I have a raw ethernet Frame that i want to send
How should i do that? i tried to send hex values of a frame but i still cant control packet header that contains src/dst address and ports
import socket
# the public network interface
HOST = socket.gethostbyname(socket.gethostname())
addr = ('46.165.204.237', 10000)
# create a raw socket and bind it to the public interface
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
s.bind((HOST, 0))
netpacket = '\xDE\xB0\x7B\xE5\xA7\xCD\x4C\x17\xEB\x07\x0D\xBC\x08\x00\x45\x00\x00\x92\x68\x94\x40\x00\x78\x06\xDC\x94\x2E\xA5\xCC\xED\xC0\xA8\x01\x02\x27\x10\x07\xC8\x04\xD7\xEA\xEA\xC3\x2A\x4E\xA2\x50\x18\x01\x02\x39\xB0\x00\x00\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E\x30\x22\x3F\x3E\x3C\x50\x61\x63\x6B\x65\x74\x3E\x3C\x6F\x70\x65\x72\x61\x74\x69\x6F\x6E\x3E\x33\x3C\x2F\x6F\x70\x65\x72\x61\x74\x69\x6F\x6E\x3E\x3C\x64\x61\x74\x61\x3E\x33\x24\x30\x24\x30\x24\x30\x24\x30\x24\x30\x3C\x2F\x64\x61\x74\x61\x3E\x3C\x65\x78\x74\x64\x61\x74\x61\x3E\x3C\x2F\x65\x78\x74\x64\x61\x74\x61\x3E\x3C\x2F\x50\x61\x63\x6B\x65\x74\x3E'
#netpaket = netpacket.encode('UTF-8')
s.sendto(netpacket.encode('UTF-8'), addr)
Is there in Python a function like sendRaw() or sendRawFrame()?
I know scapy can handle this, but i need to do that many many times, and every time with various payload data. How scapy can be automated? I mean python script that launch scapy creates packet with some payload and send it.
scapy.py
packet1 = IP(dst='46.165.204.237')/TCP(sport=1992, dport=10000)/'<?xml version="1.0"?><Packet><operation>99</operation><data><![CDATA[8 fast]]></data><extdata><![CDATA[]]></extdata></Packet>.'
send(packet1)
The goal for it is to send packet from a port that already in use. If there a better solution for that problem?
Offtopic: maybe someone knows how to send packets through the Open socket id in windows (not only in python)?
You can provide Scapy with raw input by using the Raw layer.
netpacket = Raw('\xDE\xB0...')
To send packets at the ethernet layer - see the documentation for sendp.
sendp(netpacket, iface="eth1")
Related
I am trying to work with pcap files. For a preprocessing phase, I am trying to remove an ethernet header using scapy but not sure if this is the right way. Any ideas would like much appreciated. Thanks
I am working on Jupyter notebook and I use python and scapy to read pcap files.
Packet summary:
'Ether / IP / UDP 131.XXX:XXX:XXX:netbios_ns > 131.XXX:XXX:XXX:netbios_ns / NBNSQueryRequest'
Tried:
pk1= ['Ether / IP / UDP 131.XXX:XXX:XXX:netbios_ns > 131.XXX:XXX:XXX:netbios_ns / NBNSQueryRequest']
pkt2=pk1['NBNSQueryRequest']
pk1[Ether].remove_payload()
pk1 /=pkt2
If I understand correctly your question you can access the payload by doing the following:
pk1[1]
pk1.payload
Assuming you have a Packet object with the following layers:
pkt = Ether()/IP()/ICMP()
The packet would look something like this:
print(repr(pkt))
# <Ether type=IPv4 |<IP frag=0 proto=icmp |<ICMP |>>>
pkt is actually an ethernet packet with all the other layers encapsulated as it's payload, so you can just use:
pkt = pkt.payload
# Or
pkt = pkt[Ether].payload
And you'll end up with:
print(repr(pkt))
# <IP frag=0 proto=icmp |<ICMP |>>
You may open capture file in Wireshark, go to File menu, then "Export PDU" and specify a filter of what do you want to export.
