert (IPv6ExtHdrRouting in p) assert (p[IPv6].src == ll_src) assert (p[IPv6].dst == dummy) assert (p[IPv6].hlim == (hl - 1)) assert (p[IPv6ExtHdrRouting].type == 3) assert (p[IPv6ExtHdrRouting].segleft == 0) pktbuf_empty(child) del_neighbor(child, dst_iface, dummy)
def test_reass_too_short_header(child, iface, hw_dst, ll_dst, ll_src): sendp(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src, nh=EXT_HDR_NH[IPv6ExtHdrFragment]) / "\x11", iface=iface, verbose=0) pktbuf_empty(child)
def test_empty_dest_opt_wo_register(child, iface, hw_dst, ll_dst, ll_src): # Try sending an empty Destination-Option header sendp(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) / IPv6ExtHdrDestOpt() / UDP(), iface=iface, verbose=0) pktbuf_empty(child)
def send_ra(): # Send a Router Advertisement with the "managed" and "other" flag set, which should cause clients to use DHCPv6 and ask us for addresses # routerlifetime is set to 0 in order to not adverise ourself as a gateway (RFC4861, section 4.2) p = Ether(src=config.selfmac, dst='33:33:00:00:00:01') / IPv6( src=config.selfaddr, dst='ff02::1') / ICMPv6ND_RA( M=1, O=1, routerlifetime=0) sendp(p, iface=config.default_if, verbose=False)
def info(interface): print("package test") test_domain = 'www.google.com' client = NM.Client.new(None) dev = client.get_device_by_iface(interface) ip4config = dev.get_ip4_config() ip6config = dev.get_ip6_config() name_servers4 = ip4config.get_nameservers() name_servers6 = ip6config.get_nameservers() print("IPv4 DNS servers: {}".format(name_servers4)) print("DNS query to {}".format(name_servers4[0])) payload = IP(dst=name_servers4[0]) payload /= UDP(dport=53) payload /= DNS(rd=1, qd=DNSQR(qname='www.thepacketgeek.com')) dns_rep = sr1(payload, verbose=0) for i in range(dns_rep['DNS'].arcount): print("DNS reply: {}".format(dns_rep['DNS'].ar[i].rdata)) print("IPv6 DNS servers: {}".format(name_servers6)) print("DNS query to {}".format(name_servers6[0])) payload = IPv6(dst=name_servers6[0]) payload /= UDP(dport=53) payload /= DNS(rd=1, qd=DNSQR(qname='www.thepacketgeek.com')) dns_rep = sr1(payload, verbose=0) for i in range(dns_rep['DNS'].arcount): print("DNS reply: {}".format(dns_rep['DNS'].ar[i].rdata))
def udp6(self): # UDP port 9 + WOL Payload return sendp([ Ether() / IPv6(dst='ff02::1') / UDP(sport=32767, dport=9) / Raw(load=self.wol_payload) ], iface=self.intf)
def build_ip_hdr(ip_type, sip, dip, bcsum): """ Build IPv4 or IPv6 header. """ if ip_type == "ipv4": ip_hdr = IP(src=sip, dst=dip, chksum=bcsum) else: ip_hdr = IPv6(src=sip, dst=dip) return ip_hdr
def test_empty_mixed2_w_rt_hdr_registered(child, iface, hw_dst, ll_dst, ll_src): # Register to routing header register_protnum(child, EXT_HDR_NH[IPv6ExtHdrRouting]) # Try sending a packet with a number of extension headers in not recommended # (but legal) order sendp(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) / IPv6ExtHdrHopByHop() / IPv6ExtHdrRouting() / IPv6ExtHdrDestOpt() / IPv6ExtHdrFragment() / UDP() / "\x01\x02", iface=iface, verbose=0) # Routing header with payload child.expect(r"~~ SNIP 0 - size:\s+(\d+) byte, type: NETTYPE_\w+ \(\d+\)") ipv6_payload_len = int(child.match.group(1)) # NH = IPv6ExtHdrDestOpt, len = 0x00, routing type = 0, segments left = 0 # NH = IPv6ExtHdrFragment, len = 0x00, PadN option (0x01) of length 0x04 child.expect(r"00000000 {:02X} 00 00 00 00 00 00 00 " r"{:02X} 00 01 04 00 00 00 00".format( EXT_HDR_NH[IPv6ExtHdrDestOpt], EXT_HDR_NH[IPv6ExtHdrFragment])) # NH = 17 (UDP), reserved = 0x00, fragment