H 430: Scapy (20 pts)

What you need

What is scapy?

Scapy is an interactive environment that lets you build packets of any type you want and send them onto the network, and monitor the responses. It can be used for almost anything you want: port scanning, testing firewalls and IPS systems, attacks, etc.

Testing Networking

On your Linux system, in a Terminal, execute this commannd:
ping -c 2 google.com
You should see two replies, as shown below. If you don't, you need to troubleshoot your networking before continuing with this project.

Downloading and Running Scapy

To install Scapy on a Debian server, execute these commands:
sudo apt update
sudo apt install git -y
git clone https://github.com/secdev/scapy.git
cd scapy
sudo ./run_scapy
Scapy opens, as shown below on this page.


ICMP with Scapy

Sending ICMP Packets with scapy

In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
i = IP()
This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
i.display()
A list of values appears, starting with the IP version number (4) and ending with the source and destination IP addresses, as shown below on this page.

Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your Target machine:

i.dst="google.com"
i.display()
Notice that scapy automatically fills in your machine's source IP address, as shown below on this page.

Use these commands to create an object named ic of type ICMP and display its properties:

ic = ICMP()
ic.display()
There aren't many properties for this object--it's just an echo-request, as shown below on this page.

Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:

sr1(i/ic)
This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image below, the response is shown, with ICMP type echo-reply.

Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):

sr1(i/ic/"YOUR NAME")
You should see a reply with a Raw section containing your name, as shown below on this page.

Getting a Flag Value

In a Web browser, open this page, replacing YOURNAME with your own name:
https://games.samsclass.info/tmp/pingYOURNAME.txt
The page is not found, as shown below on this page.

Use Scapy to send an ICMP request with these properties:

H 430.1: Web Page (10 pts)

Refresh the Web page a few times. After a few seconds the flag will appear, as covered in a green box in the image below.

UDP with Scapy

Sending a UDP Packet to Port 9900

In the Linux machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
i = IP()
i.dst = "ad.samsclass.info"
u = UDP()
u.display()
After creating an IP object targeting my server, this creates an object named u of type UDP, and displays its properties, as shown below.

Execute these commands to change the source port to 2000, the destination port to 9900 and send a message to my server:

u.sport = 2000
u.dport = 9900
sr1(i/u/"HELLO\n")
The server replies with "You sent HELLO", as shown below.

Sending a UDP Packet to Port 9901

Use Scapy to send a UDP packet with these properties:

H 430.2: UDP Flag (10 pts)

The reply will contain a flag, covered in a green box in the image below. It may take two or three tries to get the flag.


Posted 3-24-19
Cloud instructions added 3-26-19
Formatting of Scapy installation code fixed 7-4-2020