Impacket & dpkt sending features? - python

Is there any support for sending packets in impacket or dpkt libraries?
I was able to find examples of sniffing, interpreting and constructing packets using these libraries, but they don't seem to support sending over network interfaces.
Ping example of impacket library uses standard socket library in python to send the packet.
Any help would be great. Thanks

dpkt does not have any built-in way to send packets. Once you construct the packet, you will need to use a RAW socket to send out packets. Here is a good example, which shows you how to send a raw ICMP packet constructed using dpkt.

Related

Sending custom frame / packet in Python

I read many articles and found how to send custom packet based on IP using socket(AF_INET, SOCK_RAW, IPPROTO_RAW). But I want to send completely custom packet starting from Ethernet header. I can't send ARP packet if I can't form Ethernet header cause ARP don't based IP. Please, help!
P.S. I am on Windows 7, not Linux :(
In python, the easiest way is to use the cross-platform scapy library. It’s well known for that
Scapy
You can sniff, send.... lots of packets, add your own protocols, use existing ones... and it works on nearly all platforms. (On windows, it uses Npcap/Winpcap)
You can then build an ARP packet using
from scapy.all import *
pkt = ARP()
pkt.show()
sendp(Ether(dst=..., src=...)/pkt)
Which will create such packets
###[ ARP ]###
hwtype= 0x1
ptype= 0x800
hwlen= 6
plen= 4
op= who-has
hwsrc= 00:50:56:00:1e:3d
psrc= 212.83.148.19
hwdst= 00:00:00:00:00:00
pdst= 0.0.0.0
To build the packet, use the / operator
ether = Ether()
ether.src = “00:00:00:00:00:00”
ether.dst = “ff:ff:ff:ff:ff:ff”
arp = ARP()
[edit arp.psrc, arp.pdst, arp.hwsrc, arp.hwdst]
packet = ether/arp
sendp(packet) # sens packet on layer 2
Have a look at its Scapy documentation
There's no cross-platform way to do what you want, of course.
Python is just passing these values through to the underlying C API. So, on a platform with a complete BSD sockets API including the packet interface, you can just use AF_PACKET and the other appropriate flags. (I think you'd want ETH_P_ALL or ETH_P_802_2 rather than IPPROTO_RAW, or you might want SOCK_DGRAM… anyway, read your platform's man packet and figure it out based on what you actually need to do.) On Linux, at least most of these flags should be available on the SOCKET module; on other Unixes, they often don't get picked up, so you have to manually look them up in the system headers and use hardcoded constant ints in your code.
Unfortunately, if you're on Windows, this doesn't do any good. While WinSock has a feature they call TCP/IP Raw Sockets, accessed via SOCK_RAW, and recent versions of Python do expose this, it's just an emulation of a small subset of what actual BSD sockets implementations can do, and doesn't offer any way to go below the IP level (hence the name of the feature).
Microsoft's solution to this used to be that you'd write a TDI provider with the DDK, which would implement whatever protocol you wanted to expose as another WinSock protocol, and then your application-level code could just use that protocol the same way it would use, e.g., TCP. From the linked document above, it looks like this is obsolete, but the replacement seems like the same idea but with different acronyms (and, presumably, different APIs).
On the other hand, I'm pretty sure Windows already comes with protocols for ARP, ICMP, and anything other protocols needed for its usermode tools (because they obviously can't be written around raw packets). I'm just not sure how to access them.
As far as I know, the usual alternative is to use WinPcap.
While this was originally designed to be a packet capture library, it also implements a complete link-level socket interface that you can use for sending and receiving raw frames.
And there are Python wrappers for it, like WinPcapy.
So, as long as you can require that the WinPcap driver be installed, you can write ARP code, etc., on Windows in Python. It's just different from doing it on Unix.
In fact, one of the examples on the front page of WinPcapY, "Easy Packet sending", should get you started:
from winpcapy import WinPcapUtils
# Build a packet buffer
# This example-code is built for tutorial purposes, for actual packet crafting use modules like dpkt
arp_request_hex_template = "%(dst_mac)s%(src_mac)s08060001080006040001" \
"%(sender_mac)s%(sender_ip)s%(target_mac)s%(target_ip)s" + "00" * 18
packet = arp_request_hex_template % {
"dst_mac": "aa"*6,
"src_mac": "bb"*6,
"sender_mac": "bb"*6,
"target_mac": "cc"*6,
# 192.168.0.1
"sender_ip": "c0a80001",
# 192.168.0.2
"target_ip": "c0a80002"
}
# Send the packet (ethernet frame with an arp request) on the interface
WinPcapUtils.send_packet("*Ethernet*", packet.decode("hex"))

Read raw ethernet packet using python on Raspberry

I have a device which is sending packet with its own specific construction (header, data, crc) through its ethernet port.
What I would like to do is to communicate with this device using a Raspberry and Python 3.x.
I am already able to send Raw ethernet packet using the "socket" Library, I've checked with wireshark on my computer and everything seems to be transmitted as expected.
But now I would like to read incoming raw packet sent by the device and store it somewhere on my RPI to use it later.
I don't know how to use the "socket" Library to read raw packet (I mean layer 2 packet), I only find tutorials to read higher level packet like TCP/IP.
What I would like to do is Something similar to what wireshark does on my computer, that is to say read all raw packet going through the ethernet port.
Thanks,
Alban
Did you try using ettercap package (ettercap-graphical)?
It should be available with apt.
Alternatively you can try using TCPDump (Java tool) or even check ip tables

How can I check Is a packet HTTP or just TCP?

I am using scapy in python to capture packets. For some analysis I want to check is a packet HTTP or just TCP. How can I do that ? Is it related to /raw or something else?

Send packet to webserver?

I'm just getting into python, and I dont now how to send packets.
So can anyone tell me how can I send packets to a webserver? I would also like to choose the size of the packet myself?
I'm using python 2.7.
You can use the httplib module, to easily create http requests. Or, if you want to take a bare approach, you can use the socket module to manually create a TCP connection and send whatever packets you would like.
from httplib import HTTPConnection
...
HTTPConnection.putheader("Content-Length","512")
HTTPConnection.endheaders()
HTTPConnection.send(data)
multipart/form-data example:
http://www.voidspace.org.uk/python/cgi.shtml#upload upload_test.py

How do I send an ARP packet through python on windows without needing winpcap?

Is there any way to send ARP packet on Windows without the use of another library such as winpcap?
I have heard that Windows XP SP2 blocks raw ethernet sockets, but I have also heard that raw sockets are only blocked for administrators. Any clarification here?
There is no way to do that in the general case without the use of an external library.
If there are no requirements on what the packet should contain (i.e., if any ARP packet will do) then you can obviously send an ARP request if you're on an Ethernet network simply by trying to send something to any IP on your own subnet (ensuring beforehand that the destination IP is not in the ARP cache by running an external arp -d tar.get.ip.address command), but this will probably not be what you want.
For more information about raw socket support see the TCP/IP Raw Sockets Docs page, specifically the Limitations on Raw Sockets section.
You could use the OpenVPN tap to send arbitrary packets as if you where using raw sockets.

Categories