Python: Ubuntu11.04 : packet capture w/ python-pcapy n’python-impacket

Here's an example of python script which capture packets on live

# apt-get install python-pcapy python-impcaket

find all devices. pcapy.findalldevs()

>>> import pcapy >>> devices = pcapy.findalldevs() >>> print devices ['eth0', 'br0', 'virbr0', 'usbmon1', 'eth2', 'usbmon2', 'usbmon3', 'usbmon4', 'usbmon5', 'usbmon6', 'usbmon7', 'usbmon8', 'usbmon9', 'any', 'lo'] >>> >>> pcapy.findalldevs()[0] 'eth0' >>> pcapy.findalldevs()[1] 'br0' >>> br0 = pcapy.findalldevs()[1] >>> br0 'br0' >>> >>> max_bytes = 1024 >>> promiscous = False >>> read_timeout = 100

capture.py

# cat capture.py #!/usr/bin/env python import pcapy import impacket.ImpactDecoder pcapy.findalldevs() br0 = pcapy.findalldevs()[1] max_bytes = 1024 promiscous = False read_timeout = 100 # millisecond pc = pcapy.open_live(br0,max_bytes,promiscous,read_timeout) pc.setfilter('udp') # caputre udp packe def recv_packets(hdr, data):        packet = impacket.ImpactDecoder.EthDecoder().decode(data)        print packet max_packets = -1 # -1 means no limit pc.loop(-1, recv_packets)

capture UDP packets on br0 port.

# ./capture.py Ether: 0:26:55:e1:e8:3a -> ff:ff:ff:ff:ff:ff IP 192.168.10.14 -> 255.255.255.255 UDP 17500 -> 17500 7b22 686f 7374 5f69 6e74 223a 2035 3734 {"host_int": 574 3139 3135 382c 2022 7665 7273 696f 6e22 19158, "version" 3a20 5b31 2c20 385d 2c20 2264 6973 706c : [1, 8], "displ 6179 6e61 6d65 223a 2022 3537 3431 3931 ayname": "574191 3538 222c 2022 706f 7274 223a 2031 3735 58", "port": 175 3030 2c20 226e 616d 6573 7061 6365 7322 00, "namespaces" 3a20 5b34 3439 3134 3730 332c 2032 3931 : [44914703, 291 3136 3130 372c 2034 3439 3134 3734 322c 16107, 44914742, 2034 3232 3332 3933 355d 7d            42232935]} Ether: 0:26:55:e1:e8:3a -> ff:ff:ff:ff:ff:ff IP 192.168.10.14 -> 192.168.10.255 UDP 17500 -> 17500 7b22 686f 7374 5f69 6e74 223a 2035 3734 {"host_int": 574 3139 3135 382c 2022 7665 7273 696f 6e22 19158, "version" 3a20 5b31 2c20 385d 2c20 2264 6973 706c : [1, 8], "displ 6179 6e61 6d65 223a 2022 3537 3431 3931 ayname": "574191 3538 222c 2022 706f 7274 223a 2031 3735 58", "port": 175 3030 2c20 226e 616d 6573 7061 6365 7322 00, "namespaces" 3a20 5b34 3439 3134 3730 332c 2032 3931 : [44914703, 291 3136 3130 372c 2034 3439 3134 3734 322c 16107, 44914742, 2034 3232 3332 3933 355d 7d              42232935]}

HP iLO2 : how to upgrade to a new iLO2 firmware. ( upgrade to 2.05 from 2.01 )

Here are procedures for the upgrade of iLO firmware.

download scexe file extract bin file rom scexe file ( bin file is used for the upgrade ) upload bin file via iLO GUI

[ Step by step logs I did ]

1. download an iLO firmware from HP site. (http://www.hp.com/support/ilo2 )

I got CP014270.scexe ( ver. 2.05 ) of RHEL5 64bit ver.

Note that download the proper OS’s scexe file so that you can extract bin file from scexe successfully.

I’m currently using ver 2.01.

you can confirm current firmware version you’re using , iLO GUI -> Administration -> iLO2 Firmware

Current Firmware:

2.01 08/04/2010

2. check md5 sum

# md5sum CP014270.scexe 894ac5ed3c2a4416bb0c414c1eeb2e6c  CP014270.scexe

3. unpack scexe n’ extract bin file from scexe on RHEL5 64bit

ilo2 firmware will be extracted iLO_bin directory.

unpcack

# sh CP014270.scexe --unpack=iLO_bin CP014270.xml flash_ilo2 ilo2_205J.bin   README.TXT

Four files will be unpacked under iLO_bin directory.

ilo2_205J.bin is used for the upgrade.

# ls iLO_bin/* iLO_bin/CP014270.xml  iLO_bin/flash_ilo2 iLO_bin/README.TXT    iLO_bin/ilo2_205J.bin

4. download bin file to local windows machine via scp or something.

