Replying to packets with scapy

Question

For a POC, I need to create a MITM setup where I would listen to ICMP traffic on the interface and for all the ping commands received, I would send my own reply. So far with python scapy, I have been able to intercept all ICMP packets. How do I block the actual ping reply packets and send my own packets as reply?

My code looks like this

import scapy.all as scapy
import socket
from scapy.arch import get_if_hwaddr
from scapy.interfaces import get_if_list
from scapy.layers import http
from scapy.layers.inet import TCP, ICMP, IP
from scapy.layers.l2 import Ether
from uuid import getnode as get_mac

def sniffer(interface):
    scapy.sniff(iface=interface, store=False, prn=process_packet)

def process_packet(packet):
    if packet.haslayer(ICMP):
        print("DUMP\n")
        print(packet.show(dump=True))
        print(packet[Ether].src)
        print(Ether().src)
        if packet[Ether].src == Ether().src:
            print("OUTGOING PACKET")
        else:
            print("INCOMING PACKET")


interface = "Wi-Fi"
sniffer(interface)

Answer 1

Since the ICMP reply is sent by host's IP stack you have to find a trick to prevent it to send the reply. If you're working on a linux system, you can for example:

• Make the IP stack ignore echo request:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

• Configure the firewall so that only the ICMP replies sent by scapy can be sent. You can for example, put XXX as the payload of your ICMP reply in your scapy script and let the firewall only accept such ICMP reply packets.