In [1]:
!ping google.com
/*
* IP_HEADER prototype
*/
struct ip_header
{
unsigned int hl:4, /* 4 bit header length */
ver:4; /* 4 bit version */
unsigned char tos; /* type of service */
unsigned short totl; /* total length of datagram */
unsigned short id; /* identifier */
unsigned short notused; /* this is were flags and fragment offset would go */
unsigned char ttl; /* time to live */
unsigned char prot; /* protocol */
unsigned short csum; /* our checksum */
unsigned long saddr; /* source address */
unsigned long daddr; /* destination address */
};
struct icmp_echo
{
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short identifier;
unsigned short sequence;
char data[MTU]; /* we're going to send data MTU bytes at a time */
};
In [1]:
!nslookup google.com | tail -3
In [71]:
from scapy.all import IP, ICMP, sr1, UDP
sr1(IP(dst="74.125.225.130") / ICMP())
Out[71]:
In [61]:
!traceroute google.com
Strategy: Set the time to live (ttl) to a small number. Our packet dies in transit!
In [77]:
reply = sr1(IP(dst="74.125.225.1", ttl=1) / UDP())
reply
Out[77]:
In [60]:
reply.src
Out[60]:
In [100]:
for ttl in range(6):
packet = IP(dst="74.125.225.1", ttl=ttl) / UDP()
reply = sr1(packet, verbose=0, timeout=0.05)
if reply is not None:
print reply.src
In [98]:
import socket
print socket.gethostbyaddr("74.116.184.81")
print socket.gethostbyaddr("199.168.63.17")
In [201]:
from scapy.all import ARP, srp, Ether
In [210]:
my_mac_address = "3c:97:0e:55:b3:7f"
ip_to_spoof = "192.168.1.144"
packet = Ether(dst="ff:ff:ff:ff:ff:ff") / \
ARP(psrc=ip_to_spoof, hwsrc=my_mac_address)
srp(packet, verbose=0, timeout=0.01)
Out[210]: