Send hand-crafted Ethernet Frames in Python (ARP for example)

Tonight I decided to send ARP flood over the wireless link to find who is using it. This is a strange thing .. ok but it works pretty fine and quickly ..

First step is to build the custom packet.. I tested several suffs and i decided to keep the dpkt package. It support a large subset of packets and is easy to use. (Nobody for a MSN parser ?:)

The next step is to send and wait for answers. This has been a bit harder, meanly because I spent a long time looking how to send Ethernet Frames (not IP packets).
In other words, how RAW sockets works in python.

Here a small answer.

soc = socket.socket(socket.PF_PACKET, socket.SOCK_RAW) #create the raw-socket
soc.bind(("ath0",0x0806)) # ether type for ARP

soc.send(handly_crafted_packet)
data = soc.receive(1024)
...

If you want a full example, checkout the arp-flood script I wrote.



Related Posts

18 thoughts on “Send hand-crafted Ethernet Frames in Python (ARP for example)

  1. Did you look at scapy? It got some nice shortcuts like sendp() for sending ethernet frames. Very nice tool!

  2. Yes, i know scapy but it’s a interactive tool, and i need something that be cron-ed. And second thing, I want to learn how to do that too:)

  3. For some reason the page shows only interactive sessions but it can be scripted too. I’ve used scapy to automate testing of an IP host for an embedded target, the suite being run under the control of unittest.

  4. ive been trying to figure out how to send ethernet frames in python for a couple of days now, thanks

  5. Hi,

    I am trying to run ur full code but i m getting following error……

    Plz reply me on madhurnamdev@huawei.com

    C:DOCUME~1M71323Desktop>python pac.py

    Traceback (most recent call last):

      File “pac.py”, line 70, in ?

        s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)

    AttributeError: ‘module’ object has no attribute ‘PF_PACKET’

  6. Raw sockets are not supported on windows operating system. This works only on Unix I think (sure for SunOS/*BSD/Linux)

  7. im using FreeBSD 6.2 and python2.4.3 got the same msg..

    Traceback (most recent call last):

      File “arp.py”, line 74, in ?

        s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)

    AttributeError: ‘module’ object has no attribute ‘PF_PACKET’

  8. Hey is there a place where I can read more about operations I can do with dpkt and twisted?
    thnks
    -L

  9. On my centos server, everything works perfectly, however on my mac I get this error, similar to the BSD and Windows error others have been reporting:

    Traceback (most recent call last):
    File “arp-flood.py”, line 74, in
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
    AttributeError: ‘module’ object has no attribute ‘PF_PACKET’

    Is this because in Mac OS X, raw sockets are not allowed like in windows, or is it something else? Does anyone know a work around?

  10. Sorry for this newb question but I no nothing about python programming.
    I would love to know if there’s a simple way to mimic the behavior of the HP-UX linkloop command with python.
    This command helps test layer 2 connectivity TO a MAC address on another host.
    From host A you choose the interface to send the packet from and specify the MAC address of the interface on host B you want to test.
    Host A and B are on the same subnet.

    Is there a simple trivial way to do this with python?

  11. You have to run the process as an administrator on windows to use raw sockets.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>