Subject: Re: cdp and Dot3 - msg#00018

List: security.scapy.general

Date: Prev Next Index Thread: Prev Next Index

Le 8 août 06 à 22:34, lobo a écrit :

How can I force scapy to use Dot3 as the lowest layer
for cdp.

In some recent version of Scapy, we (nico and I (*)) asked Phil
to add an Ether/Dot3 dispatcher. If you have an old version
of Scapy, you should "wget scapy.secdev.org"

Regarding automatic setting of the Ethernet address to
01:00:0c:cc:cc:cc in Dot3, when CDP is stacked on SNAP, this
is not directly possible.

If you _really_ want to perform automatic address setup in
your CDP packet, a quick and dirty solution is to create
a specific LLC_CDP class inheriting from LLC. Then, some
simple :

bind_layers(Dot3, LLC_CDP, {"dst": "01:00:0c:cc:cc:cc"})
bind_layers(LLC_CDP, SNAP, { "dsap" : 0xAA , "ssap" : 0xAA, "ctrl":3 })
bind_layers(SNAP, CDPv2_HDR, { "code": 0x2000, "OUI": 0xC })

should do the job for bindings. With that hack, address
is set automatically, but you have to use LLC_CDP
explicitly.

IMHO, setting the address manually is quite acceptable.

hope that helps.

a+

(*) : we also implemented a CDP extension for Scapy. Nico
will forward it in a minute.

---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe@xxxxxxxxxx
Pour obtenir de l'aide, ecrivez a: scapy.ml-help@xxxxxxxxxx

Was this page helpful?

Thread at a glance:

Previous Message by Date: click to view message preview

Re: can scapy do this ?

Hi Christian, May be I was not clear enough or I don't know much about iptables... I will provide a little more explanation. Let us say from PUBLIC network packets are arriving to VM1 through the host NIC. The host NIC is in promiscuous mode and any sniffer running here can view these packets. I want the packets to be delivered to VM1 without any modification. In addition, I want to copy the packets and deliver to VM2. It is like wiretapping. From what I read in internet, we can have iptables (which is inline) to re-route the packets to VM2 that are initially destined to VM1. But, this is not what I want. I want the packets to be duplicated and the copy be delivered to VM2 while the original packets goes as usual to VM1. If you think this is still possible with just iptables, I would appreciate if you can give me some hints. regards, Krishnan On 8/8/06, Christian S. Perone <christian.perone@xxxxxxxxx> wrote: A firewall like iptables was not enough to do that ? On 8/8/06, S. P. T. Krishnan < sptkrishnan@xxxxxxxxx> wrote: > Hi, This is my first post to this mailing list. Also I am quite new to scapy/python; just a few days. I noticed that the confirmation email was in french (I guess). I hope I will be understood here. Ok, straight to my requirement. I have a linux box and two virtual machines are running on it. There are 3 IP addresses. IP address of one of the VMs is published and can be accessed from outside. I want all traffic to this VM, say VM1, to be duplicated and sent to VM2 whose IP is NOT published. For this, I want to know if the following method will work? 1. First, run scapy in sniffer mode with a filter to grab all packets with the destination IP address of VM1. 2. Then use scapy to change the destination IP to be the IP address of the VM2. If needed, I can also change the src IP to be the IP address of the host OS. So this python script will run forever, just duplicating the incoming packets to VM1 and sends it to VM2. Is this scenario doable with scapy ? If so, can you point me to some code, methods etc regards, Krishnan --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe@xxxxxxxxxx Pour obtenir de l'aide, ecrivez a: scapy.ml-help@xxxxxxxxxx --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe@xxxxxxxxxx Pour obtenir de l'aide, ecrivez a: scapy.ml-help@xxxxxxxxxx

Next Message by Date: click to view message preview

Re: cdp and Dot3

scapy-cdp.py Description: addon CDP for scapy --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe@xxxxxxxxxx Pour obtenir de l'aide, ecrivez a: scapy.ml-help@xxxxxxxxxx

Previous Message by Thread: click to view message preview

cdp and Dot3

Hi, I'm working on cdp support for scapy at the moment. How can I force scapy to use Dot3 as the lowest layer for cdp. I have tried it with (Dot3, LLC, { "dst" : "01:00:0c:cc:cc:cc" } ), but it only works with (Ether, LLC, { "dst" : "01:00:0c:cc:cc:cc" } ), which is wrong. best regards, jochen #!/usr/bin/env python from scapy import * CDP_TYPES = { 1 : "Device ID", 2 : "Address", 3 : "Port ID", 4 : "Capabilities", 5 : "IOS version", 6 : "Platform", 7 : "IP prefix" } class CDP(Packet): name = "CDP" fields_desc = [ ByteField("version", 2), ByteField("ttl", 180), XShortField("chksum", None) ] def post_build(self, p, pay): if self.chksum is None: c = checksum(p) p = p[:2] + chr((c>>8)&0xff)+chr(c&0xff) + p[4:] return p += pay class CDPtlv(Packet): name = "CDP type/length/value" fields_desc = [ XShortEnumField("type", 0x0001, CDP_TYPES), ShortField("len", None), StrLenField("value", "", "len", 4) ] layer_bonds = layer_bonds + [ ## It's just an ugly workaround. We need Dot3 here # ( Ether, LLC, { "dst" : "01:00:0c:cc:cc:cc" } ), ( SNAP, CDP, { "code" : 0x2000 } ), ( CDP, CDPtlv, {} ), ( CDPtlv, CDPtlv, {} ), ] for l in layer_bonds: bind_layers(*l) del(l) interact(mydict=globals(), mybanner="some cisco foo") signature.asc Description: This is a digitally signed message part

Next Message by Thread: click to view message preview

Loading Comments...