headers
Guillaume Valadon | 2 Sep 2005 13:39
Picon
Favicon

readline and Mac OS X

Hi,

I just tried the following command and it is working fine. It  
installs the readline module automatically.
http://www.macosxhints.com/article.php?story=20050107140338573

Guillaume

---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
Permalink | Reply | 1 comment |
headers
Olivier Warin | 2 Sep 2005 17:06

Re: readline and Mac OS X

This may be true for Panther but not for Tiger since the readline  
python module is build-in.
Sincerely,
                 /Olivier
--
Olivier Warin
http://xview.net

Le 2 sept. 05 à 13:39, Guillaume Valadon a écrit :

> Hi,
>
> I just tried the following command and it is working fine. It  
> installs the readline module automatically.
> http://www.macosxhints.com/article.php?story=20050107140338573
>
> Guillaume
>
> ---------------------------------------------------------------------
> Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
> Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
>
>

---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
Permalink | Reply | 0 comments |
headers
Pierre LALET | 2 Sep 2005 22:22
Picon
Favicon

Fixes in netstat parsing

Hi,

I attach a patch that contains two fixes for "netstat -rn" output parsing.

The first one is there because BSD systems add a route for each entry in 
the MAC table. On systems running with many interfaces and with many 
computers directly seen, this makes Scapy unusable. These entries have 
the flags L and c, and I use that to ignore them (tested only on OpenBSD).

The second one is a fix for the netstat calculation. The "netmask = (1L 
<< int(netmask))-1" only works with the masks /0, /8, /16, /24 and /32. 
But it does not work with others.

I have only looked at that part of the code, but a fast search in the 
code shows that the same issue appears in other parts. For example :

  - Route:make_route (line 1370),
  - Route:ifchange (line 1389),
  - Route:ifadd (line 1416).

But I did not have time to check these parts of the code, so for these 
ones I'm not sure.

Pierre

--- scapy.py.orig	2005-08-31 15:26:07.000000000 +0200
+++ scapy.py	2005-08-31 15:26:07.000000000 +0200
 <at>  <at>  -1573,15 +1573,18  <at>  <at>  if not LINUX:
                 dest,gw,fl,ref,use,mtu,netif = l.split()[:7]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Evan N. McNabb | 8 Sep 2005 01:16
Favicon

Random IP Addresses

I've been playing with scapy and am impressed so far. One thing that I
tried, and could not figure out, was a good way to generate a random IP
addresses. For example, I want to send a host 100 packets, all of which
come from different random source IP address. With the sendip command I
can do the following (which could be embedded in a shell for loop):

# sendip -p ipv4 -p tcp 10.100.0.1 -is r

where '-is' is the source address, and 'r' is a valid random address.
sendip also allows for valid random source / destination ports, etc.

I didn't see a function like this in scapy, and I'm not sure if there is
an easy way to do it in Python. Any ideas?

Thanks.

-Evan

/********************************************************************\
       Evan McNabb: <evan <at> mcnabbs.org> <emcnabb <at> gurulabs.com>
                      Instructor, Guru Labs
		     http://evan.mcnabbs.org
 GnuPG Fingerprint: 53B5 EDCA 5543 A27A E0E1 2B2F 6776 8F9C 6A35 6EA5
\********************************************************************/
Permalink | Reply | 3 comments |
headers
Philippe Biondi | 8 Sep 2005 07:52

Re: Random IP Addresses

Hi,

On Wed, 7 Sep 2005, Evan N. McNabb wrote:

> I've been playing with scapy and am impressed so far. One thing that I
> tried, and could not figure out, was a good way to generate a random IP
> addresses. For example, I want to send a host 100 packets, all of which
> come from different random source IP address. With the sendip command I
> can do the following (which could be embedded in a shell for loop):
>
> # sendip -p ipv4 -p tcp 10.100.0.1 -is r
>
> where '-is' is the source address, and 'r' is a valid random address.
> sendip also allows for valid random source / destination ports, etc.
>
> I didn't see a function like this in scapy, and I'm not sure if there is
> an easy way to do it in Python. Any ideas?

