1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
| # scapy
Welcome to Scapy (2.2.0)
>>> a=rdpcap("/root/icmp6.pcap")
>>> a[0]
<Ether dst=33:33:00:00:00:02 src=e4:1f:13:e6:94:78 type=IPv6 |<IPv6 version=6L tc=0L fl=0L plen=8 nh=ICMPv6 hlim=255 src=fe80::e61f:13ff:fee6:9478 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xefb8 res=0 |>>>
>>> a[1]
<Ether dst=33:33:00:00:00:01 src=ec:30:91:e2:4b:00 type=IPv6 |<IPv6 version=6L tc=224L fl=0L plen=64 nh=ICMPv6 hlim=255 src=fe80::ee30:91ff:fee2:4b00 dst=ff02::1 |<ICMPv6ND_RA type=Router Advertisement code=0 cksum=0x21b4 chlim=64 M=0L O=0L H=0L prf=Medium (default) P=0L res=0L routerlifetime=1800 reachabletime=0 retranstimer=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=ec:30:91:e2:4b:00 |<ICMPv6NDOptMTU type=5 len=1 res=0x0 mtu=1500 |<ICMPv6NDOptPrefixInfo type=3 len=4 prefixlen=64 L=1L A=1L R=0L res1=0L validlifetime=0x278d00 preferredlifetime=0x93a80 res2=0x0 prefix=2620:52:0:4257:: |>>>>>>
>>> RA=a[1]
>>> RA[IPv6].dst="fe80::e61f:13ff:fee6:9478"
>>> RA().display
>>> RA[Ether].show()
###[ Ethernet ]###
dst= 33:33:00:00:00:01
src= ec:30:91:e2:4b:00
type= IPv6
###[ IPv6 ]###
version= 6L
tc= 224L
fl= 0L
plen= 64
nh= ICMPv6
hlim= 255
src= fe80::ee30:91ff:fee2:4b00
dst= fe80::e61f:13ff:fee6:9478
###[ ICMPv6 Neighbor Discovery - Router Advertisement ]###
type= Router Advertisement
code= 0
cksum= 0x21b4
chlim= 64
M= 0L
O= 0L
H= 0L
prf= Medium (default)
P= 0L
res= 0L
routerlifetime= 1800
reachabletime= 0
retranstimer= 0
###[ ICMPv6 Neighbor Discovery Option - Source Link-Layer Address ]###
type= 1
len= 1
lladdr= ec:30:91:e2:4b:00
###[ ICMPv6 Neighbor Discovery Option - MTU ]###
type= 5
len= 1
res= 0x0
mtu= 1500
###[ ICMPv6 Neighbor Discovery Option - Prefix Information ]###
type= 3
len= 4
prefixlen= 64
L= 1L
A= 1L
R= 0L
res1= 0L
validlifetime= 0x278d00
preferredlifetime= 0x93a80
res2= 0x0
prefix= 2620:52:0:4257::
>>> RA
<Ether dst=33:33:00:00:00:01 src=ec:30:91:e2:4b:00 type=IPv6 |<IPv6 version=6L tc=224L fl=0L plen=64 nh=ICMPv6 hlim=255 src=fe80::ee30:91ff:fee2:4b00 dst=fe80::e61f:13ff:fee6:9478 |<ICMPv6ND_RA type=Router Advertisement code=0 cksum=0x21b4 chlim=64 M=0L O=0L H=0L prf=Medium (default) P=0L res=0L routerlifetime=1800 reachabletime=0 retranstimer=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=ec:30:91:e2:4b:00 |<ICMPv6NDOptMTU type=5 len=1 res=0x0 mtu=1500 |<ICMPv6NDOptPrefixInfo type=3 len=4 prefixlen=64 L=1L A=1L R=0L res1=0L validlifetime=0x278d00 preferredlifetime=0x93a80 res2=0x0 prefix=2620:52:0:4257:: |>>>>>>
>>> RA[ICMPv6ND_RA].cksum=None
>>> RA
