A history.
Some time ago i was looking for a generator of OSPF Hello packets for bombing «test bed». After twidding with packEth (i was catching/forming/checking packets, it was lazy and sleepy, hung occasionally) i left this idea — took two cisco routers and set a primitive OSPF configuration up (not too much packets, but «good ones» and with regular intervals — it was enough for me that time).
A bit later i googled for some thing (other? can’t remember) and have found Scapy.
That’s a very funny instrument :-)
Just take a look at a couple pf papers:
- Quick demo : an interactive session
- Identifying rogue DHCP servers on your LAN
- Secure Your Wireless Networks with Scapy Packet Manipulation
So, two «recipes» (so simple for Scapy). Generation of OSPF Hello packets and Plotting ping response times.
Generation of OSPF Hello packets
First, we need to get OSPF extension for Scapy — further everything is simple.
We could play with only two layers, IP and OSPF, but we will form a packet from scratch. Besides we will build a packet layer by layer — surely it is possible to write all this in one line (building and sending a packet).
Building Ethernet packet:
>>> packet = Ether(src='00:06:28:b9:85:31',dst='01:00:5e:00:00:05') >>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x0
We can see that «type» field contains zero, «no type». We have build a «template» of Ethernet header.
Using operator „/‘, we «append» 802.1Q layer:
>>> packet = packet/Dot1Q(vlan=33) >>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x8100 ###[ 802.1Q ]### prio= 0 id= 0 vlan= 33 type= 0x0
Can you see? — Ethernet type filed have been changed.
Next, we add «in a batch» IP layer and so on (yes, this can be done in one line of code — Ether()/Dot1Q()/IP()/OSPF_Hdr()/...):
>>> packet = packet/IP(src='172.17.2.2',dst='224.0.0.5') >>> packet = packet/OSPF_Hdr(src='172.17.2.2') >>> packet = packet/OSPF_Hello(router='172.17.2.2',backup='172.17.2.1',neighbor='172.17.2.1')
Well, let’s take a look at the packet:
>>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x8100 ###[ 802.1Q ]### prio= 0 id= 0 vlan= 33 type= 0x800 ###[ IP ]### version= 4 ihl= 0 tos= 0x0 len= 0 id= 1 flags= frag= 0 ttl= 64 proto= ospf chksum= 0x0 src= 172.17.2.2 dst= 224.0.0.5 options= '' ###[ OSPF Header ]### version= 2 type= Hello len= 0 src= 172.17.2.2 area= 0.0.0.0 chksum= 0x0 authtype= Null authdata= 0x0 reserved= 0x0 keyid= 1 authdatalen= 0 seq= 0x0 ###[ OSPF Hello ]### mask= 255.255.255.0 hellointerval= 10 options= prio= 1 deadinterval= 40 router= 172.17.2.2 backup= 172.17.2.1 neighbor= 172.17.2.1
As for me — it’s simply possible to become crazy 
We only need to send this packet into wire and catch it with an analyzer — for checking.
Sending (via needed interface):
>>> sendp(packet,iface='dlink')
.
Sent 1 packets.
That’s it. Quite simple.
For checking — this packet analyzed by tshark.
Well, for having a generator, we need smth. like this:
>>> sendp(packet,iface='dlink',loop=True,inter=0.1)
.......
[etc-etc-etc...]
And for hiding these dots, add verbose=1 to arguments.
Plotting ping response times
(TO BE CONT. TRANSLATION FROM UKRAINIAN)