I am trying to find source IP address of the received packet using python 3, but without success. Does anyone has an idea how to do that? I want to reply to multicast message with unicast message to the sender and also make a list of senders IP addresses.
Thank you
are you trying to sniff a packet? or is the packet already captured by python? if you want to sniff the packet, read the information, create a new packet and send it to the sender, you can use scapy
Related
I have tried and tested scapy to create TCP packets and UDP packets.
Investigated the packet using tcpdump also.
I created the packet with one source IP and one destination IP.
My purpose was to test suricata with the content in the rule as my packet payload.
Suricata could trigger alerts easily in these scenarios.
But when the turn came to create http packets with the payload, it failed.
Please tell me how to create an http packet using scapy.
The packet should contain any string as data. {In TCP I used Raw(load=data)}
Ok so I am trying to block a specific packet on my computer that I captured using wireshark from being sent to an ip address. It is UDP protocol. So, how would I accomplish this with python?
Edit: I am currently on Windows 10
I am trying to send an ICMP packet in python using scapy using my Debian VPS but I am not trying to spoof the IP or anything, but since my server doesn't spoof it won't send it anyways, but I cannot figure out any other way to create an ICMP packet and send it. How can I do this?
Build an IP and an ICMP layer, like this:
from scapy.layers.inet import IP, ICMP
DESTINATION = "192.168.111.4"
packet = IP(dst=DESTINATION, ttl=20) / ICMP()
# print(packet)
I am sending packets using:
send(IP(dst="192.168.1.114")/fuzz(UDP()/NTP(version=4)), loop=1)
But I am not able to capture these packets in any other nearby machine (including the one with IP 192.168.1.114) which is on the same network. I am using wlan as my interface.
I also tried to sniff and then replay using scapy but I am still not able to capture those packets.
i would first try to capture the traffic on the sender machine with tcpdump while executing your program:
tcpdump -i any udp dst 192.168.1.114
if you can see the traffic leaving the source host it may be that it does not arrive on the target host. UDP packets are the first packets to be dropped by any network device and as it is the nature of UDP it wont get retransmitted. if you are sure the packet leaves the source verify if it arrives at the target:
tcpdump -i any upd dst 192.168.1.114
Another point to check is your firewall settings. It could be either on the source or target system that your firewall is blocking those requests.
I finally resolved this. Here is the checklist I made which might help others when dealing with replaying/fuzzing using scapy.
Check if all IP addresses you are dealing with are alive in the
network (use ping)
Understand the difference between send() (layer 3)and sendp() (layer 2)
If mutating existing packet make sure to
remove the checksum (using 'del') and recalculate the checksum
either using show2() or using str to convert packets to string
and then converting them back to packets
You should use Wireshark, or the sniff function in Scapy and make it pretty print the contents on the screen:
sniff(lambda x:x.show())
I'm currently trying to send an IP packet to an interface using the send(pkt, iface="eth0") function and I'm getting the error:
WARNING: Mac address to reach destination not found. Using broadcast
The interface I am trying to send out on doesn't have an IP address, and thats the way I would prefer it. And if it makes a difference, the interface is a bridge (created with brctl)
There is an ARP entry for the host that is in the IP packet however it seems scapy isn't doing the lookup required to get the MAC from the ARP table...
Thoughts?!
I would say this is normal, since making a valid ARP request requires an IP address (and Scapy maintains its own ARP table, independent from the OS one).
You can set the destination address yourself: srp(Ether(dst="[MAC address]")/[...]). If you need to get the MAC address first, create and send an ARP request the same way.
To query Scapy's ARP table, access the element conf.netcache.arp_cache, which is a Scapy-specific dict subclass (called CacheInstance).
For example, to add an entry for your host (and then use sr([...]) instead of srp(Ether(dst="[MAC address])/[...])), use:
conf.netcache.arp_cache['[IP address]'] = '[MAC address]'
The default dst address (MAC address) of an Ethernet frame in scapy is broadcast. This warning is generated whenever you send an Ethernet frame to the broadcast address (ff:ff:ff:ff:ff:ff), as far as I'm concerned. You can see this by creating the packet like this:
Ether()/IP() or Ether()/ARP()
instead of just IP() or ARP().