Iain R. Learmonth | 27 Jan 06:44 2015
Picon

UDP-Lite Support for Scapy

Hi,

I have produced a patch to add UDP-Lite support for Scapy.

 http://bb.secdev.org/scapy-com/pull-request/2/add-layer-for-udp-lite/diff

Have I pull requested the right repository for this? If there are any
comments, I'm happy to make minor changes.

I need to use Scapy with UDP-Lite for some work I'm doing for the OONI
project (https://ooni.torproject.org/). I have carved out the necessary bits
to allow for OONI to use for now, but it would be good to see this included
in the main Scapy distribution soon.

Thanks,
Iain.

--

-- 
e: irl <at> fsfe.org            w: iain.learmonth.me
x: irl <at> jabber.fsfe.org     t: EPVPN 2105
c: 2M0STB                  g: IO87we
p: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
Patrik Hagara | 20 Jan 15:04 2015
Picon

Automaton custom listen socket

Hi list,

I stumbled upon an issue with customizing listen socket of automata.

While the sending socket class can be changed just fine by passing 'll'
keyword argument to the constructor, the listening socket always gets
initialized with an instance of conf.L2listen.

The reason why I'm trying to do this is unit testing of my automaton.
As it is now, I have to mock the whole conf.L2listen thing and also
single-step the automaton into its initial state, so that the listen
socket instance is created. Otherwise a race condition will occur when
you try to run multiple automata at once, possibly mis-assigning
listen sockets.

My current workaround:
> monkeypatch.setattr(conf, 'L2listen', MyMockListenSocket)
> a = MyAutomaton(ll=MyMockSendSocket)
> a.add_breakpoints(a.initial_states[0])
> try:
>   a.run()
> except Automaton.Breakpoint:
>   assert a.state.state == a.initial_states[0].atmt_state

I propose adding a new optional keyword argument to the Automaton
class constructor that would behave similarly to the 'll' kwarg
that is already present. That is, save the requested sending socket
class in its constructor (as eg. self.listen_sock_class) and then
instantiate the saved class in _do_run() (passing it the remaining
kwargs).
(Continue reading)

Sadia Bashir | 20 Jan 01:56 2015
Picon

Generating GRE tunneled traffic with Scapy

Hello everyone,

I am new to scapy. I want to test performance and behaviour of encapsulated traffic, for this purpose, I want to generate traffic as given in NVGRE draft here: https://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-07

Currently I am generating GRE tunneled traffic with following command in Scapy:

sendp(Ether(dst="00:00:00:00:00:03")/IP(dst="10.0.0.2")/GRE(key_present=1,k
ey=900)/fuzz(Ether(dst="00:00:00:00:00:03")/IP(dst="10.0.0.2")/TCP()/Raw(load="
this is an encapsulation test")))

but in Wireshark I get "Encapsulated 0x0001(unknown)" instead of " Encapsulated Possible GRE keepalive packet"

Please see the image attached and suggest me some workaround to make this thing work. Thank you for any suggestion/guidance/help in advance.

Regards,

--

 
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
Robin Jarry | 14 Jan 10:01 2015

Reuse scapy as a lib in other projects

Hi all,

It appears that when importing some sub parts of scapy source tree from a 3rd party app, *all* (or almost all) scapy code is imported (not only dependencies of the imported module). This process not only is slow, but also "pollutes" the globals() with a lot of unnecessary symbols.

I understand that is necessary when running the scapy shell app, but could this be avoided while using scapy as a lib from another app? Maybe by reworking the way the layers are loaded and by trying to reduce to the minimum the dependencies between scapy sub modules (no more import * stuff). I think that this would also speed-up scapy start and maybe fix some hidden bugs along the way.

I am willing to work on that issue, but first I wanted to discuss it with guys that have a better knowledge of the framework than me.

* Do you agree this would be a good thing?
* Are there things that cannot be changed for good reasons?
* Are there problems that I should anticipate?

Thanks in advance for your input.

--
Robin

Joshua Wright | 3 Jan 16:07 2015

Non-interactive color

Does anyone have a suggestion for getting color in a non-interactive script?

$ scapy
INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
Welcome to Scapy (2.1.0)
>>> conf.color_scheme=AnsiColorTheme()
>>> print Dot11().show()
###[ 802.11 ]###
  subtype= 0
  type= Management
  proto= 0
  FCfield=
  ID= 0
  addr1= 00:00:00:00:00:00
  addr2= 00:00:00:00:00:00
  addr3= 00:00:00:00:00:00
  SC= 0
  addr4= 00:00:00:00:00:00
None

Here, "print Dot11().show()" displays in color in my terminal on OS X.

$ cat foo.py
#!/usr/bin/env python
from scapy.all import *
conf.interactive=True
conf.color_theme=AnsiColorTheme()
print Dot11().show()
$ python foo.py
WARNING: No route found for IPv6 destination :: (no default route?)
###[ 802.11 ]###
  subtype   = 0
  type      = Management
  proto     = 0
  FCfield   =
  ID        = 0
  addr1     = 00:00:00:00:00:00
  addr2     = 00:00:00:00:00:00
  addr3     = 00:00:00:00:00:00
  SC        = 0
  addr4     = 00:00:00:00:00:00
None

Here, it does not display in color on the same terminal.  I spent some time poking around in some of the source,
but I wasn't able to figure out how Scapy decided when to use color and when not to use color.  Any suggestions?

