Subject: Wireless sniffing and WLAN scanning - msg#00007

Previous Message by Date:

Re: OSPF extension

Hi Dirk, I have also replied to your other mail, I hope it didn't end up in a spam filter ;-) > thank you very much for your testing. Your patch works nicely and if > it's ok with you, I will happily integrate it into the next version. > Thanks. That would be great. > Your PCAP files are especially useful, as they provide some "real-world" > data to test with. I'll have a deeper look. Maybe we can use this data > to implement proper support for crypto authentication. > I already had a look at the crypto stuff, after I had finished the LLS code. It seemed a bit weird how the crypto data has to be parsed according to the RFC, because it's placed between the Hello and the LLS header. > > When my EIGRP scapy code is in a better shape, I will release it too. > > Oh, that's great. I have been thinking about an EIGRP extension as well. > If you need a beta tester, just let me know. > Great. I think I'll publish the code this week, after I have cleaned it up a bit. There are still to much FIXME tags in the code at the moment :D best regards, jochen signature.asc Description: This is a digitally signed message part

Next Message by Date:

mirroring

Hi, Is there a possibility to create virtual network interfaces like eth0:1 eth0:2 and mirror them so if eth0 is the ethernet that is looking to the LAN, traffic will be sniffed from one of the virtual interfaces. And is it possible to use sniff functions with virtual interfaces? What i want is to get the packages that are coming to and going from a firewall. I am not sure whether it is a good way to sniff eth0 and eth1 while the firewall working. If there is another way i would like to hear it. Another thing i wanna learn is related with iptables. If i sniff and capture a package from eth0, it will be a package on wire, which means not entered the iptables rules, yet? In the same way, if i sniff the eth1, the captured packages will be the ones leaving the iptables? -- OÄuz YarÄmtepe http://www.yarimtepe.com --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx

Previous Message by Thread:

Re: How to access raw data in the packet?

Hi, On Thu, 27 Mar 2008, chaitrali wrote: Hello, I want to manipulate data at the application layer in a SIP packet using scapy. SIP is text based and can be easily read. How do I change the fields in the packet using scapy? As I understand, the application layer data is present in Raw. So, if I want to modify, say the 'via' header in the SIP packet, how do I do that? I am going to be sniffing the SIP packets and then modifying them. For the moment, you'll have to manipulate the Raw payload as with any other python string. -- Philippe Biondi <phil@ secdev.org> SecDev.org Computer Security/R&D http://www.secdev.org PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe@xxxxxxxxxx

Next Message by Thread:

Re: Wireless sniffing and WLAN scanning

2008/4/8 onur dogan <onurdogan85@xxxxxxxxx>: Hi,I have practiced to develop WLAN scanner and wireless sniffer with scapy. I have two problem: one of them is that i have only seen Dot11 packet when i was on monitor mode.But if my interface is on monitor mode, i only see Dot11 management packets,i cant't see other pocket and i can't access to internet .If my interface is on managed mode, i can  see other packet types but Dot11 packets are seen like Ether packet. How can see Dot11 packets with other type packets? Usually you can't be both at monitor mode and connected to the network at the same time, hence why you either see (802.11 XOR Ethernet) packets.This an "issue" with Wireless cards, and not with you script, scapy or even Linux. AFAIK just a bunch of the cards available at the market can do both at the same time. Try googling for some info about this, to try to locate a card that supports both.   other one is that i want to send Dot11 ProbeRequest packet and recieve Dot11 ProbeResponse packets because of i think it is faster than scanning WLANS with Dot11 Beacon Packets .i prepared a ProbeRequest packet like this: c=RadioTap(version=0,pad=0,len=25,present='TSFT+Flags+Rate+Channel+dBm_AntSignal+dBm_AntNoise+Antenna',notdecoded='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x8a\t\xa0\x00\xc7\x00\x01')/Dot11(subtype=4L,type='Management', proto=0L,FCfield=0,ID=0,addr1='ff:ff:ff:ff:ff:ff',addr2='00:12:F0:6F:A9:3B',addr3='ff:ff:ff:ff:ff:ff',SC=0,addr4=None)/Dot11ProbeReq()/Dot11Elt(ID='SSID',len=0,info='')/Dot11Elt(ID='Rates',len=8,info='\x02\x04\x0b\x16\x0c\x12\x18$')/Dot11Elt(ID='ESRates',len=4, info='0H`l')/Dot11Elt(ID='vendor',len=7,info='\x00\x03G\x01\x02\x01\x01')is it true?i tried to send it but i can't recive any Probe packets (near AP's) :(How can I send and recieve Probe packets? Again, when in monitor mode most cards don't allow you to send packets (this is called injection). You have to find a card/driver that supports this feature.Hope this helps.Cheers.  -- Onur Doğanhttp://onur.kodzilla.org -- Informação & Segurança - Informações para sua segurança na rede.http://info-seg.blogspot.com