http://permalink.gmane.org/gmane.comp.security.scapy.general hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.comp.security.scapy.general/4831 <pre>On Wed, May 22, 2013 at 04:20:06PM +0200, Alfonso Caponi &lt;alfonso.caponi&lt; at &gt;gmail.com&gt; wrote a message of 29 lines which said: Apparently, it *is* possible, and for a very long time: http://trac.secdev.org/scapy/ticket/84 --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Stephane Bortzmeyer 2013-05-22T14:36:32 http://permalink.gmane.org/gmane.comp.security.scapy.general/4830 <pre>Perfect, thank you very much! 2013/5/22 Stephane Bortzmeyer &lt;bortzmeyer&lt; at &gt;nic.fr&gt; </pre> Alfonso Caponi 2013-05-22T15:08:25 http://permalink.gmane.org/gmane.comp.security.scapy.general/4829 <pre>Hi list, I read: ... DNS : DNS DNSQR : DNS Question Record DNSRR : DNS Resource Record Do you confirm it's not possible to create dnssec requests? Thank you, Al </pre> Alfonso Caponi 2013-05-22T14:20:06 http://permalink.gmane.org/gmane.comp.security.scapy.general/4828 <pre>Hi! Great thx from happy Scapy user! :) I experience a problem with memory leak(s) in sendp() function (I suppose): sending more than 30 000 packets with sendp() cause FreeBSD to kill python's process due to his large size in memory (over 3 Gb!). Please, fix it! :( I wrote short test with some debug information - he tries to send 10000000 packets with sendp(). FreeBSD 8.2+ x86 (scapy 2.2.0, 2.1.1) fails approximately at 30 000'th packet. Here it is: &lt;test begin&gt; #! /usr/bin/env python # -*- coding: utf-8 -*- from scapy.all import * from scapy.layers.inet import IP, TCP, UDP, ICMP from scapy.layers.sctp import SCTP from commands import * import gc import pdb def printAllGcObjs(): i = 0 sum = 0 for obj in gc.get_objects(): i = i + 1 curBytes = sys.getsizeof(obj) sum = sum + curBytes print('\n\nObject #' + str(i) + ' (' + str(curBytes) + ' bytes, all elements by now are at ' + str(sum) + ' bytes):') #print obj # Informative, but unsafe: scapy may brake this by thro</pre> Stepan B. 2013-05-20T20:43:42 http://permalink.gmane.org/gmane.comp.security.scapy.general/4827 <pre> Thank you, Philippe! This works now!! --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-05-13T15:18:49 http://permalink.gmane.org/gmane.comp.security.scapy.general/4826 <pre> If you do that in sample.mysmmary(), then self is sample, self.underlayer is UDP and self.underlayer.underlayer is IPv6. Hence: self.underlayer.underlayer.sprintf("UDP %IPv6.src%:%UDP.sport% ...) --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Philippe Biondi 2013-05-11T22:44:55 http://permalink.gmane.org/gmane.comp.security.scapy.general/4825 <pre>Fveverdedd Sent from my iPhone On May 11, 2013, at 2:30 PM, Bruce Barnett &lt;grymoire&lt; at &gt;gmail.com&gt; wrote: --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Carlos Perez 2013-05-11T18:57:44 http://permalink.gmane.org/gmane.comp.security.scapy.general/4824 <pre> Yes, I understand. As I said, I also tried to use the IP field names to get the IP addresses, i.e self.underlayer.sprintf("UDP %IP.src%:%UDP.sport% %IP.dst%:%UDP.dport% sample") I've also tried self.underlayer.sprintf("UDP %IPv6.src%:%UDP.sport% %IPv6.dst%:%UDP.dport% sample") And that doesn't work either. I've tried to debug this, and find out what I am doing wrong, but I'm not making much progress. --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-05-11T18:40:21 http://permalink.gmane.org/gmane.comp.security.scapy.general/4823 <pre> I did a tcpdump capture on a 802.15.4/6LoWPAN wireless network, on the device with the radio that