Packet Generators
Ostinato
Installation:
sudo sh -c 'echo deb http://widehat.opensuse.org/repositories/home:/pstavirs:/ostinato/xUbuntu_12.04/ ./ > /etc/apt/sources.list.d/obs-ostinato.sources.list' wget http://download.opensuse.org/repositories/home:/pstavirs:/ostinato/xUbuntu_12.04/Release.key -O- | sudo apt-key add - sudo apt-get update sudo apt-get install ostinato
- Quickstart Guide
- Workspace is divided into 3 main sections - the ports list, streams list and statistics window.
- You should see a port group entry for "127.0.0.1" in the ports list with a "green" (connected) status
- Expand the port group and you should see all the ports on your local system (if you don't run it with admin privileges)
- Select a port in the ports list
- In the Stream List pane, right click and create a new stream
- Select the newly created stream and right click to edit it (or double-click on the stream icon to edit)
- In the just opened Stream Configuration Dialog, select the protocols, fill in the protocol fields, configure no of packets, burst parameters and rates.
- Click the "Apply" Button in the Stream List pane (IMPORTANT)
- In the Statistics window, select the same port (select the whole column by clicking on the port heading) for which you configured the stream (IMPORTANT)
- Click the "Start Transmit" button.
HPing2
This section is under construction. |
Scapy
Source: secdev.org
- Installation:
sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx sudo apt-get install python-scapy
- Plotting:
>>> p=sniff(count=50) >>> p.plot(lambda x:len(x))
- 2D graphics:
>>> p=IP()/ICMP() >>> p.pdfdump("test.pdf")
- Graphs
>>> p=readpcap("myfile.pcap") >>> p.conversations(type="jpg", target="> test.jpg")
- 3D graphics
>>> a,u=traceroute(["www.python.org", "google.com","slashdot.org"]) >>> a.trace3D()
- WEP decryption
Download: http://weplab.sourceforge.net/caps/weplab-64bit-AA-managed.pcap >>> enc=rdpcap("weplab-64bit-AA-managed.pcap") >>> enc.show() >>> enc[0] >>> conf.wepkey="AA\x00\x00\x00" >>> dec=Dot11PacketList(enc).toEthernet() >>> dec.show() >>> dec[0]
- Plot
>>> r2,unans=traceroute(["www.voila.com"],maxttl=20) >>> r2.graph()
>>> res,unans = traceroute(["www.microsoft.com","www.cisco.com","www.yahoo.com","www.wanadoo.fr","www.pacsec.com"],dport=[80,443],maxttl=20,retry=-2) >>> res.graph()
Simple Examples
- Crafting ICMP Packet:
>>> i = IP() >>> i.dst="192.168.1.1" >>> i.display() >>> ic = ICMP() >>> ic.display() sr1(i/ic) sr1(i/ic/”aman.info.tm”)
- Crafting ARP Packet:
Be careful with this example, it will may break cause LAN issues for some time.
You need to clear arp cache or wait for timeout on the device/router 192.168.1.10.
>>> a = ARP() >>> a.pdst="192.168.1.10" >>> a.hwsrc="11:11:11:11:11:11" >>> a.psrc="1.1.1.1" >>> a.hwdst="ff:ff:ff:ff:ff:ff" >>> a.display() send(a) arp –a
Complex Examples
- Each packet can be build:
>>> str(IP()) 'E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01' >>> IP(_) <IP version=4L ihl=5L tos=0x0 len=20 id=1 flags= frag=0L ttl=64 proto=IP chksum=0x7ce7 src=127.0.0.1 dst=127.0.0.1 |> >>> a=Ether()/IP(dst="www.slashdot.org")/TCP()/"GET /index.html HTTP/1.0 \n\n" >>> hexdump(a) 00 02 15 37 A2 44 00 AE F3 52 AA D1 08 00 45 00 ...7.D...R....E. 00 43 00 01 00 00 40 06 78 3C C0 A8 05 15 42 23 [email protected]<....B# FA 97 00 14 00 50 00 00 00 00 00 00 00 00 50 02 .....P........P. 20 00 BB 39 00 00 47 45 54 20 2F 69 6E 64 65 78 ..9..GET /index 2E 68 74 6D 6C 20 48 54 54 50 2F 31 2E 30 20 0A .html HTTP/1.0 . 0A . >>> b=str(a) >>> b '\x00\x02\x157\xa2D\x00\xae\xf3R\xaa\xd1\x08\x00E\x00\x00C\x00\x01\x00\x00@\x06x<\xc0 \xa8\x05\x15B#\xfa\x97\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00 \xbb9\x00\x00GET /index.html HTTP/1.0 \n\n' >>> c=Ether(b) >>> c <Ether dst=00:02:15:37:a2:44 src=00:ae:f3:52:aa:d1 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=67 id=1 flags= frag=0L ttl=64 proto=TCP chksum=0x783c src=192.168.5.21 dst=66.35.250.151 |<TCP sport=20 dport=80 seq=0L ack=0L dataofs=5L reserved=0L flags=S window=8192 chksum=0xbb39 urgptr=0 options=[] |<Raw load='GET /index.html HTTP/1.0 \n\n' |>>>>
- Sets of packets:
a=IP(dst="www.slashdot.org/30") [p for p in a] b=IP(ttl=[1,2,(5,9)]) [p for p in b] c=TCP(dport=[80,443]) [p for p in a/c]
<IP frag=0 proto=tcp dst=216.34.181.48 |<TCP dport=http |>>, <IP frag=0 proto=tcp dst=216.34.181.48 |<TCP dport=https |>>, <IP frag=0 proto=tcp dst=216.34.181.49 |<TCP dport=http |>>, <IP frag=0 proto=tcp dst=216.34.181.49 |<TCP dport=https |>>, <IP frag=0 proto=tcp dst=216.34.181.50 |<TCP dport=http |>>, <IP frag=0 proto=tcp dst=216.34.181.50 |<TCP dport=https |>>, <IP frag=0 proto=tcp dst=216.34.181.51 |<TCP dport=http |>>, <IP frag=0 proto=tcp dst=216.34.181.51 |<TCP dport=https |>>
- The send() function will send packets at layer 3. That is to say it will handle routing and layer 2 for you.
