1. Date of delivery: Supervisor:
00-00-2011 Morten Bo Nielsen
School: Group:
Erhvervsakademiet Lillebælt Victor
1st semester IT Networking Flaviu
Lucian
2. Table of Contents
Introduction..........................................................................................................................................1
System overview..................................................................................................................................2
Basic overview.................................................................................................................................2
Creating-sending-sniffing schematics..............................................................................................3
Packet crafting......................................................................................................................................4
Sending, receving and sniffing.............................................................................................................5
Conclusion............................................................................................................................................8
3. Networking Scapy – Communication on Layer 2
Introduction
The purpose of this exercise is to make our PCs communicate on the
second layer (Data-Link). For this, the manual creation of a ethernet
package, sending it, receiveing it and sniffing it, was required. Also, the
only programs used must be Scapy and eventually Wireshark.
1
4. Networking Scapy – Communication on Layer 2
System overview
Basic overview
The two pc's that are part of this exercise are sharing the same subnet, as we can se in the
picture above.
2
5. Networking Scapy – Communication on Layer 2
Creating-sending-sniffing schematics
The diagram bellow explains for itself the main operations in this exercise – creating,
sending and sniffing packets.
Details for each operations can be found in the next pages.
3
6. Networking Scapy – Communication on Layer 2
Packet crafting
This is how an ethernet packet looks like :
When manually building an ethernet package we should consider adding those elements
manually, like in the picture bellow:
– a is a variable which we've made it into an ethernet frame
– a.src represents the source mac address , in this case Victors'
– a.dst represents the destination macc address, in this case Flavius'
– a.type represents the ethertype, in this case being 0x8088 due to a common class decision
– data is the data we want to send, in this case the "blablabla" text
– b is another variable in which we join our initial variable (a) with the data we want to send
4
7. Networking Scapy – Communication on Layer 2
Sending, receving and sniffing
To send a package the sendp command is required, with the following parameters:
– b : the packet we want to send
– count : how many times we want to send that packet
– iface : this is how to specifiy through which interface the packet should be sent – by default
it's eth0
To locate the sent packages we use the sniff command, which does as it says, it "sniffs", as
we can see in the following picture:
The parameters used are :
– count : this will make it sniff the last X packages that are being sent or received, in this case
20
– prn : is the print function, it will print what it will sniff like in the picture
– x:x.summary(): is a scapy function that together with the prn parameters prints in a
predefined format
5
8. Networking Scapy – Communication on Layer 2
When using the lambda x:x.show() function instead of lambda x:x.summary(), the result
looks like in the picture bellow :
As we can see, the manually added data ("blablabla" – see page4) is is named "load", under
the Raw section of the packet.
The same thing we can see in wireshark :
By filtering using the destination mac address, we can easily spot the sent packages, source
and destination mac addresses and the data, in this case "blablabla" (highlighted in the bottom-right
of the picture).
6
9. Networking Scapy – Communication on Layer 2
In order to print the content of the packets we can use two methods. One may be with
creating a python script, like the one in the picture bellow.
The output for the script will look like the picture bellow :
The other method is through the lfilter parameter of the sniff command.
The whole command is :
sniff(prn=lambda x: "from %s : %s" %(x.src, x['Raw'].load), lfilter=lambda x:
x.haslayer(Ether) and x.fields['type'] == 0x8088)
A lambda function was used to filter the sniffed packet, so that it will print only the packets
with an Ether layer (haslayer(Ether)) and with the 0x8088 data type.
7
10. Networking Scapy – Communication on Layer 2
Conclusion
Scapy is a very powerfull packet-manipulation tool, and with its help
we have demonstrated that almost any kind of data can be inserted into an
ethernet packet. In this case we have inserted a simple string("blablabla").
For larger chunks of data, it is required to "chop" the data into smaller
pieces that could fit into a packet.
8