guillaume!valadon! ripe!70!3!may,!14!2015! · in [41: out[41: query reply sri (query) received 22...
TRANSCRIPT
![Page 1: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/1.jpg)
Scapy, a packet manipula0on tool
Guillaume Valadon RIPE 70 -‐ May, 14 2015
![Page 2: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/2.jpg)
What is Scapy ?
• fast packet manipulaAon in Python – send, receive, inject, save, modify, ...
• default values that work • hidden tricks: checksum computaAons, interface selecAon, ...
• developped by Philippe Biondi since 2003 • maintained by Pierre Lalet and Guillaume Valadon since 2013
![Page 3: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/3.jpg)
Scapy as a command line tool
![Page 4: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/4.jpg)
Packet built layer by layer (Ether, IP, TCP, ...) using the slash operator, such as:
![Page 5: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/5.jpg)
Scapy matches queries and replies:
![Page 6: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/6.jpg)
Some useful funcAons, for example:
![Page 7: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/7.jpg)
Scapy as a Python module
![Page 8: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/8.jpg)
A simple ping6 with Scapy:
![Page 9: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/9.jpg)
Supported protocols
• IP, IPv6, UDP, TCP, ICMP, ICMPv6, ... • DNS/DNSSEC, SNMP, DHCP, DHCPv6, HSRP, ... • RIP, BGP, Mobile IPv6, ...
• contribuAons: OpenFlow, MPLS, HomePlug AV, ..
![Page 10: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/10.jpg)
Adding a new protocol
![Page 11: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/11.jpg)
Let's add a new protocol on top of Ethernet:
![Page 12: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/12.jpg)
More features are available
• answering machines • automaAon • ...
![Page 13: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/13.jpg)
![Page 14: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/14.jpg)
![Page 15: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/15.jpg)
Where ?
• Scapy works on Linux, *BSD, MAC OS X – the Windows port does not work anymore
• stable version: 2.3.1 – pip, arch, and gentoo
• development version on bitbucket: – hg clone hbps://bitbucket.org/secdev/scapy/
![Page 16: Guillaume!Valadon! RIPE!70!3!May,!14!2015! · In [41: out[41: query reply srI (query) Received 22 packets got I answers Begin ion Finished to send I packets. remaining O packets](https://reader033.vdocuments.net/reader033/viewer/2022041500/5e215e0e1d94b152c81d1977/html5/thumbnails/16.jpg)
How can you help ?
• tell that you use Scapy • report issues on Bitbucket • share your protocols • invite use to give tutorials