root@cs60base:~/lab3# scapy INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump(). WARNING: No route found for IPv6 destination :: (no default route?) INFO: Can't import python Crypto lib. Won't be able to decrypt WEP. INFO: Can't import python Crypto lib. Disabled certificate manipulation tools Welcome to Scapy (2.2.0) >>> i = IP() >>> i.show() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= hopopt chksum= None src= 127.0.0.1 dst= 127.0.0.1 \options\ >>> i = IP( dst = "8.8.8.8" ) >>> i.show() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= hopopt chksum= None src= 192.168.56.100 dst= 8.8.8.8 \options\ // Tab completion works! >>> ICMP ICMP ICMPv6NDOptRouteInfo ICMPTimeStampField ICMPv6NDOptShortcutLimit ICMPerror ICMPv6NDOptSrcAddrList ICMPv6DestUnreach ICMPv6NDOptSrcLLAddr >>> ICMP().show() ###[ ICMP ]### type= echo-request code= 0 chksum= None id= 0x0 seq= 0x0 >>> ICMP().type 8 >>> i = IP( dst = "8.8.8.8" ) / ICMP () >>> i.show() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= icmp chksum= None src= 192.168.56.100 dst= 8.8.8.8 \options\ ###[ ICMP ]### type= echo-request code= 0 chksum= None id= 0x0 seq= 0x0 >>> Raw Raw RawPcapReader RawPcapWriter RawVal // List objects that Scapy can build and parse: >>> ls() ARP : ARP ASN1_Packet : None BOOTP : BOOTP TCP : // List commands Scapy supports: >>> lsc() arpcachepoison : Poison target's cache with (your MAC,victim's IP) couple arping : Send ARP who-has requests to determine which hosts are up bind_layers : Bind 2 layers on some specific fields' values corrupt_bits : Flip a given percentage or number of bits from a string corrupt_bytes : Corrupt a given percentage or number of bytes from a string >>> Raw().show() ###[ Raw ]### load= '' >>> i = IP( dst = "8.8.8.8" ) / ICMP () / Raw (load="hello scapy") >>> i.show() ###[ IP ]### version= 4 ihl= None tos= 0x0 len= None id= 1 flags= frag= 0 ttl= 64 proto= icmp chksum= None src= 192.168.56.100 dst= 8.8.8.8 \options\ ###[ ICMP ]### type= echo-request code= 0 chksum= None id= 0x0 seq= 0x0 ###[ Raw ]### load= 'hello scapy' // Build the packet, replacing "None"s with actual lengths and checksums: >>> i.show2() ###[ IP ]### version= 4L ihl= 5L tos= 0x0 len= 39 id= 1 flags= frag= 0L ttl= 64 proto= icmp chksum= 0x71b9 src= 192.168.56.100 dst= 8.8.8.8 \options\ ###[ ICMP ]### type= echo-request code= 0 chksum= 0x6639 id= 0x0 seq= 0x0 ###[ Raw ]### load= 'hello scapy' // Show the built packet in hexadecimal as it would go on the wire: // (less Ethernet header): >>> hexdump(i) 0000 45 00 00 27 00 01 00 00 40 01 71 B9 C0 A8 38 64 E..'....@.q...8d 0010 08 08 08 08 08 00 66 39 00 00 00 00 68 65 6C 6C ......f9....hell 0020 6F 20 73 63 61 70 79 o scapy // Send the packet and sniff for a matching response. The matching is heuristic // and may fail; I prefer sending then sniffing with tcpdump. >>> sr1(i) Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets >>> // Oops, forgot to save the response, re-trying: >>> l = sr1(i) Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets // Response, parsed and summarized: >>> l >>> // ...and in hex: >>> hexdump(l) 0000 45 00 00 27 A0 ED 00 00 37 01 D9 CC 08 08 08 08 E..'....7....... 0010 C0 A8 38 64 00 00 6E 39 00 00 00 00 68 65 6C 6C ..8d..n9....hell 0020 6F 20 73 63 61 70 79 00 00 00 00 00 00 00 o scapy....... // ...and in full parsed detail: >>> l.show() ###[ IP ]### version= 4L ihl= 5L tos= 0x0 len= 39 id= 41197 flags= frag= 0L ttl= 55 proto= icmp chksum= 0xd9cc src= 8.8.8.8 dst= 192.168.56.100 \options\ ###[ ICMP ]### type= echo-reply code= 0 chksum= 0x6e39 id= 0x0 seq= 0x0 ###[ Raw ]### load= 'hello scapy' ###[ Padding ]### load= '\x00\x00\x00\x00\x00\x00\x00' >>>