Scribd Logo
Upload

Welcome to Scribd!

  • Sniffing Spoofing

    Uploaded by

    Josiah Marcano
    22 views8 pages
    Scapy is a Python program that allows users to send, sniff, and forge network packets. It can be used to build tools for probing, scanning, or attacking networks. Scapy can easily handle tasks like scanning, tracing routes, probing, and attacking networks. It can also perform packet sniffing and spoofing. To sniff packets, Scapy captures packets using a callback function to print packet information. To spoof packets, Scapy constructs packet headers and payloads and sends the forged packets on the wire.

    Original Description:

    Sniffing Spoofing Lab

    Original Title

    sniffing_spoofing

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Scapy is a Python program that allows users to send, sniff, and forge network packets. It can be used to build tools for probing, scanning, or attacking networks. Scapy can easily handle tasks like scanning, tracing routes, probing, and attacking networks. It can also perform packet sniffing and spoofing. To sniff packets, Scapy captures packets using a callback function to print packet information. To spoof packets, Scapy constructs packet headers and payloads and sends the forged packets on the wire.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views8 pages

    Sniffing Spoofing

    Uploaded by

    Josiah Marcano
    Scapy is a Python program that allows users to send, sniff, and forge network packets. It can be used to build tools for probing, scanning, or attacking networks. Scapy can easily handle tasks like scanning, tracing routes, probing, and attacking networks. It can also perform packet sniffing and spoofing. To sniff packets, Scapy captures packets using a callback function to print packet information. To spoof packets, Scapy constructs packet headers and payloads and sends the forged packets on the wire.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    SNIFFING and SPOOFING

    SCAPY(https://scapy.readthedocs.io/en/latest/introduction.html)

    ❖ Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets.

    ❖ This capability allows construction of tools that can probe, scan or attack networks.

    ❖ Scapy is a powerful interactive packet manipulation program.

    ❖ It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them,
    match requests and replies, and much more.

    ❖ Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or
    network discovery.

    ❖ It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.

    ❖ Scapy also performs very well on a lot of other specific tasks that most other tools can’t handle, like
    sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP
    cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

    Simple Example

    ❖ To use Scapy, we can write a Python Program, then execute the Program using Python.

    ❖ We should run Python using root privilege because the privilege is required for spoofing packets

    FIG 1: EXAMPLE PROGRAM


    In the first line, we import all Scapy’s modules.
    1
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    FIG 2
    ❖ FIG2 shows the output when the code in FIG 1 is run.

    2
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    Interactive Mode
    ❖ Python also allows us to get into interactive mode as shown below

    ❖ Then run our program one line at a time at the Python prompt

    ❖ This is convenient if we want to change our code frequently.

    FIG3: INTERACTIVE MODE

    3
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    Packet Sniffing

    ❖ Writing a sniffer using Scapy only takes a few lines

    ❖ A simple sniffer program is shown below

    FIG 4:SNIFF.PY(1)

    ❖ The above program invokes sniff () to start capturing packets (Line 2)

    ❖ For each packet captured, the call back function print_pkt () will be invoked

    ❖ The function defined in 1 will print out some information about the packet

    ❖ The program is run with root privilege

    4
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    ❖ From any other machine, ping the machine which has the program sniff.py

    ❖ Then run sniff.py

    ❖ The bottom half of the composite diagram below shows sniff.py capturing packets and printing
    characteristics defined in the program.

    FIG 5: SNIFF.PY(2)
    ❖ When invoking sniff (), we can set a filter to specify the type of packets that need to be captured.

    Spoofing ICMP Packets.

    ❖ To spoof a packet, we first create the headers at different layers, and then stack them together to form a
    complete packet

    ❖ The fields that are not set by us either use a default value or will be calculated by Scapy

    5
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    ❖ We will now spoof an ICMP echo request packet

    1
    2
    3
    4

    FIG 6: SPOOF.PY
    ❖ Line 1 creates an IP object from the IP class; a class attribute being defined for each IP field

    ❖ In our code we set the source and destination IP addresses in the IP header

    ❖ For the other header fields, default values will be used. We can print values using the show () method

    ❖ Line 2 creates an ICMP object. The default ICMP type is echo request

    ❖ In Line 3, we stack two header objects ip and icmp together to form a new object

    ❖ The / operator is overridden by the IP class, so it no longer represents division

    ❖ It now means adding the icmp object as the payload of the ip and modifying the fields of ip
    accordingly

    ❖ We can now send out this packet using send. Line 4

    WIRESHARK CAPTURING PACKETS OF ICMP


    SPOOF.PY

    FIG 7
    6
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    Spoofing UDP Packets


    ❖ Spoofing UDP packets is quite similar to spoofing ICMP packets

    ❖ We need to set the source and destination ports in the UDP header and also add a payload to the packet

    FIG 8: UDP SPOOF.PY


    ❖ In the code above, we create the individual part of the udp packet, including an IP object, a UDP object,

    and a payload(string)

    ❖ When they are stacked together, they form a complete packet, and is sent out using send ()

    ❖ If we run a UDP server on the destination machine 10.0.2.15 (yours will be different),

    “using nc -luv 9090” we should be able to get the “Hello UDP!” message (the data) on the server

    7
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)
    SNIFFING and SPOOFING

    FIG 9:UDP_SPOOF.PY & nc -luv 9090


    ❖ The top part of FIG 9 shows the output of udp_spoof.py
    ❖ It shows the source address (spoofed) and destination (server) address
    ❖ The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP.
    ❖ -l Used to specify that nc should listen for an incoming connection rather than initiate a connection to a
    remote host.
    ❖ -u Use UDP instead of the default option of TCP.
    ❖ -v Have nc give more verbose output.

    8
    Reference: Computer & Internet Security. A Hands-on Approach. (Wenliang Du)

    You might also like