User Tools

Site Tools


scapy-usage-examples

This is an old revision of the document!



Warning: Declaration of syntax_plugin_wrap_div::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line 43

Warning: Declaration of syntax_plugin_wrap_div::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line 81

Warning: Declaration of syntax_plugin_wrap_closesection::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line 23

Warning: Declaration of syntax_plugin_wrap_closesection::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line 29

Warning: Declaration of syntax_plugin_wrap_span::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line 43

Warning: Declaration of syntax_plugin_wrap_span::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line 63

Warning: Declaration of syntax_plugin_gallery::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line 51

Warning: Declaration of syntax_plugin_gallery::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line 147

Warning: Declaration of syntax_plugin_vshare::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line 47

Warning: Declaration of syntax_plugin_vshare::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line 107

Warning: preg_match(): Compilation failed: invalid range in character class at offset 3444 in /var/www/kucjica/emperors-wiki/inc/parser/lexer.php on line 118
A PCRE internal error occured. This might be caused by a faulty plugin

====== Scapy interactive tutorial ====== [[http://www.secdev.org/projects/scapy/|Scapy, an interactive packet manipulation program]] followed the tutorial, did not get further from generating packets; scapy got stuck when trying to read a pcap file that was written by aircrack ====== how to ====== * write and read a .pcap file ([[http://wikihead.wordpress.com/tag/scapy/]]): <code python> >>> pkts=sniff(count=10) >>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file >>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets >>> for pkt in pkts: ... print pkt </code> returns a dump like this: <code python> ... .H? ??????????n??n????d UPC00803????$0Hl */0???? 2 `? ??P?P?P?P?P? ?P???'?BC^b2/ .H? ??????????{v ?{v `???dNETGEAR???? P? .H? ???8?3?? .H? ?????????ia|?ia|?0/j?Q?d UPC01185????$0Hl */0???? 2 `? ??P?P?P?P?P? ?P???'?BC^b2/ .H0? ???L?%EY .H? ???8?3?? .H? ???8?3?? ?3?? ??EW/?@@?o?gJ}O??@\?? -j??- ?qK?????k??o??!??????RAu .H0? ???L?%EY .H? ??? ??? </code> ====== examples ====== * [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]] works great, extracts MAC addresses and ESSIDs found in a pcap file. downloaded this script by Tim Medin; run it like this: <code>./APNameFromPcap.py -f [a .pcap file] | sort -u</code> returns a list like this: <code> 00:--:--:--:--:-- Alexxa 00:--:--:--:--:-- NETGEAR 00:--:--:--:--:-- UPC008034 00:--:--:--:--:-- UPC011853 00:--:--:--:--:-- UPC019652 00:--:--:--:--:-- bobi13 bc:--:--:--:--:-- ASUS_lgdp </code> * ping all online IPs; with timeout <code> #!/usr/bin/python from scapy.all import * TIMEOUT = 2 conf.verb = 0 for ip in range(0, 256): packet = IP(dst="192.168.1." + str(ip), ttl=20)/ICMP() reply = sr1(packet, timeout=TIMEOUT) if not (reply is None): print reply.src, "is online" else: print "Timeout waiting for %s" % packet[IP].src </code> (doesn't really continue once it reaches my own IP) * [[http://samsclass.info/124/proj11/123-P14x-promscan.html|Detecting Promiscuous NICs with scapy]] fun exercise, tried it with 2 wifi cards

scapy-usage-examples.1344008017.txt.gz · Last modified: 2012/08/03 15:33 by 94.245.224.234