Hi! I want to fuzz LLMNR protocol. How can I see, LLMNR fields named "z", "tc", "c" have BitField type. But when I fuzzing, values of this fields are 3,13,4..., but not 0 or 1. Why does it happen? Thanks. --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
Hi, Does any of you have any experience with sniffing data with Scapy functions and methods, yet analyzing packets in a real time? I would like to be able to sniff IPv6 packets and detect some anomalies or do some statistical counting. If not Scapy (or, at least sniff() function), maybe other Python libraries are more optimised? Any advices? Or some embedding Python into C programm and making the C code to sniff and pass the packets to the Python layer is a good solution? -- -- Marek Denis [marek <at> octogan.net] --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
Marek,
Is it sufficient to filter packets and output specific fields? Like this example:
- only show tcp packets
- where destination port =6666
- and TCP -RST-flag is not set
- display that it's a TCP or ICMP response
- for TCP display: length of IP packet, source IP, TCP-flags
- for ICMP display: length of IP packet, source IP, ICMP type and code and original destination
sniff(filter='(tcp and dst port 6666 and tcp[tcpflags] & (tcp-rst) = 0)', prn = lambda x:
x.sprintf("{TCP:len=%IP.len% ip=%IP.src% flags=%TCP.flags%}{ICMP:len=%IP.len% ip=%IP.src%
type=%ICMP.type% code=%ICMP.code% orig.dest=%IPerror.dst%}"))
It does print certain anomalies, but I have found no way to do the counting.
Cor
On Apr 12, 2012, at 10:38 PM, Marek Denis wrote:
> Hi,
>
> Does any of you have any experience with sniffing data with Scapy
> functions and methods, yet analyzing packets in a real time?
> I would like to be able to sniff IPv6 packets and detect some anomalies
> or do some statistical counting.
> If not Scapy (or, at least sniff() function), maybe other Python
> libraries are more optimised? Any advices?
> Or some embedding Python into C programm and making the C code to sniff
> and pass the packets to the Python layer is a good solution?
(Continue reading)Cor, On 13.04.2012 10:00, Cor Rosielle wrote: > Marek, > > Is it sufficient to filter packets and output specific fields? Like > this example: I was rather thinking about a monitor that tries to identify some IPv6 attacks. This means some counting should be performed, matching packets and so on. I would like to do it online, so here comes my initial question - should Scapy be able to handle typical traffic in realtime? > It does print certain anomalies, but I have found no way to do the > counting. How about checking data in the callback function inspecting necessary data and storing Packet in the memory if necessary? -- -- pozdrawiam Marek Denis [marek <at> octogan.net] --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
Philippe Biondi <phil <at> secdev.org> writes: > > Hi, > > I've just released Scapy 2.2.0. There were some bugfixes, but that's not > the important part of the release. > > Until 4 hours ago, the way I integrated contributions to Scapy was to try > to completely re-read them, understand them, undertand the protocol they > were implementing, sometimes rewrite some parts of them because they could > have used a not-very-well-documented feature of Scapy. Needless to say it > took me so much time that I failed to integrate most of the contributions. > This situation embarrassed me a lot, so I created a "contrib" section in > Scapy where I can put all contributed protocols without feeling the need > to deeply reread them, and without delaying their distribution. > > This enabled me to integrate 19 (!) protocols from enduring contributors > which I'd like to apologize to. And some more contributions are still > awaiting! (Without even speaking about the bugs and fixes) > > Contributed modules are not loaded by default and can be loaded > with the new load_contrib() function. > > There is a new list_contrib() function giving the list of available > contrib modules : > > >>> list_contrib() > chdlc : Cisco HDLC and SLARP status=loads > cdp : Cisco Discovery Protocol status=loads(Continue reading)
On 15.04.12 14:30, Andrew wrote:
> I'm relatively new to Scapy/Python and I can't figure out what argument to pass
> to load_contrib(). I installed from ports on FreeBSD, created a directory
> called 'contrib/' in Scapy's home dir, and placed 'igmp.py' in it. Scapy works
> great otherwise. Any help would be much appreciated.