Thanks,

-Josh
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

simon | 29 Dec 15:40 2014
Picon

pip install not working

There seem to be two scapy versions on pypi -scapy and scapy-real.

Neither work with pip install because the releases are called xxx-dev and pip 
treats these as development releases and rejects as invalid.

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

Testing, pls disregard

Sorry for the spam… merry xmas and best wishes for 2015
---
Dr. Pedro A. Aranda Gutiérrez

Technology Exploration -
Network Innovation & Virtualisation
email: pedroa d0t aranda At telefonica d0t com
Telefónica, Investigación y Desarrollo
C/ D. Ramón de la Cruz,84
28006 Madrid, Spain

Fragen sind nicht da, um beantwortet zu werden.
Fragen sind da, um gestellt zu werden.
Georg Kreisler


Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
Paolo Paolo | 24 Dec 00:31 2014
Picon

Information

 Hi at all,
I'm a new user of Scapy.
My problem is : I must before capture packets of Windows application, modify and send, is it possibile with Scapy ? 

MP-BGP extensions

Hi folks,

I had created a fork of the community edition with a nice MP-BGP4 dissector. I’m porting it to 2.3 and let you know when it is ready.

---
Dr. Pedro A. Aranda Gutiérrez

Technology Exploration -
Network Innovation & Virtualisation
email: pedroa d0t aranda At telefonica d0t com
Telefónica, Investigación y Desarrollo
C/ D. Ramón de la Cruz,84
28006 Madrid, Spain

Fragen sind nicht da, um beantwortet zu werden.
Fragen sind da, um gestellt zu werden.
Georg Kreisler


Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
Saman Taghavi Zargar | 22 Dec 22:41 2014
Picon

Willing to help to implement the support for Netflow 5, 8, 9 and 10 on Scapy

Afternoon Folks,

Could you please let me know how I can contribute on implementation of support for Netflow versions 5, 8, 9
and 10 on Scapy? As Scapy user and as I need this feature I would love to be able to have this feature on Scapy
and willing to do whatever it takes. Appreciate any help and comments on how and where to start.

Thanks,
Sam
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org

julien graziani | 22 Dec 19:16 2014
Picon

scapy error

Hi,

I try to execute a scapy script simply :

from scapy.all import *

rang =3D '192.168.1.1-15'
rep,non_rep =3D sr( IP(dst=3Drang) / ICMP() , timeout=3D0.5 )
for elem in rep :
if elem[1].type =3D=3D 0 : # 0 <=3D> echo-reply
print elem[1].src + ' a renvoye un echo-reply '

I succeed  when I launch the script alone, but when I launch the script
from a python InteractiveInterpreter  with the same access rights, I have
this error:

ERROR: --- Error in child 23127
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 89, in
sndrcv
    pks.send(p)
  File "/usr/lib/python2.7/dist-packages/scapy/arch/linux.py", line 387, in
send
    sx =3D str(ll(x))
  File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 261, in
__str__
    return self.build()
  File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 319, in
build
    p =3D self.do_build()
  File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 308, in
do_build
    pkt =3D self.self_build()
  File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 299, in
self_build
    p =3D f.addfield(self, p, val)
  File "/usr/lib/python2.7/dist-packages/scapy/fields.py", line 70, in
addfield
    return s+struct.pack(self.fmt, self.i2m(pkt,val))
  File "/usr/lib/python2.7/dist-packages/scapy/layers/l2.py", line 94, in
i2m
    return MACField.i2m(self, pkt, self.i2h(pkt, x))
  File "/usr/lib/python2.7/dist-packages/scapy/layers/l2.py", line 88, in
i2h
    x =3D conf.neighbor.resolve(pkt,pkt.payload)
  File "/usr/lib/python2.7/dist-packages/scapy/layers/l2.py", line 38, in
resolve
    return self.resolvers[k](l2inst,l3inst)
  File "/usr/lib/python2.7/dist-packages/scapy/layers/inet.py", line 727,
in <lambda>
    conf.neighbor.register_l3(Ether, IP, lambda l2,l3: getmacbyip(l3.dst))
  File "/usr/lib/python2.7/dist-packages/scapy/layers/l2.py", line 72, in
getmacbyip
    nofilter=3D1)
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 375, in
srp1
    a,b=3Dsrp(*args,**kargs)
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 358, in
srp
    a,b=3Dsndrcv(s ,x,*args,**kargs)
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 129, in
sndrcv
    inp, out, err =3D select(inmask,[],[], remaintime)
error: (4, 'Appel syst\xc3\xa8me interrompu')
Traceback (most recent call last):
pycute4.py: Fatal IO error: client killed

Thanks for your help

--
GRAZIANI julien
Ingénieur développement STILOG I.S.T
Port:06-46-59-26-24

Gmane