|
osdir.com mailing list archive |
|
Subject: SNMP packets - msg#00011List: security.scapy.generalWhen capturing the packets i get two things at the level of wireshark: * version: version-1 (0) * community: public 0010 02 01 00 02 01 00 30 13 30 11 06 0d 2b 06 01 04 ......0.0 ...+... 0020 01 09 09 6d 01 01 01 01 0b 05 00 ...m..... .. Any insights? Thread at a glance:
Previous Message by Date: click to view message previewscapy repository/community generated code?Does there exist a community location for shared scapy scripts? I've written my own scapy tools in the past for my own use, but just curious. -- offset --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Next Message by Date: click to view message previewRe: scapy repository/community generated code?Hi, Does there exist a community location for shared scapy scripts? Some scripts are available at http://trac.secdev.org/scapy/wiki/ community Feel free to contribute. Guillaume -- Guillaume Valadon / ãããã ãããã guedou@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Previous Message by Thread: click to view message previewscapy repository/community generated code?Does there exist a community location for shared scapy scripts? I've written my own scapy tools in the past for my own use, but just curious. -- offset --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Next Message by Thread: click to view message previewRe: SNMP packetsOn Tue, 8 Jan 2008, Sawssan Taha (staha) wrote: I'm playing around with Scapy and making up SNMP packets. I was wondering about two things: 1. Can we unset the don't fragment flag on it (scapy)? if so how? By default, there are no IP flags. If it is set, you can unset it with ip.flags &= ~2 The other issue is that I send the SNMP packet with a random community string but when read by wireshark I still get a "public" community. my packet looks like this: SNMP_pack= Ether()/ IP(dst = my_host)/UDP()/SNMP(community='..', PDU=SNMPset(varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4"))])) When capturing the packets i get two things at the level of wireshark: 1. Checksum: 0x7113 [incorrect, should be 0x7d28 (maybe caused by "UDP checksum offload"?)] <==I don't get this part 2. Simple Network Management Protocol: * version: version-1 (0) * community: public Given the packet in Hexa looks like this: 0000 04 06 70 75 62 6c 69 63 a1 21 02 04 1d 17 03 1b ..public. !...... 0010 02 01 00 02 01 00 30 13 30 11 06 0d 2b 06 01 04 ......0.0 ...+... 0020 01 09 09 6d 01 01 01 01 0b 05 00 ...m..... .. This is not very probable, you may have captured another packet. my_host="1.2.3.4" SNMP_pack= Ether()/ IP(dst = my_host)/UDP()/SNMP(community='..',PDU=SNMPset( varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4"))])) hexdump(SNMP_pack) 0000 00 13 10 30 22 57 00 03 47 88 1D 2F 08 00 45 00 ...0"W..G../..E. 0010 00 3C 00 01 00 00 40 11 AD F4 C0 A8 08 0E 01 02 .<....@......... 0020 03 04 00 35 00 A1 00 28 1D F2 30 1E 02 01 01 04 ...5...(..0..... 0030 02[2E 2E]A3 15 02 01 00 02 01 00 02 01 00 30 0A ..............0. 0040 30|08 06 04 2B 06 01 04 05 00 0...+..... | +--- community is ".." Try this: wireshark(SNMP_pack) -- Philippe Biondi <phil@ secdev.org> SecDev.org Computer Security/R&D http://www.secdev.org PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Loading Comments...
|
|
