sending echo-request to the default gateway with 2nd layer broadcast address

Question

i am trying to send an echo-request to the default gateway with 2nd layer broadcast address in Scapy.

i wrote this code:

packet = Ether(dst='FF:FF:FF:FF:FF:FF') / IP(dst='192.168.1.1') / ICMP()
sendp(packet)

but no response is returned

as i understand the process of sending a packet inside the network, the frame should had gone to the switch since the ip address of the destination is in the same network, and then the switch should had sent it to everyone connected to it since it sees the broadcast address.

what is wrong with this theory?

btw, I was sniffing the traffic using wireshark, there i could see the captured ping request but couldnt find the reponse for that answer which probably means this is a network problem and not a software one.

Answer 1

First, there are two "Scapy-related" points that may prevent you from seeing a potential response.

• If you want to send a packet and get the answer (or None if no answer is received), use srp1(). sendp() will send the packet, but won't wait for an answer.

• When using layer 2 commands (*p() functions), don't forget to specify the interface you want to use, as the iface= parameter, when it's not your default interface (conf.iface).

Then, there is a "Network" reason that may explain that you do not get any answer: the packet you are sending is "to broadcast" on layer 2, and "to unicast me" (from your gateway point of view) on layer 3.

Some IP stacks (at least, OpenBSD) drop such packets, and some others (at least, Linux) accept it.

You can try sending a unicast packet to the gateway address and see what happens: srp1(Ether() / IP(dst='192.168.1.1') / ICMP()), or (letting Scapy deal with the layer 2, assuming your routing table is correct to reach 192.168.1.1: sr1(IP(dst='192.168.1.1') / ICMP())).