was sending/receiving the data. The packet capture type was "Raw IP" - apparently the implementation didn't capture any frame information, so it stored it without this data. But the IP version in the packet is 6, not 4, so the packet should be decoded as IPv6. Wireshark and tcpdump both decode the packet as IPv6. Scapy decodes it as IPv4. --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-05-11T18:30:05 http://permalink.gmane.org/gmane.comp.security.scapy.general/4822 <pre> UDP does not have src or dst fields. They lie in the IPv6 layer. Note that UDP's mysummary() method uses self.underlayer to access those values. --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Philippe Biondi 2013-05-08T23:01:56 http://permalink.gmane.org/gmane.comp.security.scapy.general/4821 <pre> [...] Where does the packet come from ? A pcap ? Did you have any warning saying that the linktype was unknown ? --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Philippe Biondi 2013-05-08T22:58:04 http://permalink.gmane.org/gmane.comp.security.scapy.general/4820 <pre>Hi all, Could somebody be so kind to save this http://pastebin.com/rX5RGmvJ as fakeap.py and execute it using the command # strace python fakeap.py |&amp; tee strace.out and share the output? You will probably have to replace the |&amp; part on linux to make it redirect stderr to the file. It doesn't matter which OS, as long as you're confident that your wireless radio is injecting successfully. Setting the interface is described here http://www.secdev.org/projects/scapy/doc/usage.html#wireless-frame-injection Thanks, Mark From: mark_moes&lt; at &gt;hotmail.com To: scapy.ml&lt; at &gt;secdev.org Date: Thu, 25 Apr 2013 13:42:00 +0200 Subject: [scapy.ml] How to inject 802.11 frames on FreeBSD I already posted this same question on stackoverflow http://stackoverflow.com/questions/16212208/how-to-inject-802-11-frames-with-scapy-on-freebsd but I'll just copy the whole text. On a FreeBSD 8.1 machine I am trying to inject 802.11 frames with Scapy 2.2.0 as described in the documentation's example: http://www.secdev.org/projects/s</pre> Mark Moes 2013-05-07T18:06:24 http://permalink.gmane.org/gmane.comp.security.scapy.general/4819 <pre>In the file scapy-com/scapy/doc/build_dissect.rst is the code: def m2i(self, pkt, x): if s is None: return None, 0 return str2vlenq(x)[1] "s" is undefined. --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-05-02T17:22:50 http://permalink.gmane.org/gmane.comp.security.scapy.general/4818 <pre>When given an IPv6 packet trace, and the following code a=rdpcap("ipv6.pcap") print hexdump(a[1]) print a[1].show() scapy decodes it as IPv4: 0000 60 00 00 00 00 40 3A FF FE 80 00 00 00 00 00 00 `....&lt; at &gt;:......... 0010 00 00 00 00 00 00 00 00 FF 02 00 00 00 00 00 00 ................ 0020 00 00 00 00 00 00 00 01 86 00 8D 1D 40 00 00 00 ............&lt; at &gt;... 0030 00 00 00 00 00 00 00 00 01 01 00 00 00 00 00 00 ................ 0040 05 01 00 00 00 00 05 DC 03 04 40 E0 00 00 03 20 ..........&lt; at &gt;.... 0050 00 00 01 90 00 00 00 00 20 01 04 70 1F 15 16 EA ........ ..p.... 0060 00 00 00 00 00 00 00 00 ........ None ###[ IP ]### version = 6 ihl = 0 tos = 0x00 len = 0 id = 64 flags = MF frag = 6911 ttl = 254 proto = 128 chksum = 0x00 src = 0.0.0.0 dst = 0.0.0.0 \options \ ###[ Padding ]### load = '\x00\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0</pre> Bruce Barnett 2013-05-02T15:03:50 http://permalink.gmane.org/gmane.comp.security.scapy.general/4817 <pre> I'm not sure this was right. I've also used this: conf.l2types.register(101, SixLoWPAN) But now I have another problem. I'm creating a new layer on top of the 6LoWPAN layer. Here is the code, called sample.py ---------------------------------------- from scapy.all import * import socket import struct from scapy.layers.inet import * from scapy.layers.inet6 import * from scapy.layers.sixlowpan import * class sample(Packet): name = "sample" def mysummary(self): if isinstance(self.underlayer, UDP): return self.underlayer.sprintf("UDP %UDP.src%:%UDP.sport% else: return "sample" bind_layers( UDP, sample, sport=5683 ) bind_layers( UDP, sample, dport=5683 ) -------------------------------------------------------- Now when I try to decode this packet, and print the UDP (or IPv6) source and address, I get "??" instead of the real value: SixLoWPAN / LoWPAN_IPHC / IPv6 / UDP / UDP ??:5683 &gt; ??:61631 sample / Raw but if I don't import my class, I get the default (co</pre> Bruce Barnett 2013-05-01T18:20:58 http://permalink.gmane.org/gmane.comp.security.scapy.general/4816 <pre>Thanks. Let me see if I understand--in packet[0] I have the first packet, still in pcap form. Then chexdump converts to a string and then converts characters to bytes: def chexdump(x): x=str(x) print ", ".join(map(lambda x: "%#04x"%ord(x), x)) I don't need to print them, just set them up in an array for later processing, but I suppose I could use something like this to assign the byte values to an array and then process through the rest of the pcap file. Does this seem like a reasonable approach? Thanks, Kevin On Fri, Apr 26, 2013 at 7:13 AM, Bruce Barnett &lt;grymoire&lt; at &gt;gmail.com&gt; wrote: </pre> Kevin Ross 2013-04-30T05:05:49 http://permalink.gmane.org/gmane.comp.security.scapy.general/4815 <pre>Yes, I've sent fragmented IPv6 packets using sendp. On Mon, Apr 29, 2013 at 5:15 PM, Antonios Atlasis &lt; antonios.atlasis&lt; at &gt;gmail.com&gt; wrote: </pre> Nathan Michaels 2013-04-29T21:33:34 http://permalink.gmane.org/gmane.comp.security.scapy.general/4814 <pre>Hi, I know that in order to fragment IPv6 packets, you can use fragment6. However, all the examples that I have found are used with the send (layer 3) command. Is this possible to use fragment6 with a layer 2 command, as for example sendp or srp? Is for example to use sthg like sendp(Ether()/frasgment6(...),iface)? Thanks in advance Antonios </pre> Antonios Atlasis 2013-04-29T21:15:49 http://permalink.gmane.org/gmane.comp.security.scapy.general/4813 <pre> Try the scapy/utils.py hexdump function, or perhaps chexdump(), i.e. packets=rdpcap("file.pcap") print chexdump(packets[0]) --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-04-26T14:13:32 http://permalink.gmane.org/gmane.comp.security.scapy.general/4812 <pre> I found a work-around. Here's one way to "fix" the issue - force the linktype to be IPv6: conf.l2types.register(101, IPv6) --------------------------------------------------------------------- To unsubscribe, send a mail to scapy.ml-unsubscribe&lt; at &gt;secdev.org </pre> Bruce Barnett 2013-04-26T14:05:18 http://permalink.gmane.org/gmane.comp.security.scapy.general/4811 <pre>Hello all, I'm new to Scapy and I'm having trouble understanding how to do something that is probably pretty simple. I want to process a pcap file and get the raw packet data into an array of bytes. This is in order to do statistical processing of the bytes to try to look for attacks in a manner similar to a network-based IDS. If anyone has a suggestion I would appreciate it. Thanks, Kevin </pre> Kevin Ross 2013-04-26T04:30:39 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.security.scapy.general