scapy

So, I wrote a little script in Ubuntu for scapy. #!/usr/bin/env python import sys #from scapy.all import * try import scapy except ImportError: del scapy from scapy import all as scapy i= IP() t= TCP() i.dst='192.168.56.100' t.dport=22 pakket=i/t answered,unanswered=sr(pakket) answered.nsummary() i wrote the 'try' because of another topic here (tried it as a solution). My current output with this code is the following Traceback (most recent call last): File "./scapy.py", line 5, in <module> import scapy File "/home/nicholas/scapy.py", line 9, in <module> i=IP() NameError: name 'IP' is not

I need to pickle a scapy packet. Most of the time this works, but sometimes the pickler complains about a function object. As a rule of thumb: ARP packets pickle fine. Some UDP packets are problematic. My solution (as inspired by the scapy mailing list) is as follows: class PicklablePacket: """A container for scapy packets that can be pickled (in contrast to scapy packets themselves).""" def __init__(self, pkt): self.contents = bytes(pkt) self.time = pkt.time def __call__(self): """Get the original scapy packet.""" pkt = scapy.Ether(self.contents) pkt.time = self.time return pkt Anywhere I

I'm trying to use SCAPY to create a sniffing program to demonstrate 802.11 device association[s] and roles within an 802.11 network. SCAPY has simple functions to identify Beacon frames, probe requests and probe responses. I'm trying to dig a bit deeper than that and do my own evaluation based upon the DS status to show all other traffic association[s]. What I cannot do it determine how to get the value of the DS status (00, 01,10,11). If determined, then I can handle the frame accordingly to get SOURCE, BSSID, RECEIVER, TRANSMITTER and DESTINATION to suit my code. I have found that I should

I have python/scapy sniffer for DNS. I am able to sniff DNS messages and get IP/UDP source and destination IP address and ports but I have problems parsing DNS part I would appreciate some help or solution to work this out. #!/usr/bin/env python from scapy.all import * from datetime import datetime import time import datetime import sys ############# MODIFY THIS PART IF NECESSARY ############### interface = 'eth0' filter_bpf = 'udp and port 53' # ------ SELECT/FILTER MSGS def select_DNS(pkt): pkt_time = pkt.sprintf('%sent.time%') # ------ SELECT/FILTER DNS MSGS try: if DNSQR in pkt and pkt

I have installed scapy both on my windows 7 and my fedora machines. However, the contrib package does not get installed (or at least, it does not appear under my site-packages/scapy package. How can I get it to install? Looking at the zip file provided at http://www.secdev.org/projects/scapy/ I don't see the contrib folder. For some reason it is not bundled into the zip. You should be able to download the source of Scapy 2.2.0 directly and install that using setup.py, which does has the contrib folder. You'll need mercurial to clone the code from BitBucket, and update to the v2.2.0 release

I'm trying to develop a small proof-of-concept for a python networking project but I've come across a hurdle. Would anyone be able to explain how I could derive the TSVal and TSecr values from the Operating system in python? I'm using Scapy to see if I could connect to a simple python server program as a client. The statement below is where I'm sort of stuck. TCP(flags='S', options=[('Timestamp', (TSval, TSecr))]) So if anyone could recommend an algorithm or a python library to calculate the TSval and TSecr, it would be very much appreciated! Thanks in advance! I think both values should be

I'm trying to send UDP Packets with scapy with the following command: >> send(IP(dst="127.0.0.1",src="111.111.111.111")/UDP(dport=5005)/"Hello") . Sent 1 packets. And from tcpdump I can see: 22:02:58.384730 IP 111.111.111.111.domain > localhost.5005: [|domain] I'm trying to receive this packet with the following code: import socket UDP_IP = "127.0.0.1" UDP_PORT = 5005 sock = socket.socket(socket.AF_INET, # Internet socket.SOCK_DGRAM) # UDP sock.bind((UDP_IP, UDP_PORT)) while True: data, addr = sock.recvfrom(1024) # buffer size is 1024 bytes print "received message:", data But cannot receive

From Python on Linux I would like to sniff 802.11 management 'probe-request' frames. This is possible from Scapy like so: # -*- coding: utf-8 -*- from scapy.all import * def proc(p): if ( p.haslayer(Dot11ProbeReq) ): mac=re.sub(':','',p.addr2) ssid=p[Dot11Elt].info ssid=ssid.decode('utf-8','ignore') if ssid == "": ssid="<BROADCAST>" print "%s:%s" %(mac,ssid) sniff(iface="mon0",prn=proc) Or from tshark like so: tshark -n -i mon0 subtype probereq -R 'wlan.fc.type_subtype eq 4' -T fields -e wlan.sa -e wlan_mgt.ssid We could redirect the output from tshark, and slurp it up with some Python (not