<Ether dst=33:33:00:00:00:01 src=ec:30:91:e2:4b:00 type=IPv6 |<IPv6 version=6L tc=224L fl=0L plen=64 nh=ICMPv6 hlim=255 src=fe80::ee30:91ff:fee2:4b00 dst=fe80::e61f:13ff:fee6:9478 |<ICMPv6ND_RA type=Router Advertisement code=0 cksum=None chlim=64 M=0L O=0L H=0L prf=Medium (default) P=0L res=0L routerlifetime=1800 reachabletime=0 retranstimer=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=ec:30:91:e2:4b:00 |<ICMPv6NDOptMTU type=5 len=1 res=0x0 mtu=1500 |<ICMPv6NDOptPrefixInfo type=3 len=4 prefixlen=64 L=1L A=1L R=0L res1=0L validlifetime=0x278d00 preferredlifetime=0x93a80 res2=0x0 prefix=2620:52:0:4257:: |>>>>>>
>>> RA[Ether].show2()
###[ Ethernet ]###
dst= 33:33:00:00:00:01
src= ec:30:91:e2:4b:00
type= IPv6
###[ IPv6 ]###
version= 6L
tc= 224L
fl= 0L
plen= 64
nh= ICMPv6
hlim= 255
src= fe80::ee30:91ff:fee2:4b00
dst= fe80::e61f:13ff:fee6:9478
###[ ICMPv6 Neighbor Discovery - Router Advertisement ]###
type= Router Advertisement
code= 0
cksum= 0x94b8
chlim= 64
M= 0L
O= 0L
H= 0L
prf= Medium (default)
P= 0L
res= 0L
routerlifetime= 1800
reachabletime= 0
retranstimer= 0
###[ ICMPv6 Neighbor Discovery Option - Source Link-Layer Address ]###
type= 1
len= 1
lladdr= ec:30:91:e2:4b:00
###[ ICMPv6 Neighbor Discovery Option - MTU ]###
type= 5
len= 1
res= 0x0
mtu= 1500
###[ ICMPv6 Neighbor Discovery Option - Prefix Information ]###
type= 3
len= 4
prefixlen= 64
L= 1L
A= 1L
R= 0L
res1= 0L
validlifetime= 0x278d00
preferredlifetime= 0x93a80
res2= 0x0
prefix= 2620:52:0:4257::
>>> sendp(RA, loop=1)
>>> lsc()
sr : Send and receive packets at layer 3
sr1 : Send packets at layer 3 and return only the first answer
srp : Send and receive packets at layer 2
srp1 : Send and receive packets at layer 2 and return only the first answer
srloop : Send a packet at layer 3 in loop and print the answer each time
srploop : Send a packet at layer 2 in loop and print the answer each time
sniff : Sniff packets
p0f : Passive OS fingerprinting: which OS emitted this TCP SYN ?
arpcachepoison : Poison target's cache with (your MAC,victim's IP) couple
send : Send packets at layer 3
sendp : Send packets at layer 2
traceroute : Instant TCP traceroute
arping : Send ARP who-has requests to determine which hosts are up
ls : List available layers, or infos on a given layer
lsc : List user commands
queso : Queso OS fingerprinting
nmap_fp : nmap fingerprinting
report_ports : portscan a target and output a LaTeX table
dyndns_add : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del : Send a DNS delete message to a nameserver for "name"
[...]
|
Load contrib
1
2
3
4
5
6
| >>> list_contrib('lacp')
lacp : Link Aggregation Control Protocol (LACP) status=loads
>>> load_contrib('lacp')
>>> ls(LACP)
version : ByteField = (1)
...
|
Choose interface
1
| >>> sendp(Ether()/IP(dst="1.2.3.4",ttl=(1,4)), iface="eth1")
|
Reference:
http://www.secdev.org/projects/scapy/doc/usage.html
http://itgeekchronicles.co.uk/category/security/scapy/
http://blog.sina.com.cn/s/blog_4b5039210100f43h.html
Author
Hangbin Liu
LastMod
2018-12-13
(1672b97)