Some time ago i was looking for a generator of OSPF Hello packets for bombing «test bed». After twidding with packEth (i was catching/forming/checking packets, it was lazy and sleepy, hung occasionally) i left this idea — took two cisco routers and set a primitive OSPF configuration up (not too much packets, but «good ones» and with regular intervals — it was enough for me that time).
A bit later i googled for some thing (other? can’t remember) and have found Scapy.
That’s a very funny instrument :-)
Just take a look at a couple pf papers:
- Quick demo : an interactive session
- Identifying rogue DHCP servers on your LAN
- Secure Your Wireless Networks with Scapy Packet Manipulation
First, we need to get OSPF extension for Scapy — further everything is simple.
We could play with only two layers, IP and OSPF, but we will form a packet from scratch. Besides we will build a packet layer by layer — surely it is possible to write all this in one line (building and sending a packet).
Building Ethernet packet:
>>> packet = Ether(src='00:06:28:b9:85:31',dst='01:00:5e:00:00:05') >>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x0
We can see that «type» field contains zero, «no type». We have build a «template» of Ethernet header.
Using operator „
/‘, we «append» 802.1Q layer:
>>> packet = packet/Dot1Q(vlan=33) >>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x8100 ###[ 802.1Q ]### prio= 0 id= 0 vlan= 33 type= 0x0
Can you see? — Ethernet type filed have been changed.
Next, we add «in a batch» IP layer and so on (yes, this can be done in one line of code —
>>> packet = packet/IP(src='172.17.2.2',dst='220.127.116.11') >>> packet = packet/OSPF_Hdr(src='172.17.2.2') >>> packet = packet/OSPF_Hello(router='172.17.2.2',backup='172.17.2.1',neighbor='172.17.2.1')
Well, let’s take a look at the packet:
>>> packet.show() ###[ Ethernet ]### dst= 01:00:5e:00:00:05 src= 00:06:28:b9:85:31 type= 0x8100 ###[ 802.1Q ]### prio= 0 id= 0 vlan= 33 type= 0x800 ###[ IP ]### version= 4 ihl= 0 tos= 0x0 len= 0 id= 1 flags= frag= 0 ttl= 64 proto= ospf chksum= 0x0 src= 172.17.2.2 dst= 18.104.22.168 options= '' ###[ OSPF Header ]### version= 2 type= Hello len= 0 src= 172.17.2.2 area= 0.0.0.0 chksum= 0x0 authtype= Null authdata= 0x0 reserved= 0x0 keyid= 1 authdatalen= 0 seq= 0x0 ###[ OSPF Hello ]### mask= 255.255.255.0 hellointerval= 10 options= prio= 1 deadinterval= 40 router= 172.17.2.2 backup= 172.17.2.1 neighbor= 172.17.2.1
As for me — it’s simply possible to become crazy
We only need to send this packet into wire and catch it with an analyzer — for checking.
Sending (via needed interface):
>>> sendp(packet,iface='dlink') . Sent 1 packets.
That’s it. Quite simple.
For checking — this packet analyzed by tshark.
Well, for having a generator, we need smth. like this:
>>> sendp(packet,iface='dlink',loop=True,inter=0.1) ....... [etc-etc-etc...]
And for hiding these dots, add
verbose=1 to arguments.
(TO BE CONT. TRANSLATION FROM UKRAINIAN)