Send packet with scapy

Question

I'm trying to send a simple ICMP packet from HOST B to HOST A

This is my configuration:

HOST A
10.0.1.10 with gateway set to 10.0.1.24


Router
NIC 1 10.0.1.24
NIC 2 192.168.100.1

HOST B 
192.168.100.3




A: 10.0.1.10 <---> 10.0.1.24 |NIC-1 Router NIC-2| 192.168.100.1 <---> 192.168.100.3: B

But when I try to send the packet with

send(IP(dst="10.0.1.10")/ICMP()/"Hello World")

nothing shows up on the tcpdump of the router . With

sendp(IP(dst="10.0.1.10")/ICMP()/"Hello World")

instead, this shows up

09:41:16.398305 00:00:40:01:4b:20 (oui Unknown) > 45:00:00:27:00:01 (oui Unknown), ethertype Unknown (0xc0a8), length 60: 
    0x0000:  6403 0a00 010a 0800 a631 0000 0000 4865  d........1....He
    0x0010:  6c6c 6f20 576f 726c 6400 0000 0000 0000  llo.World.......
    0x0020:  0000 0000 0000 0000 0000 0000 0000       ...........

It looks like a malformed packet, and nothing is forwarded to HOST A

The machines can ping correctly, what did I do wrong?

edit:sr1 output

13:25:58.235650 08:00:27:44:d7:c8 (oui Unknown) Null > Broadcast Unknown DSAP 0x08 Unnumbered, 27, Flags [Command], length 54
    0x0000:  0800 2701 507f 0800 2744 d7c8 0800 4500  ..'.P...'D....E.
    0x0010:  0028 0001 0000 4001 4b1f c0a8 6403 0a00  .(....@.K...d...
    0x0020:  010a 0800 26a8 0000 0000 4845 4c4c 4f20  ....&.....HELLO.
    0x0030:  574f 524c 440a

It may be that Scapy is guessing the wrong interface to send through. Use `send`, and specify the `iface` parameter. `iface="eth0"` if you're on a unix system and `eth0` is the correct interface. If you're on Windows, print out `ifaces` to see what IDs are associated with what interfaces, then do `iface=dev_from_index(INTERFACE_INDEX)`; where `INTERFACE_INDEX` is the ID found in `ifaces`. This all assumes `from scapy.all import *`. — Carcigenicate, Dec 08 '20 at 17:50
Did it, I've changed from the scapy routing table. Now I can see the ICMP packet on the router, still it doesn't forward anything on HOST A. I'm on a Unix system btw. — Kuze, Dec 08 '20 at 18:00
I'd double check that the router isn't sending an error back, like a `Destination Unreachable`. If you change `send` to `sr1`, do you get anything back? Running Wireshark on Host B might shed some light on what's going on too. — Carcigenicate, Dec 08 '20 at 18:11
With `sr1` I get the same message(I've edited the original post) but I can't get the response from the router. I had Wireshark on HOST B, it tells me that the packet is malformed(`LLC protocol`) as we suspected, and puts the destination in Broadcast. One thing I forgot: Scapy tells me: `WARNING: Mac address to reach destination not found. Using broadcast.` Still, even after I've manually edited the MAC of HOST A on the packet, no success. — Kuze, Dec 08 '20 at 18:37
If you're manually specifying the `Ether` layer, you need `sendp` instead of `send` or it will produce a malformed packet (I think it tries to put a second Ethernet layer on top of yours or something. I still haven't figured that oddity out yet). — Carcigenicate, Dec 08 '20 at 18:42
With `sendp` i can finally create the ICMP packet (id and seq = 0) and the router is able to see it. Still the router do not forward the packet,and Wireshark tells me that he didn't get the response. — Kuze, Dec 08 '20 at 20:15

score 0 · Accepted Answer · answered Dec 10 '20 at 08:26

Solved. For someone that is a "noob" with this tool like me: The router was not forwarding the packet to the subnet because it was malformed. I sniffed a regular ICMP packet acting as a MiTM,and it worked. HOST 1 received the packet correctly.

Carcigenicate also guessed right, be sure to set the correct interface.

Send packet with scapy

1 Answers1