Send hand-crafted Ethernet Frames in Python (ARP for example)

Tonight I decided to send ARP flood over the wireless link to find who is using it. This is a strange thing .. ok but it works pretty fine and quickly ..

First step is to build the custom packet.. I tested several suffs and i decided to keep the dpkt package. It support a large subset of packets and is easy to use. (Nobody for a MSN parser ?:)

The next step is to send and wait for answers. This has been a bit harder, meanly because I spent a long time looking how to send Ethernet Frames (not IP packets).
In other words, how RAW sockets works in python.

Here a small answer.

soc = socket.socket(socket.PF_PACKET, socket.SOCK_RAW) #create the raw-socket
soc.bind(("ath0",0x0806)) # ether type for ARP

soc.send(handly_crafted_packet)
data = soc.receive(1024)
...

If you want a full example, checkout the arp-flood script I wrote.

Tags: ,

Related posts :

admin June 7th, 2005


10 Responses to “Send hand-crafted Ethernet Frames in Python (ARP for example)”

  1. # Teroon 07 Jun 2005 at 6:25 pm

    Did you look at scapy? It got some nice shortcuts like sendp() for sending ethernet frames. Very nice tool!

  2. # Jkxon 07 Jun 2005 at 7:50 pm

    Yes, i know scapy but it’s a interactive tool, and i need something that be cron-ed. And second thing, I want to learn how to do that too:)

  3. # Teroon 07 Jun 2005 at 8:17 pm

    For some reason the page shows only interactive sessions but it can be scripted too. I’ve used scapy to automate testing of an IP host for an embedded target, the suite being run under the control of unittest.

  4. # dgramon 08 Oct 2005 at 3:56 pm

    ive been trying to figure out how to send ethernet frames in python for a couple of days now, thanks

  5. # Anonymouson 19 Jul 2006 at 4:57 pm

    Hi,

    I am trying to run ur full code but i m getting following error……

    Plz reply me on madhurnamdev@huawei.com

    C:DOCUME~1M71323Desktop>python pac.py

    Traceback (most recent call last):

      File “pac.py”, line 70, in ?

        s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)

    AttributeError: ‘module’ object has no attribute ‘PF_PACKET’

  6. # Jkxon 20 Jul 2006 at 4:47 am

    Raw sockets are not supported on windows operating system. This works only on Unix I think (sure for SunOS/*BSD/Linux)

  7. # Samiron 23 Jan 2007 at 2:34 pm

    Thank you! That’s what I needed.

  8. # Anonymouson 07 Feb 2007 at 7:01 pm

    im using FreeBSD 6.2 and python2.4.3 got the same msg..

    Traceback (most recent call last):

      File “arp.py”, line 74, in ?

        s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)

    AttributeError: ‘module’ object has no attribute ‘PF_PACKET’

  9. # stizzashon 29 Mar 2007 at 4:20 pm

    Did you have example code that you based your code on?

  10. # Anonymouson 01 Feb 2008 at 10:03 am

    Hey is there a place where I can read more about operations I can do with dpkt and twisted?
    thnks
    -L

Comments RSS

Leave a Reply