I am using a raspberry pi to send data through TCP/IP where the raspberry pi is the server and my local windows machine is the client.
When I try to read data in python 3, I am getting weird characters for example:
send 20 decimal I receive #4
send 21 decimal I receive #5
send 22 decimal I receive #6
Below is the code running on my local machine:
import socket
host = '192.168.1.100'
port = 25000
mySocket = socket.socket()
mySocket.connect((host,port))
data = mySocket.recv(4).decode()
print (data)
Using python 2 is no problem and characters received with no decoding needed. I know I need to do some decoding on the data but not sure what. Any advise will be very helpful.
I finally figured this by using the following code:
data = mySocket2.recv(4)
newData = int.from_bytes(data, byteorder='big', signed=False)
The sender is sending uint32 data, that is obviously not-signed and is bigEndian. This has to be specified at the receiver side as well (my python3 script). If the sender changes and starts sending int8 data then I will need to update the receiver code to the following:
data = mySocket2.recv(1)
newData = int.from_bytes(data, byteorder='big', signed=True)
P.S. serial or TCP/IP receiving seem to follow the same logic in python, this means that data received requires the same encoding.
I intend to create a fake AP in order to send the frames received from the client to the real AP and,
of course, the frames received from the real AP to the client... all passing through the fake AP.
I will use hostapd to create the fake AP and scapy to sniff and manipulate the packets (changing only source and destination).
Basically, using python, this is what I'm going to do:
Client->FakeAP->RealAP
1) sniff the packet
2) change source and destination (src=FakeAP, dst=RealAP)
3) send the packet to the Real AP
RealAP->FakeAP->Client
1) sniff the packet
2) change source and destination (src=FakeAP, dst=Client)
3) send the packet to the Client
Here's the code:
from scapy.all import *
def manipulateAndSend(pkt):
pkt[Ether].src= new_src_mac
pkt[Ether].dst= new_dst_mac
pkt[IP].src= new_src_ip
pkt[IP].dst= new_dst_ip
send(pkt)
sniff(iface="wlan0", prn=manipulateAndSend, filter="tcp", store=0)
My two questions are:
1) In hostapd I'm going to set a "whatever" WPA key, so how can I avoid to reject the authentication?
2) How can I edit the IP src and dst of the packet if the IP association starts after the authentication is complete?
I want to my UDP data packet to have literately this information for example:
data = "83053163021478010102010370020000000000"
I'm using the follow code to send it which works fine(I can see it going out on wireshark):
listener = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
listener.sendto(data, (IP, PORT))
When I look at the data packet in wireshark i want the (wireshark)data packet == data. How do I declare/convert the data type to make this happen.
I think this should do the trick:
import codecs
data = codecs.decode("83053163021478010102010370020000000000", "hex_codec")
Then you can send data same as you are doing now.
ref: How to create python bytes object from long hex string?
I want to send data from a Simulink model (running in real time) to a Python script (also running in real time. I am using Simulink's built-in "UDP Send" block, which works, but I don't know how to decode the data I'm getting. This is what my python script looks like:
import sys, struct
from socket import *
SIZE = 1024 # packet size
hostName = gethostbyname('0.0.0.0')
mySocket = socket( AF_INET, SOCK_DGRAM )
mySocket.bind((hostName,5002))
repeat = True
while repeat:
(data,addr) = mySocket.recvfrom(SIZE)
data = struct.unpack('d',data)
print data
I've suspected that the data stream should be something like a double, but while it's giving me numbers they aren't meaningful:
If simulink sends a constant "1", I get an output of "3.16e-322"
If Simulink sends a constant "2", I get an output of "3.038e-319"
Any ideas?
Turns out my network was reversing the packet bits. The solution was to read it in as bit-reversed:
data = struct.unpack('!d',data)
I have no clue why this happens over some networks and not others. Can someone comment on a way to tell if I need to use bit-reversal?
The problem occurs when the sender and receiver has different byte order.
See sys.byteorder.
Best practice should be to always convert to network order when sending and convert again when receiving.