3 Sep 2007 16:55
3 Sep 2007 17:19
Re: scapy speed
Philippe Biondi <phil <at> secdev.org>
2007-09-03 15:19:03 GMT
2007-09-03 15:19:03 GMT
Hi, On Mon, 3 Sep 2007, Piotr Dula (pdula) wrote: > Hello, > > I have a question: > > with a standard PC computer, how fast more or less is scapy able to > generate IP packets? Medium fast.... ;) It dempends wether you are only sending or also waiting for an answer, if you are precomputing packets or not, if you need to make an ARP resolution for each packet or not, etc. The fastest way is using sendpfast() which will write a pcap file and call tcpreplay on it. (so, yes, scapy can be as fast as tcpreplay!) -- -- Philippe Biondi <phil <at> secdev.org> SecDev.org Computer Security/R&D http://www.secdev.org PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
4 Sep 2007 11:05
sendpfast()
Piotr Dula (pdula <pdula <at> cisco.com>
2007-09-04 09:05:09 GMT
2007-09-04 09:05:09 GMT
Hello,
Can anyone
give me an example of how to use "sendpfast"?
I have an IP packet
called a. I sent it using sr(a) and I got a reply, so it should be
correct.
However, when I try to use sendpfast(a, pps=1000), it does not send anything
despite the fact that I don't get any error message...(I'm running wireshark at
the destination).
Thanks for
help,
Piotr
PS. Maybe one of you
has tested a firewall using scapy and generating many different, also incorrect
packets? Any suggestions how to do it?
PS2. Any website
with detailed scapy manual? I haven't found much on this topic and I am using it
for the first time.. :(
4 Sep 2007 11:36
Re: sendpfast()
Dirk Loss <lists <at> dirk-loss.de>
2007-09-04 09:36:34 GMT
2007-09-04 09:36:34 GMT
Piotr Dula (pdula) wrote: > PS2. Any website with detailed scapy manual? I haven't found much on > this topic and I am using it for the first time.. :( Have a look at http://www.secdev.org/projects/scapy/ in the "Help, documentation" section: http://www.secdev.org/projects/scapy/demo.html (for starters) http://www.oreilly.com/catalog/9780596009632/ (chapters 6 and 18) http://www.secdev.org/projects/scapy/files/scapydoc.pdf (still a draft) http://hackaholic.org/papers/blackmagic.txt (from 2005) Philippes's slides from the various conferences are quite helpful, too. And there are some more examples on Scapy's Trac (which seems to be down at the moment). http://trac.secdev.org/scapy For specifc problems you could also search the mailing list archives: http://news.gmane.org/gmane.comp.security.scapy.general Regards Dirk --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
4 Sep 2007 11:42
Re: sendpfast()
Dirk Loss <lists <at> dirk-loss.de>
2007-09-04 09:42:32 GMT
2007-09-04 09:42:32 GMT
Piotr Dula (pdula) wrote: > However, when I try to use sendpfast(a, pps=1000), it does not send > anything despite the fact that I don't get any error message...(I'm > running wireshark at the destination). I haven't used sendpfast() myself, but here are two ideas (just guessing): - Make sure you have tcpreplay (http://tcpreplay.synfin.net/) installed. You can Scapy where to find it by setting the "conf.prog.tcpreplay" variable. - sendpfast() works on Layer2, so first try if srp(a) works. Regards Dirk --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
4 Sep 2007 14:28
RE: sendpfast()
Piotr Dula (pdula <pdula <at> cisco.com>
2007-09-04 12:28:58 GMT
2007-09-04 12:28:58 GMT
A question connected to the one about sendpfast():
srp(a) doesn't work but sr(a) works fine. What may be the reason
that scapy doesn't send on level 2? At least wireshark on the other end
doesn't see them..
Thank you in advance,
Piotr
---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
4 Sep 2007 14:42
RE: sendpfast()
Philippe Biondi <phil <at> secdev.org>
2007-09-04 12:42:18 GMT
2007-09-04 12:42:18 GMT
On Tue, 4 Sep 2007, Piotr Dula (pdula) wrote: > A question connected to the one about sendpfast(): > > srp(a) doesn't work but sr(a) works fine. What may be the reason > that scapy doesn't send on level 2? At least wireshark on the other end > doesn't see them.. sendpfast() works like sendp() i.e. at level 2 (and needs tcpreplay to be installed). sendp() is not the same as srp(). "srp" means send *and* receive at level 2. But when using sendp() or sendpfast() scapy will only send packets. Thus you cannot replace one by another like that (except for sendp() and sendpfast()). Now about the level 2 vs level 3: scapy always works at level 2. When you use sendp(), sendpfast(), srp(), srploop(), etc., it means that you also work at level 2, so scapy has nothing to do except writing on the wire what you provided. When you use send(), sr(), srloop(), etc., it means that you are working at level 3, so Scapy must manage the link layer for you. -- -- Philippe Biondi <phil <at> secdev.org> SecDev.org Computer Security/R&D http://www.secdev.org PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2 --------------------------------------------------------------------- Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
5 Sep 2007 11:11
6 Sep 2007 10:38
srp() not working
Piotr Dula (pdula <pdula <at> cisco.com>
2007-09-06 08:38:40 GMT
2007-09-06 08:38:40 GMT
Hello,
1)What may be the
reason why the srp() command is not working? sr() is working correctly
and packets are received at the destination. spr() claims that it has sent
a packet but it is not caught by wireshark..
2)How to use
sendpfast()? Could anyone give me and example? help(sendpfast) does not provide
much information....
Thank you for
help,
Piotr
PS. I am attaching
the output of both commands:
>>>
sr(a)
Begin emission:
Finished to send 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
(<Results: UDP:0 TCP:0 ICMP:1 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:0 Other:0>)
>>> srp(a)
Begin emission:
Finished to send 1 packets.
...............
Received 15 packets, got 0 answers, remaining 1 packets
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:1 Other:0>)
Begin emission:
Finished to send 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
(<Results: UDP:0 TCP:0 ICMP:1 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:0 Other:0>)
>>> srp(a)
Begin emission:
Finished to send 1 packets.
...............
Received 15 packets, got 0 answers, remaining 1 packets
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:1 Other:0>)
6 Sep 2007 11:06
Re: srp() not working
Thibaud FRANCOIS <thibaud.francois <at> gmail.com>
2007-09-06 09:06:13 GMT
2007-09-06 09:06:13 GMT
Hi,
In your exemple you send 'a' with sr() and srp() but sr() send packet at layer 3 and srp() send frame at layer 2.
This is a packet (layer 3) : IP(dst=myDest)/ICMP()
This is a frame (layer 2) : Ether()/IP(dst=myDest)/ICMP()
I don't know senpfast() so I can't help you.
Thibaud
On 9/6/07, Piotr Dula (pdula) <pdula <at> cisco.com
> wrote:
Hello,1)What may be the reason why the srp() command is not working? sr() is working correctly and packets are received at the destination. spr() claims that it has sent a packet but it is not caught by wireshark..2)How to use sendpfast()? Could anyone give me and example? help(sendpfast) does not provide much information....Thank you for help,PiotrPS. I am attaching the output of both commands:>>> sr(a)
Begin emission:
Finished to send 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
(<Results: UDP:0 TCP:0 ICMP:1 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:0 Other:0>)
>>> srp(a)
Begin emission:
Finished to send 1 packets.
...............
Received 15 packets, got 0 answers, remaining 1 packets
(<Results: UDP:0 TCP:0 ICMP:0 Other:0>, <Unanswered: UDP:0 TCP:0 ICMP:1 Other:0>)
RSS Feed