Using Scapy for… fun :-)

Posted on

A history.

Some time ago i was looking for a generator of OSPF Hello packets for bombing «test bed». After twidding with packEth (i was catching/forming/checking packets, it was lazy and sleepy, hung occasionally) i left this idea — took two cisco routers and set a primitive OSPF configuration up (not too much packets, but «good ones» and with regular intervals — it was enough for me that time).

A bit later i googled for some thing (other? can’t remember) and have found Scapy.

That’s a very funny instrument :-)

Just take a look at a couple pf papers:

So, two «recipes» (so simple for Scapy). Generation of OSPF Hello packets and Plotting ping response times.

Generation of OSPF Hello packets

First, we need to get OSPF extension for Scapy — further everything is simple.

We could play with only two layers, IP and OSPF, but we will form a packet from scratch. Besides we will build a packet layer by layer — surely it is possible to write all this in one line (building and sending a packet).

Building Ethernet packet:

>>> packet = Ether(src='00:06:28:b9:85:31',dst='01:00:5e:00:00:05')

>>> packet.show()
###[ Ethernet ]###
  dst= 01:00:5e:00:00:05
  src= 00:06:28:b9:85:31
  type= 0x0

We can see that «type» field contains zero, «no type». We have build a «template» of Ethernet header.

Using operator „/‘, we «append» 802.1Q layer:

>>> packet = packet/Dot1Q(vlan=33)

>>> packet.show()
###[ Ethernet ]###
  dst= 01:00:5e:00:00:05
  src= 00:06:28:b9:85:31
  type= 0x8100
###[ 802.1Q ]###
     prio= 0
     id= 0
     vlan= 33
     type= 0x0

Can you see? — Ethernet type filed have been changed.

Next, we add «in a batch» IP layer and so on (yes, this can be done in one line of code — Ether()/Dot1Q()/IP()/OSPF_Hdr()/...):

>>> packet = packet/IP(src='172.17.2.2',dst='224.0.0.5')
>>> packet = packet/OSPF_Hdr(src='172.17.2.2')
>>> packet = packet/OSPF_Hello(router='172.17.2.2',backup='172.17.2.1',neighbor='172.17.2.1')

Well, let’s take a look at the packet:

>>> packet.show()
###[ Ethernet ]###
  dst= 01:00:5e:00:00:05
  src= 00:06:28:b9:85:31
  type= 0x8100
###[ 802.1Q ]###
     prio= 0
     id= 0
     vlan= 33
     type= 0x800
###[ IP ]###
        version= 4
        ihl= 0
        tos= 0x0
        len= 0
        id= 1
        flags=
        frag= 0
        ttl= 64
        proto= ospf
        chksum= 0x0
        src= 172.17.2.2
        dst= 224.0.0.5
        options= ''
###[ OSPF Header ]###
           version= 2
           type= Hello
           len= 0
           src= 172.17.2.2
           area= 0.0.0.0
           chksum= 0x0
           authtype= Null
           authdata= 0x0
           reserved= 0x0
           keyid= 1
           authdatalen= 0
           seq= 0x0
###[ OSPF Hello ]###
              mask= 255.255.255.0
              hellointerval= 10
              options=
              prio= 1
              deadinterval= 40
              router= 172.17.2.2
              backup= 172.17.2.1
              neighbor= 172.17.2.1

As for me — it’s simply possible to become crazy nice smile

We only need to send this packet into wire and catch it with an analyzer — for checking.

Sending (via needed interface):

>>> sendp(packet,iface='dlink')
.
Sent 1 packets.

That’s it. Quite simple.

For checking — this packet analyzed by tshark.

Well, for having a generator, we need smth. like this:

>>> sendp(packet,iface='dlink',loop=True,inter=0.1)
.......
[etc-etc-etc...]

And for hiding these dots, add verbose=1 to arguments.

Plotting ping response times

(TO BE CONT. TRANSLATION FROM UKRAINIAN)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.