I have three virtual machines all on Centos 6.5.
The current setup is as follows:
A ------(eth0) B (eth1)------- C
Currently, when A pings C, it is routed through B as they are on different networks.
I want to write a script using python and scapy (Used on machine B) that will intercept the packet that passes through eth0.
By intercepting the packet, I can hold it for some time (delay) or do some packet manipulation.
I then want to send the packet to its destined destination.
Does anyone know how I can intercept packets before they reach their end destination using Python and Scapy?
I have read a lot about Netfilter and iptables but not exactly sure how I can intercept the packets and change them.
Thank you in advance
Related
I am sending packets using:
send(IP(dst="192.168.1.114")/fuzz(UDP()/NTP(version=4)), loop=1)
But I am not able to capture these packets in any other nearby machine (including the one with IP 192.168.1.114) which is on the same network. I am using wlan as my interface.
I also tried to sniff and then replay using scapy but I am still not able to capture those packets.
i would first try to capture the traffic on the sender machine with tcpdump while executing your program:
tcpdump -i any udp dst 192.168.1.114
if you can see the traffic leaving the source host it may be that it does not arrive on the target host. UDP packets are the first packets to be dropped by any network device and as it is the nature of UDP it wont get retransmitted. if you are sure the packet leaves the source verify if it arrives at the target:
tcpdump -i any upd dst 192.168.1.114
Another point to check is your firewall settings. It could be either on the source or target system that your firewall is blocking those requests.
I finally resolved this. Here is the checklist I made which might help others when dealing with replaying/fuzzing using scapy.
Check if all IP addresses you are dealing with are alive in the
network (use ping)
Understand the difference between send() (layer 3)and sendp() (layer 2)
If mutating existing packet make sure to
remove the checksum (using 'del') and recalculate the checksum
either using show2() or using str to convert packets to string
and then converting them back to packets
You should use Wireshark, or the sniff function in Scapy and make it pretty print the contents on the screen:
sniff(lambda x:x.show())
I am creating a program in python (either 2 or 3) in which I need to be able to drop a packet. Using scapy I know how to inspect packets, craft one and modify one sniffed from the sniff() function. I believe the sniff function can't actually modify the incomming packets (correct me if I'm wrong). I would like to know how I could drop some packets. Ex: if it has a src.ip==192.168.1.5, then drop it there.
You can not drop packets with scapy or any other sniffing programm.
You should try using iptables. There is a wrapper for iptables called python-iptables. It can help you to create, manage and delete different firewall rules from your python programm
I want to know the number of packets and the packet size for each packet sent by every process in the host computer.
I have tried using psutil the library:
p=psutil.Process(pid)
process_connection=p.connections()
But it shows the address and port but no information about the packet.
psutil.net_io_counters()
This shows the bytes sent and received by the host.
How can I get this information using Python 2.7 and Windows 7?
Conceptually, you need to apply a packet sniffer for that. The process statistics do not collect (meta-)information about each and every packet sent by a process, that would be very inefficient with respect to both processing power and memory footprint.
Scapy is one of the popular packages providing packet sniffing from Python for unixes, but I don’t know about its support for windows or other packages which support windows.
Using a Lantronix UDS-1100 serial to IP converter. The goal is to write a small proof of concept piece in Python to capture serial data output by this device over IP.
I've done a couple test projects using sockets in python, but they were all done between python processes (python > python): listen() on one end, and connect(), sendall() etc on the other.
I think I can use sockets for this project, but before I invest a bunch of time into it, wanted to make sure it is a viable solution.
Can python sockets be used to capture IP traffic when the traffic is originating from a non-python source? I have full control over the IP and port that the device sends the serial data to, but there will be no python connect() initiated by the client. I can pre-pend then serial data with some connect() string if needed.
If sockets won't work, please recommend another solution...guessing it will be REST or similar.
Of course. TCP/IP is supposed to be cross-platform and cross-language, so in theory you should be able to communicate with every kind of device as long as you manage to process and send the expected protocol.
I don't know if this is possible but I am wondering?
I am doing some internal pentesting and using Scapy and Netcat, and I created a TCP packet with the payload "testing". I want to get the payload content piped into Netcat's listening port, using this example code:
test = IP(src="192.168.4.134")/TCP(dport=1234)/"testing"
send(test)
but all that ever prints is:
.
Sent 1 packets
Which is what Scapy spits out after its sent the packet. I've been trying to figure out what I need to use in my code to show this. I know Netcat used stdin and stdout, but I don't properly know how to code in Python yet, I'm just practising!
Can anyone help? Regards,
TCP is session based. Machines that want to communicate, must first synchronize (setup a session) with one another.
This process is whats called a 3-way-handshake using the steps: SYN, SYN-ACK, ACK.
1.) Machine A ====SYN====> Machine B (Machines A, running scapy, tries to synch with B, running netcat)
2.) Machine B ==SYN-ACK==> Machine A (Machine B ACKs and SYNs with Machine A)
3.) Machine A ====ACK====> Machine B (Machine A ACKs the SYN-ACK from Machine B)
The machines now have a session (connection) and can send data to one another.
Running netcat on a listening machine and trying to send it a single packet from scapy fails because your machine (A) fails to sync with machine (B) running netcat.
IP 10.22.4.45.20 > 10.1.2.3:1234: Flags [S], seq 0:7, win 8192, length 7
IP 10.1.2.3:1234 > 10.22.4.45:20: Flags [S.], seq 2668993358, ack 1, win 14600, options [mss 1460], length 0
IP 10.22.4.45:20 > 10.1.2.3:1234: Flags [R], seq 1, win 0, length 0
As you can see, machine B (netcat) tries to syn-ack with your machine, but since you just sent it a single packet and aren't listening for the returning SYN-ACK, your machine generates a RST (Reset) and the attempted connection is shutdown before the 3-way-handshake was completed.
There are two options. Either use UDP which is connectionless and doesn't require this connection setup, or do a complete TCP handshake. Scapy has a few ways to help you manage the TCP session creation should you choose the latter: http://trac.secdev.org/scapy/wiki/TCP