python scapy : how to use extension modules

Here's an explanation of how to use scapy extension module , called scapy_ospf.py.

just referred to http://trac.secdev.org/scapy/wiki/OSPF
many thx xD.

# lsb_release -a No LSB modules are available. Distributor ID: LinuxMint Description:    Linux Mint 12 Lisa Release:        12 Codename:       lisa # uname -ri 3.2.0-33-generic x86_64 # python --version Python 2.7.3 # apt-cache policy python-scapy python-scapy:  Installed: 2.2.0-1  Candidate: 2.2.0-1  Version table: *** 2.2.0-1 0        500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages        100 /var/lib/dpkg/status

If you have not installed python-scapy , please install it via apt-get

# apt-get install –y python-scapy

download an extention module , which is called scapy_ospf-v0.92.py , from http://trac.secdev.org/scapy/attachment/ticket/163/scapy_ospf-v0.92.py

# chmod u+x scapy_ospf-v0.92.py

download ospf.cap from http://wiki.wireshark.org/SampleCaptures

# ls ospf.cap  scapy_ospf-v0.92.py

run scapy_ospf-v0.92.py

# ./scapy_ospf-v0.92.py Welcome to Scapy (2.2.0) OSPF extension v0.9.2 >>>

load ospf.cap

>>> cap1=rdpcap("ospf.cap") >>> cap1.nsummary() 0000 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0001 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0002 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0003 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0004 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0005 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello 0006 Ether / 192.168.170.2 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello <snip>

have a look at packet #1.

>>> cap1[1].show() ###[ Ethernet ]###  dst= 01:00:5e:00:00:05  src= 00:e0:18:b1:0c:ad  type= IPv4 ###[ IP ]###     version= 4L     ihl= 5L     tos= 0xc0     len= 64     id= 2067     flags=     frag= 0L     ttl= 1     proto= ospf     chksum= 0x65dc     src= 192.168.170.8     dst= 224.0.0.5     \options\ ###[ OSPF Header ]###        version= 2        type= Hello        len= 44        src= 192.168.170.8        area= 0.0.0.1        chksum= 0x273b        authtype= Null        authdata= 0x0 ###[ OSPF Hello ]###           mask= 255.255.255.0           hellointerval= 10           options= E           prio= 1           deadinterval= 40           router= 192.168.170.8           backup= 0.0.0.0           neighbors= [] >>>

check OSPF header of packet #1.

>>> cap1[1][OSPF_Hdr].command() "OSPF_Hdr(src='192.168.170.8', authtype=0, keyid=None, reserved=None, seq=None, area='0.0.0.1', authdatalen=None, authdata=0, len=44, version=2, chksum=10043, type=1)/OSPF_Hello(hellointerval=10, prio=1, mask='255.255.255.0', deadinterval=40, router='192.168.170.8', backup='0.0.0.0', options=2L)"

make OSPF packets

>>> p=IP()/OSPF_Hdr()/OSPF_LSReq(requests=[OSPF_LSReq_Item()]) >>> p.show() ###[ IP ]###  version= 4  ihl= None  tos= 0x0  len= None  id= 1  flags=  frag= 0  ttl= 64  proto= ospf  chksum= None  src= 127.0.0.1  dst= 127.0.0.1  \options\ ###[ OSPF Header ]###     version= 2     type= LSReq     len= None     src= 1.1.1.1     area= 0.0.0.0     chksum= None     authtype= Null     authdata= 0x0 ###[ OSPF Link State Request (container) ]###        \requests\         |###[ OSPF Link State Request (item) ]###         |  type= router         |  id= 1.1.1.1         |  adrouter= 1.1.1.1

>>> q=IP()/OSPF_Hdr()/OSPF_LSUpd(lsalist=[OSPF_Router_LSA(id='1.1.1.1'), OSPF_Router_LSA(id='2.2.2.2')]) >>> tshark(q) ###[ Ethernet ]###  dst= 00:1b:54:92:fe:1f  src= 68:b5:99:7c:94:38  type= IPv4 ###[ IP ]###     version= 4L     ihl= 5L     tos= 0x0     len= 136     id= 37346     flags= DF     frag= 0L     ttl= 64     proto= tcp     chksum= 0x3794     src= 172.30.68.75     dst= 10.41.118.103     \options\ ###[ TCP ]###        sport= ssh        dport= 56938        seq= 3269663846        ack= 3358998394        dataofs= 5L        reserved= 0L        flags= PA        window= 193        chksum= 0x7174        urgptr= 0        options= [] ###[ Raw ]###           load= '\xd1\xf7\xdf\xe9]\x80\xc7\xf4Go\xa66E\xc0\xc2\x96|\x9c#\xd8\xdd\xab\xc4>\x0c\xf3\xe0\xfcIx\xfa\x96\x80\xdb\xa1?P\x1d\xe9\x16\x9f(% #<\xf3\xe3\xef\x0f\xb6\x04\x99\xcfG$\x11\xb4\x86\x99\xab\x0fx\xb5\x9b\xd9=\xe4\xfb\x85H\xb5\x9cHJ\x17\xcd\x89\x8fMED\xb3]\x123ah7\xc1>\xaf\x08j\xa43' Traceback (most recent call last):  File "<console>", line 1, in <module>  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 602, in tshark    sniff(prn=lambda x: x.display(),*args,**kargs)  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 591, in sniff    if count > 0 and c >= count:  File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 667, in __gt__    raise TypeError((self, other)) TypeError: (<IP  proto=ospf |<OSPF_Hdr  type=LSUpd |<OSPF_LSUpd  lsalist=[<OSPF_Router_LSA  id=1.1.1.1 |>, <OSPF_Router_LSA  id=2.2.2.2 |>] |>>>, 0) >>>

how to check what kind of methods you can you.

>>> lsc() arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple arping              : Send ARP who-has requests to determine which hosts are up bind_layers         : Bind 2 layers on some specific fields' values <snip>

>>> ls() ARP        : ARP ASN1_Packet : None BOOTP      : BOOTP CookedLinux : cooked linux DHCP       : DHCP options DHCP6      : DHCPv6 Generic Message) <snip>

>>> ls(OSPF_Hdr) version    : ByteField            = (2) type       : ByteEnumField        = (1) len        : ShortField           = (None) src        : IPField              = ('1.1.1.1') area       : IPField              = ('0.0.0.0') chksum     : XShortField          = (None) authtype   : ShortEnumField       = (0) authdata   : ConditionalField     = (0) reserved   : ConditionalField     = (0) keyid      : ConditionalField     = (1) authdatalen : ConditionalField     = (0) seq        : ConditionalField     = (0)