I am learning "Python Black Hat". I will not respond when I use scapy to get the IP address of ip. I have not received any reply from the sent packet. I found a simple example from the Internet and the effect is the same. Why is that?
from scapy.all import srp,Ether,ARP,conf
ipscan='127.0.0.1'
try:
ans,unans=
srp(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=ipscan),timeout=2,verbose=False)
except Exception as e:
print(str(e))
else:
for snd,rcv in ans:
list_mac=rcv.sprintf("%Ether.src% - %ARP.psrc%")
print(list_mac)
I learned ARP spoofing in the book, experimented with my win7 virtual machine, but failed to get the MAC address.
Since every network interface only answer for address that bound to them and You're sending your packet to yourself (127.0.0.1), nobody answer your request. change the ipscan then it works fine
Related
I'm trying to send a fake echo response to a virtual machine that is trying to ping an IP address from another virtual machine. When I send ping from the victim VM, the terminal output of the victim VM says that there were no packets received but I can see that the fake response packets are received using wireshark on the victim VM. I tried turning off the firewall but nothing changed. Are there any other security measures that I'm not aware of? (Both VMs are Ubuntu 16.04)
i use python 3.6 and windows 7
i try to use wmi but not working every time i try to change the ip address
no connection happen with the net
and give me this error DHCP is not enabled for local area connection
my code to change the ip address :
def change_ip_address():
nic_configs = wmi.WMI().Win32_NetworkAdapterConfiguration(IPEnabled=True)
try:
nic=nic_configs[0]
except:
raise Exception("error in change ip address")
ip= u'192.168.43.99'
subnetmask=u'255.255.0.0'
gateway = u'15.0.0.254'
nic.EnableStatic(IPAddress=[ip],SubnetMask=[subnetmask])
nic.SetGateways(DefaultIPGateway=[gateway])
is there any library for windows to do that
I assume that your local network has a DHCP server. This server assigns your PC an IP adress, which it then routes packets to. If you change the IP adress of the nic in your PC, then your PC and the DHCP server no longer agree on the IP adress that you are using. Consequently, packets cannot be routed to your PC, and the PC will report that you do not have an internet connection. There are ways to negotiate a specific IP, assuming that it is available.
If your local network does not have a DHCP server, then there is a server-side configuration that specifies a static IP adress for your MAC adress or the ethernet wall port. In this case, the change must be made on that server.
What you are currently doing, is similar to making up an adress and putting that on your business card and front door. If you were to use a made-up adress, would you expect your mail to arrive to the right door? You would need to at least talk to some civil servant or government official to get it done.
i have a measurement setup where i want to trigger an oscilloscope base on a network package arriving. I have good results for a few seconds but somewhere between 20s and 40s i get a wrong trigger. My research showed that this could come from the arp packages send from the device. I tried to disable the arp sending but then the whole network went down. Now i'm trying to find a solution where i change the rate at which the arp packets are send without success. So i'm asking you if you know a way to either disable or send as few arp request as possible.
For your information i'm working on a Linux machine. Any help would be appreciated.
I allready tried:
#ip link set arp off dev eth0 <--- results in network down
changing the values for:
/proc/sys/net/ipv4/neigh/default/gc_interval
/proc/sys/net/ipv4/neigh/default/gc_stale_time
/proc/sys/net/ipv4/route/gc_interval
/proc/sys/net/ipv4/route/gc_timeout
with no success
Thx draufunddran
TL;DR: Disabling ARP on your machine will eventually cause other nodes on the network to stop sending packets to your machine (that is why your network appears to go down).
If you want to completely disable ARP packets on your network, you will need to manually program ARP tables on other nodes on your LAN (subnet) so that they know how to map your host's IP to a MAC address to send to on the LAN. This is a difficult thing to do if even possible since some nodes on your network may not offer the ability to program their ARP tables manually.
when testing sctp msg communication between sender and reveiver in respective linux redhat VM , suddenly protocol unreachable for sender, then sender sending ABORT ICMP package tenter image description hereo receiver and rebuild asssociation and back to nornal, as below said. thanks for your comments!
It looks like you have some networking issue (maybe related to your VM). Basically the endpoint with IP address 10.107.89.144 cannot communicate to 10.107.89.131 for some reasons. You can see in your in wireshark trace that it failed to deliver data (there are some retransmissions in the log).
Try to change your VM network setting, say change it from NAT to bridge and see if it makes a difference.
In wireshark I can see Membership Query, general IGMPv2 requests coming over and over from 0.0.0.0 source which suggests ( according to RFC ) machine that hasn't received address yet. My question is how in Linux environment I can find such machine. This query triggers many answers and causes significant network communication slowdown.
When a machine is connected to a network for the first time, it will try to find the DHCP servers in order to get an IP address configuration. Untill then, as you already said, it has no IP address and the only identifier it has is it's MAC address, which is used to keep a comunication alive while it negotiates with the DHCP server (during this period it does not have an IP address until the very last).
Answering your question, you'd find the machine you are looking for making use of the MAC address. If you are on a small network, a manual check (ifconfig) will do it but, if you are on a big one, you better check the ARP table of your switch(es) to have a better idea where it could be.