Packet Generators

=Ostinato= Installation:  sudo sh -c 'echo deb http://widehat.opensuse.org/repositories/home:/pstavirs:/ostinato/xUbuntu_12.04/ ./ > /etc/apt/sources.list.d/obs-ostinato.sources.list' wget http://download.opensuse.org/repositories/home:/pstavirs:/ostinato/xUbuntu_12.04/Release.key -O- | sudo apt-key add - sudo apt-get update sudo apt-get install ostinato


 * Quickstart Guide:


 * Workspace is divided into 3 main sections - the ports list, streams list and statistics window.
 * You should see a port group entry for "127.0.0.1" in the ports list with a "green" (connected) status
 * Expand the port group and you should see all the ports on your local system (if you don't run it with admin privileges)
 * Select a port in the ports list
 * In the Stream List pane, right click and create a new stream
 * Select the newly created stream and right click to edit it (or double-click on the stream icon to edit)
 * In the just opened Stream Configuration Dialog, select the protocols, fill in the protocol fields, configure no of packets, burst parameters and rates.
 * Click the "Apply" Button in the Stream List pane (IMPORTANT)
 * In the Statistics window, select the same port (select the whole column by clicking on the port heading) for which you configured the stream (IMPORTANT)
 * Click the "Start Transmit" button.

=HPing2=

=Scapy=

Source: secdev.org

sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx sudo apt-get install python-scapy
 * Installation:

>>> p=sniff(count=50) >>> p.plot(lambda x:len(x))
 * Plotting:

>>> p=IP/ICMP >>> p.pdfdump("test.pdf")
 * 2D graphics:

>>> p=readpcap("myfile.pcap") >>> p.conversations(type="jpg", target="> test.jpg")
 * Graphs

>>> a,u=traceroute(["www.python.org", "google.com","slashdot.org"]) >>> a.trace3D
 * 3D graphics

Download: http://weplab.sourceforge.net/caps/weplab-64bit-AA-managed.pcap >>> enc=rdpcap("weplab-64bit-AA-managed.pcap") >>> enc.show >>> enc[0] >>> conf.wepkey="AA\x00\x00\x00" >>> dec=Dot11PacketList(enc).toEthernet >>> dec.show >>> dec[0]
 * WEP decryption

>>> r2,unans=traceroute(["www.voila.com"],maxttl=20) >>> r2.graph
 * Plot

>>> res,unans = traceroute(["www.microsoft.com","www.cisco.com","www.yahoo.com","www.wanadoo.fr","www.pacsec.com"],dport=[80,443],maxttl=20,retry=-2) >>> res.graph

Simple Examples
>>> i = IP >>> i.dst="192.168.1.1" >>> i.display >>> ic = ICMP >>> ic.display sr1(i/ic) sr1(i/ic/”aman.info.tm”)
 * Crafting ICMP Packet:


 * Crafting ARP Packet:

Be careful with this example, it will may break cause LAN issues for some time.

You need to clear arp cache or wait for timeout on the device/router 192.168.1.10.

>>> a = ARP >>> a.pdst="192.168.1.10" >>> a.hwsrc="11:11:11:11:11:11" >>> a.psrc="1.1.1.1" >>> a.hwdst="ff:ff:ff:ff:ff:ff" >>> a.display send(a) arp –a

Complex Examples

 * Each packet can be build:

>>> str(IP) 'E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01' >>> IP(_)  >>> a=Ether/IP(dst="www.slashdot.org")/TCP/"GET /index.html HTTP/1.0 \n\n" >>> hexdump(a) 00 02 15 37 A2 44 00 AE F3 52 AA D1 08 00 45 00 ...7.D...R....E. 00 43 00 01 00 00 40 06 78 3C C0 A8 05 15 42 23  .C....@.x<....B# FA 97 00 14 00 50 00 00 00 00 00 00 00 00 50 02  .....P........P. 20 00 BB 39 00 00 47 45 54 20 2F 69 6E 64 65 78   ..9..GET /index 2E 68 74 6D 6C 20 48 54 54 50 2F 31 2E 30 20 0A .html HTTP/1.0. 0A. >>> b=str(a) >>> b '\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0 \xa8\x05\x15B#\xfa\x97\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00 \xbb9\x00\x00GET /index.html HTTP/1.0 \n\n' >>> c=Ether(b) >>> c >>>

a=IP(dst="www.slashdot.org/30") [p for p in a] b=IP(ttl=[1,2,(5,9)]) [p for p in b] c=TCP(dport=[80,443]) [p for p in a/c]
 * Sets of packets:

