[*] -
SecureInfo.eu,
/Network/Scapy.md
/Network/Scapy.md /Network/Scapy.mdAuthor: contact@secureinfo.eu Related: http://scapy.net Last update: Fri Oct 04, 2019
ans, unans = traceroute("4.2.2.1",l4=UDP(sport=RandShort())/DNS(qd=DNSQR(qname="thesprawl.org")))ans.graph()
ans.trace3D()ans, unans = traceroute("4.2.2.1",l4=UDP(sport=RandShort())/DNS(qd=DNSQR(qname="thesprawl.org")))
conf.geoip_city = "path/to/GeoLite2-City.mmdb"
ans.world_trace()found_indexes = []
for pkt in rdpcap("capture-ftp.pcap"):
if pkt.type == 2048: # IPv4
if pkt.haslayer(TCP):
if pkt[TCP].flags.U:
found_indexes.append( buff.index(pkt) )
print("URG detected @" + str(found_index))
buff[ found_indexes[0] ].show()So, the TCP/IP packet with URG flags enabled is shown :
###[ Ethernet ]###
dst= 00:26:6c:26:d9:9e
src= 00:16:b9:cb:ca:ac
type= IPv4
###[ IP ]###
version= 4
ihl= 5
tos= 0x2
len= 53
id= 0
flags= DF
frag= 0
ttl= 128
proto= tcp
chksum= 0x26ba
src= 192.168.0.64
dst= 212.27.63.3
\options\
###[ TCP ]###
sport= 53946
dport= ftp
seq= 1150568292
ack= 3385024164
dataofs= 8
reserved= 0
flags= PAU
window= 2048
chksum= 0x91e2
urgptr= 1
options= [('NOP', None), ('NOP', None), ('Timestamp', (150588279, 1703368064))]
###[ Raw ]###
load= '\xf2'
pkt_hex = Ether(import_hexcap())
0000 00 50 56 9E 7B F9 00 50 56 9E 7B FB 81 00 01 85 .PV.{..PV.{.....
0010 86 DD 60 00 00 00 00 40 3A 40 20 02 C0 00 02 03 ..`....@:@ .....
0020 00 00 00 00 00 00 00 00 73 31 20 02 C0 00 02 03 ........s1 .....
0030 00 00 00 00 00 00 00 00 DE AD 80 00 0A F0 07 92 ................
0040 00 01 14 6D A4 51 00 00 00 00 D0 20 03 00 00 00 ...m.Q..... ....
0050 00 00 2D 4D 45 2E 4F 52 47 20 52 4F 4F 54 2D 4D ..-ME.ORG ROOT-M
0060 45 2E 4F 52 47 20 52 4F 4F 54 2D 4D 45 2E 4F 52 E.ORG ROOT-ME.OR
0070 47 20 52 4F 4F 54 2D 4D 45 2E 00 50 56 9E 7B F7 G ROOT-ME..PV.{.
0080 00 50 56 9E 7B F9 81 00 01 86 86 DD 60 00 00 00 .PV.{.......`...
0090 00 40 3A 40 20 02 C0 00 02 03 00 00 00 00 00 00 .@:@ ...........
00a0 00 00 B0 0B 20 02 C0 00 02 03 00 00 00 00 00 00 .... ...........
00b0 00 00 FA DA 80 00 0A F0 07 92 00 01 14 6D A4 51 .............m.Q
00c0 00 00 00 00 D0 20 03 00 00 00 00 00 2D 4D 45 2E ..... ......-ME.
00d0 4F 52 47 20 52 4F 4F 54 2D 4D 45 2E 4F 52 47 20 ORG ROOT-ME.ORG
00e0 52 4F 4F 54 2D 4D 45 2E 4F 52 47 20 52 4F 4F 54 ROOT-ME.ORG ROOT
00f0 2D 4D 45 2E 00 50 56 9E 7B FE 00 50 56 9E 7B F7 -ME..PV.{..PV.{.
0100 81 00 01 86 86 DD 60 00 00 00 00 40 3A 40 20 02 ......`....@:@ .
0110 C0 00 02 03 00 00 00 00 00 00 00 00 73 31 20 02 ............s1 .
0120 C0 00 02 03 00 00 00 00 00 00 00 00 B0 0B 80 00 ................
0130 C7 60 07 95 00 01 90 6D A4 51 00 00 00 00 8F AC .`.....m.Q......
0140 0B 00 00 00 00 00 2D 4D 45 2E 4F 52 47 20 52 4F ......-ME.ORG RO
0150 4F 54 2D 4D 45 2E 4F 52 47 20 52 4F 4F 54 2D 4D OT-ME.ORG ROOT-M
0160 45 2E 4F 52 47 20 52 4F 4F 54 2D 4D 45 2E E.ORG ROOT-ME.
>>> pkt_hex
<Ether dst=00:50:56:9e:7b:f9 src=00:50:56:9e:7b:fb type=VLAN |
<Ether dst=00:50:56:9e:7b:f9 src=00:50:56:9e:7b:fb type=VLAN
|
<Dot1Q prio=0 id=0 vlan=389 type=IPv6
|
<IPv6 version=6 tc=0 fl=0 plen=64 nh=ICMPv6 hlim=64 src=2002:c000:203::7331 6to4 GW: 192.0.2.3] dst=2002:c000:203::dead [6to4 GW: 192.0.2.3]
|
<ICMPv6EchoRequest type=Echo Request code=0 cksum=0xaf0 id=0x792 seq=0x1 data='\x14m\xa4Q\x00\x00\x00\x00\xd0 \x03\x00\x00\x00\x00\x00-ME.ORG ROOT-ME.ORG ROOT-ME.ORG ROOT-ME.'
|
<Padding load='\x00PV\x9e{\xf7\x00PV\x9e{\xf9\x81\x00\x01\x86\x86\xdd`\x00\x00\x00\x00@:@ \x02\xc0\x00\x02\x03\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x0b \x02\xc0\x00\x02\x03\x00\x00\x00\x00\x00\x00\x00\x00\xfa\xda\x80\x00\n\xf0\x07\x92\x00\x01\x14m\xa4Q\x00\x00\x00\x00\xd0 \x03\x00\x00\x00\x00\x00-ME.ORG ROOT-ME.ORG ROOT-ME.ORG ROOT-ME.\x00PV\x9e{\xfe\x00PV\x9e{\xf7\x81\x00\x01\x86\x86\xdd`\x00\x00\x00\x00@:@ \x02\xc0\x00\x02\x03\x00\x00\x00\x00\x00\x00\x00\x00s1 \x02\xc0\x00\x02\x03\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x0b\x80\x00\xc7`\x07\x95\x00\x01\x90m\xa4Q\x00\x00\x00\x00\x8f\xac\x0b\x00\x00\x00\x00\x00-ME.ORG ROOT-ME.ORG ROOT-ME.ORG ROOT-ME.'
|>>>>>