Grabbing and sending packets with Scapy (Scapy, part 2)
HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.
In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:
- Send family - Just send packets in layer 2 or 3.
- Send and Receive family - Send packets in layer 2 or 3 and print or store results.
- Sniff family - Receive packets in promisc mode and return them in a packet list.
This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.
You can see a sample of Sniff family in action, below (execute scapy as root):
>>> a=sniff(count=2) >>> a <Sniffed: UDP:2 ICMP:0 TCP:0 Other:0> >>> a.nsummary() 0000 Ether / IP / UDP / DNS Qry "www.google.com." 0001 Ether / IP / UDP / DNS Ans "www.l.google.com." >>> a.show() ###[ Ethernet ]### dst= 00:03:99:89:83:a9 src= 00:1e:c9:1b:7b:da type= 0x800 ###[ IP ]### version= 4L ihl= 5L tos= 0x0 len= 60 id= 12959 flags= DF frag= 0L ttl= 64 proto= udp chksum= 0xd5af src= 10.1.0.1 dst= 188.8.131.52 options= '' ###[ UDP ]### sport= 54584 dport= domain len= 40 chksum= 0x329c ###[ DNS ]### id= 16628 qr= 0L opcode= QUERY aa= 0L tc= 0L rd= 1L ra= 0L z= 0L rcode= ok qdcount= 1 ancount= 0 nscount= 0 arcount= 0 qd |###[ DNS Question Record ]### | qname= 'www.google.com.' | qtype= A | qclass= IN an= 0 ns= 0 ar= 0 >>>
You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).
>>> sniff(filter="udp and port 53", count=2, iface="eth0") <Sniffed: UDP:2 ICMP:0 TCP:0 Other:0> >>>
Sending a simple ICMP packet
>>> pkt=IP(dst="10.0.0.1")/ICMP() >>> pkt <IP frag=0 proto=icmp dst=10.0.0.1 |<ICMP |>> >>> send(pkt,count=2) .. Sent 2 packets.
Ok, this a simple sample, I know, but you now can use your mind and play with Scapy.