offset = 0, res = 0, M = 0 child.expect(r"00000010 11 00 00 00 00 00 00 00") # Hop-by-hop-option child.expect(r"~~ SNIP 1 - size:\s+(\d+) byte, type: NETTYPE_\w+ \(\d+\)") ipv6_payload_len += int(child.match.group(1)) # NH = IPv6ExtHdrRouting, len = 0x00, PadN option (0x01) of length 0x04 child.expect(r"00000000 {:02X} 00 01 04 00 00 00 00".format( EXT_HDR_NH[IPv6ExtHdrRouting])) # IPv6 header child.expect(r"~~ SNIP 2 - size:\s+40 byte, type: NETTYPE_IPV6 \(\d+\)") child.expect_exact(r"length: {} next header: {}".format( ipv6_payload_len, EXT_HDR_NH[IPv6ExtHdrHopByHop])) child.expect_exact(r"destination address: {}".format(ll_dst)) pktbuf_empty(child) unregister(child)
def iterate_bgp_prefix(prefix): prefixlen = prefix.prefixlen #ie. number of possible network prefixes for i in range(2**(64 - prefixlen)): #only interested in network half of prefix #shift i left 64 bits so only this half of the address is searched #use arbitrary value 1 for host identifier half # prefix_iteration = prefix.network_address + (i << 64) + ipaddress.IPv6Address("::1000:0:1:2") # prefix_iteration = prefix.network_address + (i << 64) + 0x200e prefix_iteration = prefix.network_address + (i << 64) + 1 #print(prefix_iteration) icmp_pkt = IPv6(dst=str(prefix_iteration)) / ICMPv6EchoRequest() #send - send packets at layer 3 #sr - send packets and match reply #sr1 - send packets, but only match first reply res = sr1(icmp_pkt, timeout=15) #invalid/unadvertised prefix or host identifier, DROP policy on final hop if res == None: print("Timeout, no response received.") #note: .show() displays None, but prints packet details before print line elif ICMPv6EchoReply in res: print("Echo reply - host found:\n%s" % res.show()) #code 3 = Destination Unreachable: Address Unreachable #ie. live network prefix found, no matching host ID elif ICMPv6DestUnreach in res: if res[ICMPv6DestUnreach].code == 3: print("Destination unreachable:\n%s, %s" % (res.show(), "Address Unreachable")) #code 0 = Destination Unreachable: No Route #invalid/unadvertised prefix, REJECT policy on final hop elif res[ICMPv6DestUnreach].code == 0: print("Destination unreachable:\n%s, %s" % (res.show(), "No route")) else: print("Other: %s" % res.show())
def craft(hdr, fl): helpers.Utils.set_fl(hdr, fl) pkt = hdr / IPv6() / ICMPv6EchoRequest() pkt = pkt.__class__(str(pkt)) return ([pkt], {fl: [pkt]})
def iterate_interface_identifier(prefix, oui): #ie. iterate through the missing 24 bits in IID, starting at 1 #for i in range(2**24): responses = [] for i in range(600): #need 0xfffe for actual OUI testing, ignore for initial tests host_iteration = prefix.network_address + (0xf << 16) + i #host_iteration = prefix + oui + 0xfffe + i icmp_pkt = IPv6(dst=str(host_iteration)) / ICMPv6EchoRequest() #icmp_pkt.show() #print(host_iteration) #''' #res = sr1(icmp_pkt, timeout=5) res = sr1(icmp_pkt, timeout=2, filter="ip6") if res == None: print("Timeout, no response received within limit. %s" % icmp_pkt.dst) elif ICMPv6DestUnreach in res: print("Destination unreachable: code %s" % res.code) elif ICMPv6EchoReply in res: print("Echo reply: %s" % res.src) responses.append(res.src) else: print("Other: %s" % res.show()) #''' print("\n\n===========\nFinal responses: %d\n%s\n\n" % (len(responses), responses))
def test_reass_offset_too_large(child, iface, hw_dst, ll_dst, ll_src): size = pktbuf_size(child) sendp(Ether(dst=hw_dst) / IPv6(dst=ll_dst, src=ll_src) / IPv6ExtHdrFragment(offset=((size * 2) // 8)) / "x" * 128, iface=iface, verbose=0) pktbuf_empty(child)