stackoom
  简体   繁体   中英

Python 2.7 RAW sockets: missing and wrong fields in ARP header

 原文  2018-02-03 18:35:10       python/ python-2.7/ sockets/ arp

Question

at the beggining I would like to say that I didn't have any experiences with sockets earlier. I am trying to create response ARP packet in python 2.7. I have almost done it, but there's a problem: when I was looking at the packet in wireshark i found out that ARP header is missing sender & target mac and sender & target ip fields. Harware size and protocol size fields are wrong as well. What am I doing wrong? Do I pack data wrongly? Here is source code of the program: 

import socket
import struct
import binascii


def formatMAC(mac):
    return mac.lower().replace(':', '')

def sendPacket(packet):
    s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW)
    s.bind(("wlan0", 0))
    return s.send(packet)

eth_src = formatMAC('A0:88:B4:0A:A5:A8')
eth_dst = formatMAC("18:A6:F7:CF:51:B6")
eth_prt = '0806'

arp_hw_type = '0001'
arp_prt_type = '0800'
arp_hw_size = '0006'
arp_prt_size = "0004"
arp_opcode = '0002'
arp_mac_src = formatMAC('A0:88:B4:0A:A5:A8')
arp_ip_src = '192.168.0.134'
arp_mac_dst = formatMAC('18:A6:F7:CF:51:B6')
arp_ip_dst = '192.168.0.1'

eth_pack = struct.pack("!6s6s2s", binascii.unhexlify(eth_dst), binascii.unhexlify(eth_src), binascii.unhexlify(eth_prt))
arp_pack = struct.pack("2s2s1s1s2s6s4s6s4s",
         binascii.unhexlify(arp_hw_type), 
         binascii.unhexlify(arp_prt_type),
         binascii.unhexlify(arp_hw_size),
         binascii.unhexlify(arp_prt_size),
         binascii.unhexlify(arp_opcode),
         binascii.unhexlify(arp_mac_src),
         socket.inet_aton(arp_ip_src), 
         binascii.unhexlify(arp_mac_dst),
         socket.inet_aton(arp_ip_dst)
         )

packet = eth_pack + arp_pack
print(sendPacket(packet))

Wireshark screenshot

Thanks.

1 answers

solution1
 0 ACCPTED  2018-02-03 23:31:13

If you match up the Wireshark hexdump with what you're trying to send, you'll see that the "hardware address size" and "protocol address size" fields of the actually sent packet are both 00.

This is because you passed two bytes to struct.pack (0006 and 0004) but you told it (with 1s ) to only format 1 byte, so it only outputs the first byte.

If you look at the hexdump you'll see that the addresses were actually sent, Wireshark just ignored them because the size was supposed to be 0.

Just change 0006 and 0004 to 06 and 04 as these are 1-byte fields.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ARP request without reply raw sockets python Python arp sniffing raw socket no reply packets Raw sockets in python3 Raw sockets and sendto in python python arp header unpacking with struct module Python HTTP proxy Raw Sockets Network interface for raw sockets in python? Attachment Missing python 2.7 Connect to python server using sockets in python 2.7 How to use raw socket send and receive arp package in python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM