Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sending a packet over physical loopback in scapy

Tags:

python

linux

networking

scapy

I've recently discovered Scapy & it looks wonderful

I'm trying to look at simple traffic over a physical loopback module / stub on my NIC.

But Scapy sniff doesn't give anything

What I'm doing to send a packet is:

payload = 'data'*10
snf = sniff(filter="icmp", iface="eth0")
for x in xrange(1, 10):
  sendp(Ether(dst=src_mac, src=spoof_src_mac)/IP(dst=dst_ip, src=spoof_src_ip)/ICMP()/payload, iface=ifname)

f.open('scapylog.log', 'w')
f.write(str(snf))

with src_mac = my mac address & dsp_ip my ip address. the "spoof" fields are just random (valid) mac & ip values.

The resulting sniff / logfile is empty. nothing to report

I can see that traffic is going in the network through the ifconfig stats of the interfaces that increment each time I call this script - so traffic is flowing...

If someone has an idea why I'm not seeing my traffic I'd be happy to hear :)

Thanks!

like image 716
YNWA Avatar asked Dec 15 '16 14:12

YNWA

1 Answers

Just stumbled across your question while looking for a similar solution myself. I found this on the Scapy Troubleshooting page:

The loopback interface is a very special interface. Packets going through it are not really assembled and dissassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.

In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):

>>> conf.L3socket
<class __main__.L3PacketSocket at 0xb7bdf5fc>
>>> conf.L3socket=L3RawSocket
>>> sr1(IP(dst="127.0.0.1")/ICMP())
<IP  version=4L ihl=5L tos=0x0 len=28 id=40953 flags= frag=0L ttl=64 proto=ICMP chksum=0xdce5 src=127.0.0.1 dst=127.0.0.1 options='' |<ICMP  type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>
like image 197
Kyle Avatar answered Oct 21 '22 19:10

Kyle
Sign in to Comment

Related questions

UnicodeEncodeError in python3
Confusion Matrix for 10-fold cross validation in scikit learn
Pygame Import Error: cannot import name _camera while accessing webcamera
Datastax Python cassandra driver build fails on Ubuntu
mkvirtualenv ImportError: No module named stevedore
Is directly accessing class attribute faster than getting the value via a getter function?
ProgrammingError: can't adapt type 'set'
How to predict input image with trained model in Keras?
Handling empty case with tuple filtering and unpacking
How to convert an xarray dataset to pandas dataframes inside a dask dataframe
HEAD method not allowed after upgrading to django-rest-framework 3.5.3
Using decorator from base class both in base class and derived class
Check if my application runs in development/editable mode
What is the meaning of 'cp3xm' and 'cp2xm' in the name of Python wheels?
numpy: broadcast multiplication over one common axis of two 2d arrays
Python Dask - dataframe.map_partitions() return value
Using RedShift as an additional Django Database
Spyder console turn off interactive matplotlib plotting
loop over a batch script that does not terminate
Installing pip in Pycharm 2016.3

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!