>, >, >, >, >, >, >, >


 * The send function will send packets at layer 3. That is to say it will handle routing and layer 2 for you.
 * The sendp function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.

send(IP(dst="1.2.3.4")/ICMP) sendp(Ether/IP(dst="1.2.3.4",ttl=(1,4)), iface="eth1") sendp("I'm travelling on Ethernet", iface="eth1", loop=1, inter=0.2) sendp(rdpcap("/tmp/pcapfile")) # tcpreplay
 * Send Packets:


 * The sr function is for sending packets and receiving answers.
 * The function returns a couple of packet and answers, and the unanswered packets.
 * The function sr1 is a variant that only return one packet that answered the packet (or the packet set) sent.
 * The packets must be layer 3 packets (IP, ARP, etc.)
 * The function srp do the same for layer 2 packets (Ethernet, 802.3, etc.)

>>> p=sr1(IP(dst="www.slashdot.org")/ICMP/"XXXXXXXXXXX") Begin emission: ...Finished to send 1 packets. .* Received 5 packets, got 1 answers, remaining 0 packets >>> p >>> >>> p.show ---[ IP ]--- version  = 4L ihl      = 5L tos      = 0x0 len      = 39 id       = 15489 flags    = frag     = 0L ttl      = 42 proto    = ICMP chksum   = 0x51dd src      = 66.35.250.151 dst      = 192.168.5.21 options  = '' ---[ ICMP ]--- type     = echo-reply code     = 0 chksum   = 0xee45 id       = 0x0 seq      = 0x0 ---[ Raw ]--- load     = 'XXXXXXXXXXX' ---[ Padding ]--- load     = '\x00\x00\x00\x00'

>>> sr1(IP(dst="192.168.5.1")/UDP/DNS(rd=1,qd=DNSQR(qname="www.slashdot.org")))
 * DNS query (rd = recursion desired):

>>> ans,unans=sr(IP(dst=target, ttl=(4,25),id=RandShort)/TCP(flags=0x2))
 * A TCP traceroute.

>>> sniff(filter="icmp and host 66.35.250.151", count=2) >>> a=_ >>> a.nsummary
 * Packet Captures:

>>> sniff(iface="wifi0", prn=lambda x: x.summary)

>>> sniff(iface="eth1", prn=lambda x: x.show)

dst, dport, sport = "ftp.free.fr", 21, int(RandShort) p0 = IP(dst=dst)/TCP(sport=sport, dport=dport, flags="S") p1 = sr1(p0) p2 = IP(dst=dst)/TCP(sport=sport, dport=dport, seq=p1.ack, ack=p1.seq+1, flags="A") p3 = sr1(p2)
 * FTP:

>>> s.summary Ether / IP / TCP 91.121.51.205:44857 > 212.27.60.27:ftp S Ether / IP / TCP 212.27.60.27:ftp > 91.121.51.205:44857 SA Ether / IP / TCP 91.121.51.205:44857 > 212.27.60.27:ftp A Ether / IP / TCP 212.27.60.27:ftp > 91.121.51.205:44857 PA / Raw >>> s[3][Raw] 
 * Sniffing the network gives:

sudo tcpdump port 21 or port 20

ans=sr1((IP(dst="10.100.10.22")/TCP(sport=rand, dport=21,flags="S",options=[('MSS', 1460), ('SAckOK', ''), ('Timestamp', (5693231, 0)), ('NOP', None), ('WScale', 6)]))) sseq=ans.seq sack=ans.ack ans=sr1((IP(proto=6, tos=0, dst='10.100.10.22', options='', version=4L)/TCP(seq=sack, ack=sseq+1, dport=21, flags="A", options=[('NOP', None), ('NOP', None), ('Timestamp', (981592, 525503134))])))

= PackEth =

=Misc= Need to install 'parallel' first sudo apt-get install parallel seq 100 | parallel -j0 -joblog log curl ftp://test:test@10.107.88.93/log ">" {}.txt
 * Generating 100 FTP requests