>
> Welcome to Scapy (2.2.0)
>>>> list_contrib()
> igmp : IGMP/IGMPv2 status=loads
>>>> load_contrib('igmp')
> ERROR: No module named contrib.igmp
>>>> load_contrib('IGMP/IGMPv2')
Make sure there is a file "__init_.py" in the contrib directory,
so that it is detected as a Python package:
$ touch contrib/__init__.py
Best regards
Dirk
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
Hi All, I am relatively new to Scapy and Python and am having some trouble with the new contrib() functionality in Scapy 2.2.0. Basically I don't know how to import anything as I don't know what to pass to load_contrib() as argument. root <at> crunch:..scapy/contrib# pwd /usr/local/lib/python2.7/site-packages/scapy/contrib root <at> crunch:..scapy/contrib# ls -l total 16 -rwxrwxrwx 1 root wheel 6266 Apr 15 13:45 igmp.py -rwxrwxrwx 1 root wheel 5466 Apr 16 16:40 igmp.pyc root <at> crunch:..scapy/contrib# uname -a FreeBSD crunch 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root <at> obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 root <at> crunch:/root# scapy INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump(). INFO: Can't import python Crypto lib. Won't be able to decrypt WEP. INFO: Can't import python Crypto lib. Disabled certificate manipulation tools Welcome to Scapy (2.2.0) >>> list_contrib() igmp : IGMP/IGMPv2 status=loads >>> load_contrib(igmp) Traceback (most recent call last): File "<console>", line 1, in <module> NameError: name 'igmp' is not defined(Continue reading)
On 16.04.12 16:48, Andrew McConachie wrote: > I am relatively new to Scapy and Python and am having some trouble > with the new contrib() functionality in Scapy 2.2.0. Basically I > don't know how to import anything as I don't know what to pass to > load_contrib() as argument. [...] > root <at> crunch:..scapy/contrib# pwd > /usr/local/lib/python2.7/site-packages/scapy/contrib > root <at> crunch:..scapy/contrib# ls -l > total 16 > -rwxrwxrwx 1 root wheel 6266 Apr 15 13:45 igmp.py > -rwxrwxrwx 1 root wheel 5466 Apr 16 16:40 igmp.pyc The file "__init__.py" is missing (and the other contrib files as well). At least the __init__.py must exist. It can be empty: $ ls -l __init__.py -rw-(Continue reading)r--r-- 1 dirk staff 0 15 Apr 14:51 __init__.py You can create it with "touch": $ touch /usr/local/lib/python2.7/site-packages/scapy/contrib/__init__.py > Welcome to Scapy (2.2.0) >>>> load_contrib('igmp') > ERROR: No module named contrib.igmp This is the right syntax and will work if you have created the __init__.py file in the contrib directory. Best regards
On Mon, Apr 16, 2012 at 7:43 PM, Dirk Loss <lists <at> dirk-loss.de> wrote: > On 16.04.12 16:48, Andrew McConachie wrote: >> I am relatively new to Scapy and Python and am having some trouble >> with the new contrib() functionality in Scapy 2.2.0. Basically I >> don't know how to import anything as I don't know what to pass to >> load_contrib() as argument. > [...] >> root <at> crunch:..scapy/contrib# pwd >> /usr/local/lib/python2.7/site-packages/scapy/contrib >> root <at> crunch:..scapy/contrib# ls -l >> total 16 >> -rwxrwxrwx 1 root wheel 6266 Apr 15 13:45 igmp.py >> -rwxrwxrwx 1 root wheel 5466 Apr 16 16:40 igmp.pyc > > The file "__init__.py" is missing (and the other contrib files as well). > At least the __init__.py must exist. It can be empty: > > $ ls -l __init__.py > -rw-(Continue reading)r--r-- 1 dirk staff 0 15 Apr 14:51 __init__.py > > You can create it with "touch": > $ touch /usr/local/lib/python2.7/site-packages/scapy/contrib/__init__.py > >> Welcome to Scapy (2.2.0) >>>>> load_contrib('igmp') >> ERROR: No module named contrib.igmp > > This is the right syntax and will work if you have created the > __init__.py file in the contrib directory. >
Hello List,
RSS Feed15 | |
|---|---|
21 | |
7 | |
14 | |
13 | |
11 | |
6 | |
30 | |
17 | |
3 | |
17 | |
13 | |
20 | |
15 | |
37 | |
67 | |
40 | |
20 | |
13 | |
48 | |
24 | |
37 | |
18 | |
27 | |
27 | |
32 | |
23 | |
14 | |
18 | |
33 | |
40 | |
35 | |
42 | |
19 | |
32 | |
22 | |
86 | |
44 | |
41 | |
72 | |
28 | |
34 | |
36 | |
20 | |
24 | |
19 | |
34 | |
19 | |
17 | |
30 | |
24 | |
62 | |
23 | |
29 | |
62 | |
24 | |
72 | |
16 | |
9 | |
28 | |
35 | |
36 | |
26 | |
43 | |
23 | |
31 | |
39 | |
54 | |
14 | |
26 | |
31 | |
18 | |
61 | |
48 | |
18 | |
59 | |
9 | |
20 | |
43 | |
40 | |
34 | |
34 | |
12 | |
19 | |
20 | |
29 | |
15 | |
30 | |
38 | |
34 | |
23 | |
36 | |
31 |
