-
Notifications
You must be signed in to change notification settings - Fork 3
/
08-making-xmas-tree-packet.html
74 lines (65 loc) · 4.32 KB
/
08-making-xmas-tree-packet.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<title>Making a Christmas Tree Packet</title>
<link rel="stylesheet" href="stylesheets/styles.css">
<link rel="stylesheet" href="stylesheets/pygment_trac.css">
<link href="stylesheets/font-awesome.min.css" rel="stylesheet">
<script src="javascripts/scale.fix.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="wrapper">
<header>
<h1 class="header"><a href="index.html">Scapy for Network Tools</a></h1>
<p class="header">Using the power of Python + Scapy to build network tools</p>
<ul>
<li class="download"><a class="buttons" href="https://github.com/thepacketgeek/building-network-tools-with-scapy/zipball/master">Download ZIP</a></li>
<li class="download"><a class="buttons" href="https://github.com/thepacketgeek/building-network-tools-with-scapy/tarball/master">Download TAR</a></li>
<li><a class="buttons github" href="https://github.com/thepacketgeek/building-network-tools-with-scapy">View On GitHub</a></li>
</ul>
<p class="header">This project is maintained by <a class="header name" href="https://github.com/thepacketgeek">thepacketgeek</a></p>
</header>
<section>
<h3 id="01">
08 - Making a Christmas Tree Packet
</h3>
<p>We've doing a lot of packet sniffing, analysis, and even some basic packet crafting of our own. With the ICMP packets we created, we only set the destination we wanted to use and let Scapy take care of the rest. </p>
<h4>Taking Control of Protocol Fields</h4>
<p>I want to show you how to take a bit more control over the packet creation process by creating a <a target = "_blank" href="http://en.wikipedia.org/wiki/Christmas_tree_packet">TCP Christmas Tree packet</a>. I'll let you read the details, just know that the name of this packet comes from every TCP header flag bit turned on (set to 1), so it can be said the packet is "lit up like a Christmas Tree." Here's how we can build this with Scapy:</p>
<script type="text/javascript" src="https://gist.github.com/thepacketgeek/6919352.js"></script>
<pre><code>============================Console Output:===========================
....................................................................................................
Sent 100 packets.
</code></pre>
<p>Although we don't get much output from the <code>send()</code> function, and no option for the <code>prn</code> argument, we can sniff and see what happened:</p>
<a href="images/08-xmas-tree-packets.png"><img src="images/08-xmas-tree-packets.png"></a>
<p class="caption">Wireshark sniff showing several xmas tree packets and the TCP header with our bits set</p>
<p>Woohoo! Look how awesome we are! Make sure to look through that script so you can see what we're doing. We want to send random TCP ports in our packet, so we have to make an array of packets, each with a different TCP destination port. You could also randomize the source port or any other field using the technique I did in that script.</p>
<nav>
<p class="previous"><a href="07-monitoring-arp.html"><i class="icon-arrow-left"></i> Previous</a></p>
<p class="next"><a href="09-scapy-and-dns.html">Next <i class="icon-arrow-right"></i></a></p>
</nav>
</section>
</div>
<footer>
<p>Hosted on GitHub Pages — Theme by <a href="https://github.com/orderedlist">orderedlist</a></p>
</footer>
<!--[if !IE]><script>fixScale(document);</script><![endif]-->
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-44238008-3");
pageTracker._trackPageview();
} catch(err) {}
</script>
</body>
</html>