- The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.
- Send Packets:
send(IP(dst="1.2.3.4")/ICMP()) sendp(Ether()/IP(dst="1.2.3.4",ttl=(1,4)), iface="eth1") sendp("I'm travelling on Ethernet", iface="eth1", loop=1, inter=0.2) sendp(rdpcap("/tmp/pcapfile")) # tcpreplay
- The sr() function is for sending packets and receiving answers.
- The function returns a couple of packet and answers, and the unanswered packets.
- The function sr1() is a variant that only return one packet that answered the packet (or the packet set) sent.
- The packets must be layer 3 packets (IP, ARP, etc.)
- The function srp() do the same for layer 2 packets (Ethernet, 802.3, etc.)
>>> p=sr1(IP(dst="www.slashdot.org")/ICMP()/"XXXXXXXXXXX") Begin emission: ...Finished to send 1 packets. .* Received 5 packets, got 1 answers, remaining 0 packets >>> p <IP version=4L ihl=5L tos=0x0 len=39 id=15489 flags= frag=0L ttl=42 proto=ICMP chksum=0x51dd src=66.35.250.151 dst=192.168.5.21 |<ICMP type=echo-reply code=0 chksum=0xee45 id=0x0 seq=0x0 |<Raw load='XXXXXXXXXXX' |<Padding load='\x00\x00\x00\x00' |>>>> >>> p.show() ---[ IP ]--- version = 4L ihl = 5L tos = 0x0 len = 39 id = 15489 flags = frag = 0L ttl = 42 proto = ICMP chksum = 0x51dd src = 66.35.250.151 dst = 192.168.5.21 options = ---[ ICMP ]--- type = echo-reply code = 0 chksum = 0xee45 id = 0x0 seq = 0x0 ---[ Raw ]--- load = 'XXXXXXXXXXX' ---[ Padding ]--- load = '\x00\x00\x00\x00'
- DNS query (rd = recursion desired):
>>> sr1(IP(dst="192.168.5.1")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.slashdot.org")))
- A TCP traceroute.
>>> ans,unans=sr(IP(dst=target, ttl=(4,25),id=RandShort())/TCP(flags=0x2))
- Packet Captures:
>>> sniff(filter="icmp and host 66.35.250.151", count=2) >>> a=_ >>> a.nsummary()
>>> sniff(iface="wifi0", prn=lambda x: x.summary())
>>> sniff(iface="eth1", prn=lambda x: x.show())
- FTP:
dst, dport, sport = "ftp.free.fr", 21, int(RandShort()) p0 = IP(dst=dst)/TCP(sport=sport, dport=dport, flags="S") p1 = sr1(p0) p2 = IP(dst=dst)/TCP(sport=sport, dport=dport, seq=p1.ack, ack=p1.seq+1, flags="A") p3 = sr1(p2)
- Sniffing the network gives:
>>> s.summary() Ether / IP / TCP 91.121.51.205:44857 > 212.27.60.27:ftp S Ether / IP / TCP 212.27.60.27:ftp > 91.121.51.205:44857 SA Ether / IP / TCP 91.121.51.205:44857 > 212.27.60.27:ftp A Ether / IP / TCP 212.27.60.27:ftp > 91.121.51.205:44857 PA / Raw >>> s[3][Raw] <Raw load='220 Welcome to ProXad FTP server\r\n' |>
sudo tcpdump port 21 or port 20
ans=sr1((IP(dst="10.100.10.22")/TCP(sport=rand, dport=21,flags="S",options=[('MSS', 1460), ('SAckOK', ), ('Timestamp', (5693231, 0)), ('NOP', None), ('WScale', 6)]))) sseq=ans.seq sack=ans.ack ans=sr1((IP(proto=6, tos=0, dst='10.100.10.22', options=, version=4L)/TCP(seq=sack, ack=sseq+1, dport=21, flags="A", options=[('NOP', None), ('NOP', None), ('Timestamp', (981592, 525503134))])))
PackEth
This section is under construction. |
Misc
- Generating 100 FTP requests
Need to install 'parallel' first
sudo apt-get install parallel seq 100 | parallel -j0 -joblog log curl ftp://test:[email protected]/log ">" {}.txt
{{#widget:DISQUS
|id=networkm
|uniqid=Packet Generators
|url=https://aman.awiki.org/wiki/Packet_Generators
}}