Learning Scapy Pt. 2

In my previous post, I talked about using Scapy to query a DNS server for the IP address of a fully qualified domain name (FQDN). In this post, I will be leveraging that code to send ICMP packets. The code is available on GitHub.

The first additional function I add is def is_ip(address) and as the name might suggests, it checks if an address given is an IP address or a FQDN. It does so by splitting the address into pieces based on the period(.). Both a FQDN and IP address are split into sections this way, so it makes sense. It then iterates over the sections and if it comes across a alpha character, it assumes it is a FQDN and not an IP address. A refactor of this code would change the code to not need a split into segments.

    isIP = True
    split = address.split('.')
    for each in split:
        for char in each:
            if char.isalpha():
                isIP = False
    return isIP

The second additional function I add is def send_msg(address, message). This takes the IP address and a message to be sent over ICMP. Adding the verbose=0 flag allows for silent operation of the command. Human readable messages can be added either to stdout or to a log.

def send_msg(address, message):
    send(IP(dst=address)/ICMP()/message, verbose=0)

In the main function, I collect the message the user wants to send and the IP address. I also make sure that the script is run as root, and set the default DNS server address in case one is not set.

def main():
    args = parser()
    hostname = args.host
    message = args.message
    dns = args.dns
    if dns == None:
        dns = ''

    if os.geteuid() != 0:
        exit("Script needs to be run as root user")

    if message == None:
        message = input("Enter the message you want to send: ")

    if is_ip(hostname) == False:
        IPv4 = get_IP(hostname, dns, "A")
        IPv4 = hostname

    send_msg(IPv4, message)

This was another simple script and the results can be seen with a network protocol analyzer, such as Wireshark. The example below shows an ICMP message of "Hello World" sent to localhost.

ICMP Hello World Packet

As always, any feedback is welcome. Comments here are welcome, I can be found on Twitter, or you can Email me. Contributions to the GitHub scripts are also welcome.



Comments powered by Disqus