Reputation: 22893
scapy: Correct method to modify TTL of sniffed traffic
I'm playing around with Scapy and I noticed something weird.
If I create a packet in order to trigger an ICMP time-exceeded error message:
myPacket = IP(dst="www.google.com", ttl=3)/TCP()
... I do get the ICMP message once I send it with the function sr .
On the other hand, if I take any outgoing packet that I have sniffed and change its ttl value to the same used above, I get no reply whatsoever.
What's the problem here? I thought I could experience this by using dummy traffic, not real traffic! I even tried with other TTL values, but to no avail.
Upvotes: 2
Views: 7335
Answers (2)
Reputation: 9149
Another option is to use the sendp() function. Scapy automatically calculates the IP and TCP checksums.
myPacket = IP(dst="www.google.com", ttl=3)/TCP()
sendp(myPacket)
def dissect(pck):
if pck.haslayer("ICMP"): # Filter out all but ICMP packets. You could do additional filtering
pck.show() # Display response packets
sniff(iface="eth0", prn=lambda x:dissect(x), store=0)
Upvotes: 1
Reputation: 22893
Ok, packets were getting dropped because once I changed the ttl value the checksum wasn't correct any more. I just had to force the checksum to be computed again by deleting its value:
del(mypacket.getlayer(IP).chksum)
Upvotes: 1
Related Questions
- Python/Scapy: sniff only incoming packets
- How to change a packet data with scapy?
- scapy ICMP show ( ttl ) only
- how to sniff packets, modify and then send
- Python - Scapy Choosing an interface to sniff
- Scapy - the interface of a sniffed packet
- How to sniff specific packets using python module Scapy?
- sending ICMP packets in scapy and choosing the correct interface
- Modify packets on the fly with Scapy?
- Scapy - How to sniff packet and send it as encapsulated data