|
osdir.com mailing list archive |
|
Subject: Re: BPF mode - msg#00020List: security.scapy.generalBoth MAC spoofing, and without-sudo bugs are fixed in the attached version. Thanks to Arnaud, the code is now available under a mercurial repository: $ hg clone http://hg.natisbad.org/scapy-bpf Guillaume -- Guillaume Valadon / ãããã ãããã guedou@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Thread at a glance:
Previous Message by Date: click to view message previewRe: BPF modeHi, Thanks for you quick feedback ! Both MAC spoofing, and without-sudo bugs are fixed in the attached version. Guillaume -- Guillaume Valadon / ãããã ãããã guedou@xxxxxxxxxxxxxxxx scapy.py Description: Text Data --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Next Message by Date: click to view message previewRE: SNMP packetsIs there a way I can redirect the results into a file? I'm using a remote machine that's running Linux so no graphical interface, and I get this when running the script (wireshark:6139): Gtk-WARNING **: cannot open display: -----Original Message----- From: Philippe Biondi [mailto:phil@xxxxxxxxxx] Sent: Friday, January 11, 2008 12:15 AM To: scapy.ml@xxxxxxxxxx Subject: Re: [scapy.ml] SNMP packets On Tue, 8 Jan 2008, Sawssan Taha (staha) wrote: > I'm playing around with Scapy and making up SNMP packets. > I was wondering about two things: > > 1. Can we unset the don't fragment flag on it (scapy)? if so how? By default, there are no IP flags. If it is set, you can unset it with ip.flags &= ~2 > The other issue is that I send the SNMP packet with a random community > string but when read by wireshark I still get a "public" community. > my packet looks like this: > > SNMP_pack= Ether()/ IP(dst = my_host)/UDP()/SNMP(community='..', > PDU=SNMPset(varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4"))])) > > When capturing the packets i get two things at the level of wireshark: > > 1. Checksum: 0x7113 [incorrect, should be 0x7d28 (maybe caused by > "UDP checksum offload"?)] <==I don't get this part > 2. Simple Network Management Protocol: > * version: version-1 (0) > * community: public > > Given the packet in Hexa looks like this: > > 0000 04 06 70 75 62 6c 69 63 a1 21 02 04 1d 17 03 1b ..public. > !...... > 0010 02 01 00 02 01 00 30 13 30 11 06 0d 2b 06 01 04 ......0.0 > ...+... > 0020 01 09 09 6d 01 01 01 01 0b 05 00 > ...m..... .. This is not very probable, you may have captured another packet. >>> my_host="1.2.3.4" >>> SNMP_pack= Ether()/ IP(dst = my_host)/UDP()/SNMP(community='..',PDU=SNMPset( varbindlist=[SNMPvarbind(oid=ASN1_OID("1.3.6.1.4"))])) >>> hexdump(SNMP_pack) 0000 00 13 10 30 22 57 00 03 47 88 1D 2F 08 00 45 00 ...0"W..G../..E. 0010 00 3C 00 01 00 00 40 11 AD F4 C0 A8 08 0E 01 02 .<....@......... 0020 03 04 00 35 00 A1 00 28 1D F2 30 1E 02 01 01 04 ...5...(..0..... 0030 02[2E 2E]A3 15 02 01 00 02 01 00 02 01 00 30 0A ..............0. 0040 30|08 06 04 2B 06 01 04 05 00 0...+..... | +--- community is ".." Try this: >>> wireshark(SNMP_pack) -- Philippe Biondi <phil@ secdev.org> SecDev.org Computer Security/R&D http://www.secdev.org PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Previous Message by Thread: click to view message previewRe: BPF modeHi, Thanks for you quick feedback ! Both MAC spoofing, and without-sudo bugs are fixed in the attached version. Guillaume -- Guillaume Valadon / ãããã ãããã guedou@xxxxxxxxxxxxxxxx scapy.py Description: Text Data --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Next Message by Thread: click to view message previewRe: BPF modeHi, $ hg clone http://hg.natisbad.org/scapy-bpf I am looking for beta testers especially under OpenBSD and NetBSD. So far, I tested it under OSX 10.4 and 10.5; FreeBSD 5, 6 and 7; NetBSD 4.0; and OpenBSD 4.2. Note that on OpenBSD, Scapy does not behave exactly as on other platforms as the libpcap do not have a pcap_findalldevs() function. I am working on a ctypes-based workaround that mimic this function by directly calling getifaddrs(). As of today, if you do not have a default route, you will need to set conf.iface yourself otherwise Scapy will use lo0. Thanks, Guillaume -- Guillaume Valadon / ãããã ãããã guedou@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx Loading Comments...
|
|
