Project 9: Scapy (15 pts)

What you need

What is scapy?

Scapy is an interactive environment that lets you build packets of any type you want and send them onto the network, and monitor the responses. It can be used for almost anything you want: port scanning, testing firewalls and IPS systems, attacks, etc.

Testing Networking

On your Linux system, in a Terminal, execute this commannd:
ping -c 2 8.8.8.8
You should see two replies, as shown below. If you don't, you need to troubleshoot your networking before continuing with this project.

Installing Scapy

If you are using Kali, Scapy is already installed.

To install Scapy on a Debian cloud server, execute this command:

sudo apt install python-scapy

Starting scapy

Use this command to start scapy:
sudo scapy
Scapy opens, as shown below on this page.


9.1: ICMP with Scapy

Sending ICMP Packets with scapy

In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
i = IP()
This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
i.display()
A list of values appears, starting with the IP version number (4) and ending with the source and destination IP addresses, as shown below on this page.

If the colors are difficult to see, adjust them by clicking Edit, "Profile Preferences", Colors. I used "Black on light yellow".

Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your Target machine:

i.dst="google.com"
i.display()
Notice that scapy automatically fills in your machine's source IP address, as shown below on this page.

Use these commands to create an object named ic of type ICMP and display its properties:

ic = ICMP()
ic.display()
There aren't many properties for this object--it's just an echo-request, as shown below on this page.

Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:

sr1(i/ic)
This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image above, the response is shown, with ICMP type echo-reply. The Padding section shows the portion of the packet that carries higher-level data. In this case it contains only zeroes as padding, as shown below.

Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):

sr1(i/ic/"YOUR NAME")
You should see a reply with a Raw section containing your name, as shown below on this page.

Troubleshooting

If you don't get a response to your ICMP request, it may be that it is being discarded as a duplicate. Add these two commands to set the sequence and id numbers, using any random number instead of "10".
ic.id = 10
ic.seq = 10
Another solution is to use a Google cloud machine, as shown below.

Getting a Flag Value

In a Web browser, open this page, replacing YOURNAME with your own name:
https://games.samsclass.info/tmp/pingYOURNAME.txt
The page is not found, as shown below on this page.

Use Scapy to send an ICMP request with these properties:

Refresh the Web page. After a few seconds a word will appear, as covered in a gray box in the image below. Enter that word in the form below to record your success.

9.1: Recording Your Success (10 pts)

Use the form below to record your success.

Name:
Word:

9.2: UDP with Scapy

Sending a UDP Packet to Port 9900

In the Linux machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
i = IP()
i.dst = "ad.samsclass.info"
u = UDP()
u.display()
After creating an IP object targeting my server, this creates an object named u of type UDP, and displays its properties, as shown below.

Execute these commands to change the source port to 2000, the destination port to 9900 and send a message to my server:

u.sport = 2000
u.dport = 9900
sr1(i/u/"HELLO\n")
The server replies with "You sent HELLO", as shown below.

Sending a UDP Packet to Port 9901

Use Scapy to send a UDP packet with these properties: The reply will contain a flag, covered in a gray box in the image below. Enter that flag in the form below to record your success.

9.2: Recording Your Success (5 pts)

Use the form below to record your success.

Name:
Flag:

Posted 3-24-19
Cloud instructions added 3-26-19