There are already some for Byte, Short, Int and String values :
For instance:
TCP(dport=RandShort()) for 0-65535, or TCP(dport=RandNum(0,1024))

But I just didn't needed random IP yet. Here is a patch :

--------------8<-------------
--- scapy.py	2005/09/08 05:29:23	1.0.0.23
+++ scapy.py	2005/09/08 05:42:24
 <at>  <at>  -1790,6 +1790,14  <at>  <at>  class RandString(RandField):
      def __getattr__(self, attr):
          return getattr(self.randstr(), attr)
(Continue reading)

Permalink | Reply | 2 comments |
headers
Evan N. McNabb | 8 Sep 2005 18:55
Favicon

Re: Random IP Addresses

On Thu, Sep 08, 2005 at 07:52:28AM +0200, Philippe Biondi wrote:

> But I just didn't needed random IP yet. Here is a patch :

The patch works wonderfully. Thank you very much.

-Evan

P.S. Will this be added to the standard version of scapy? 

/********************************************************************\
       Evan McNabb: <evan <at> mcnabbs.org> <emcnabb <at> gurulabs.com>
                      Instructor, Guru Labs
		     http://evan.mcnabbs.org
 GnuPG Fingerprint: 53B5 EDCA 5543 A27A E0E1 2B2F 6776 8F9C 6A35 6EA5
\********************************************************************/
Permalink | Reply | 1 comment |
headers
Philippe Biondi | 8 Sep 2005 23:08

Re: Random IP Addresses

On Thu, 8 Sep 2005, Evan N. McNabb wrote:

> On Thu, Sep 08, 2005 at 07:52:28AM +0200, Philippe Biondi wrote:
>
>> But I just didn't needed random IP yet. Here is a patch :
>
> The patch works wonderfully. Thank you very much.
>
> -Evan
>
> P.S. Will this be added to the standard version of scapy?

Sure. In fact it is already integrated, but I did not put it online yet.

--

-- 
Philippe Biondi <phil <at>  secdev.org>      SecDev.org
Security Consultant/R&D                 http://www.secdev.org
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2

---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
Permalink | Reply | 0 comments |
headers
Evan N. McNabb | 9 Sep 2005 01:33
Favicon

Broadcast Pings

I'm trying to do a broadcast ping using scapy. I've tried several ways,
but none of them seem to work. For example:

---------
>>> send(IP(dst="10.100.0.255")/ICMP())

WARNING: Mac address for 10.100.0.255 not found

.
Sent 1 packets.
---------

Should this syntax work? 

-Evan

/********************************************************************\
       Evan McNabb: <evan <at> mcnabbs.org> <emcnabb <at> gurulabs.com>
                      Instructor, Guru Labs
		     http://evan.mcnabbs.org
 GnuPG Fingerprint: 53B5 EDCA 5543 A27A E0E1 2B2F 6776 8F9C 6A35 6EA5
\********************************************************************/
Permalink | Reply | 501 comments |
headers
Philippe Biondi | 9 Sep 2005 09:18

Re: Broadcast Pings

On Thu, 8 Sep 2005, Evan N. McNabb wrote:

> I'm trying to do a broadcast ping using scapy. I've tried several ways,
> but none of them seem to work. For example:
>
> ---------
>>>> send(IP(dst="10.100.0.255")/ICMP())
>
> WARNING: Mac address for 10.100.0.255 not found
>
> .
> Sent 1 packets.
> ---------
>
> Should this syntax work?

Not yet. It will very soon.
Until that, the way to do that is working at level 2:

sendp(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(dst="10.100.0.255")/ICMP())

--

-- 
Philippe Biondi <phil <at>  secdev.org>      SecDev.org
Security Consultant/R&D                 http://www.secdev.org
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2

---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
(Continue reading)

Permalink | Reply | 501 comments |
headers
Evan N. McNabb | 9 Sep 2005 17:36
Favicon

Re: Broadcast Pings

On Fri, Sep 09, 2005 at 09:18:41AM +0200, Philippe Biondi wrote:

> Not yet. It will very soon.
> Until that, the way to do that is working at level 2:
> 
> sendp(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(dst="10.100.0.255")/ICMP())

Thanks! That will work for now.

-Evan

/********************************************************************\
       Evan McNabb: <evan <at> mcnabbs.org> <emcnabb <at> gurulabs.com>
                      Instructor, Guru Labs
		     http://evan.mcnabbs.org
 GnuPG Fingerprint: 53B5 EDCA 5543 A27A E0E1 2B2F 6776 8F9C 6A35 6EA5
\********************************************************************/
Permalink | Reply | 0 comments |

Gmane