5. upload bin file through iLO GUI ( I’m using IE for uploading firmware )

- extract scsexe file on RHEL5 64bit

- download bin file to Win 7 machine from RHEL5 64bit machine.

- access to iLO GUI via IE on Win 7

- upload/upgrade firmware via IE on Win 7

iLO GUI -> Administration -> iLO2 Firmware -> New firmware image

select a bin file n’ click “Send firmware Image” button.

get things done ! Firmware version turns new version 2.05 !

Python: python-dpkt : send an ICMP echo packet w/ python-dpkt

I am a newbie to python script.

just follow instructions.

http://jon.oberheide.org/blog/2008/08/25/dpkt-tutorial-1-icmp-echo/

Many thx XD

OS : BackTrack Linux 5 ( installed python-dpkt )

1. send an ICMP echo packet w/ python-dpkt

This tutorial is very useful for me to study python.

root@bt:~# less /usr/share/pyshared/dpkt/icmp.py

imcp.py

class ICMP(dpkt.Packet):    __hdr__ = (        ('type', 'B', 8),        ('code', 'B', 0),        ('sum', 'H', 0)        )    class Echo(dpkt.Packet):        __hdr__ = (('id', 'H', 0), ('seq', 'H', 0))

>>> dir(dpkt.icmp.ICMP.Echo) ['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__getitem__', '__hash__', '__hdr__', '__hdr_defaults__', '__hdr_fields__', '__hdr_fmt__', '__hdr_len__', '__init__', '__len__', '__metaclass__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__slots__', '__str__', '__subclasshook__', '__weakref__', 'data', 'id', 'pack', 'pack_hdr', 'seq', 'unpack']

create echo payload

>>> import dpkt >>> echo = dpkt.icmp.ICMP.Echo() >>> print `echo` Echo()

Echo payloads:

id : 16bit int ( ‘H’) : default 0   ('id', 'H', 0)

seq : 16bit int (‘H’) : default 0   ('seq', 'H', 0)

create id n’ seq # w/ random.randint

>>> import random >>> random.randint(0,0xffff) 23065

create id , seq attributes

>>> import random >>> echo.id = random.randint(0,0xffff) >>> echo.seq = random.randint(0,0xffff) >>> print `echo` Echo(id=46957, seq=51509)

create data attributes

>>> echo.data = 'hello world' >>> >>> print `echo` Echo(id=46957, seq=51509, data='hello world')

create ICMP payload n’ assign its attributes

>>> icmp = dpkt.icmp.ICMP() >>> icmp.type = dpkt.icmp.ICMP_ECHO

link Echo payload to data ICMP attribute

>>> icmp.data = echo >>> >>> print `echo` Echo(id=46957, seq=51509, data='hello world') >>> print `icmp.data` Echo(id=46957, seq=51509, data='hello world') >>> print `icmp` ICMP(data=Echo(id=46957, seq=51509, data='hello world')) >>> import binascii >>> print binascii.hexlify(str(icmp)) 0800e58db76dc93568656c6c6f20776f726c64 >>> print str(icmp) 卷mﾉ5hello world

Next create a socket for ICMP.

>>> s = socket.socket(socket.AF_INET, socket.SOCK_RAW, dpkt.ip.IP_PROTO_ICMP) >>> s.connect(('192.168.10.11',1))

http://docs.python.org/dev/library/socket.html ( ‘bout python socket )

send an ICMP echo to 192.168.10.11

>>> s.send(str(icmp)) 19

Captured on 192.168.10.11

# tshark -i eth2 icmp 102.144392 192.168.10.20 -> 192.168.10.11 ICMP Echo (ping) request 102.144420 192.168.10.11 -> 192.168.10.20 ICMP Echo (ping) reply

root@bt:~/my_works# cat ping.py #!/usr/bin/env python import dpkt,socket,random echo = dpkt.icmp.ICMP.Echo() echo.id = random.randint(0, 0xffff) echo.seq = random.randint(0, 0xffff) echo.data = 'hello world' icmp = dpkt.icmp.ICMP() icmp.type = dpkt.icmp.ICMP_ECHO icmp.data = echo s = socket.socket(socket.AF_INET, socket.SOCK_RAW, dpkt.ip.IP_PROTO_ICMP) s.connect(('192.168.10.11', 1)) sent = s.send(str(icmp)) print 'sent %d bytes' % sent root@bt:~/my_works# python ping.py sent 19 bytes

BackTrack Linux 5: How to use Japanese input method w/ ibus

root@bt:~# apt-get install ibus ibus-anthy root@bt:~# apt-get install kasumi ttf-vlgothic

edit .bashrc

add the following lines.

export GTK_IM_MODULE=ibus export XMODIFIERS=@im=ibus export QT_IM_MODULE=ibus

reboot BT

GUI -> system -> setting -> ibus

add Anthy as input method.

get things done !