0

I would like to use the Scapy package in Python in order to receive a packet (like a DNS query) in a specific port (e.g 53) and then send again the same packet to myself but to a different port. For example, if the original query was sent to port 53, I would like to send it again but to a different port (e.g 1028).

I thought about changing the destination IP address to the loopback address (127.0.0.1) and the destination port to the specific value (e.g 1028) and then use the "send" function of scapy, but it doesn't seems to work.

if the received packet variable is named "packet" then:

packet['IP'].dst = '127.0.0.1'
packet['UDP'].dst = 1028 
send(packet)

I also thought about deleting the checksums and recalculating them using show2() but it still does not work.

Any ideas?

Improve this question
5
  • "Doesn't seem to work?" What exactly does that mean? Do you get an exception/error message? Does it print Sent 1 packets? Can you see a packet sent with wireshark/tcpdump? It would help to provide a minimal reproducible example Commented Dec 7, 2016 at 21:08
  • It says "sent 1 packets" but when I used show to see the packet it showed a correct IP header, correct UDP header and the DNS part as ###[Raw]###. Could it be the reason? Commented Dec 7, 2016 at 21:37
  • And when using tcpdump to look at the traffic on the specific port (1028) I didn't see any indication for packets received. Commented Dec 7, 2016 at 21:59
  • Please provide a minimal reproducible example Commented Dec 7, 2016 at 23:53
  • I have added an example Commented Dec 8, 2016 at 19:48

1 Answer 1

Reset to default
1

This is a case for example (this function is being invoked when "packet" is the packet received by sniffing:

new_ip_header = IP(src=packet['IP'].src,dst=**MY IP**)
new_udp_header = UDP(sport=packet['UDP'].sport,dport=1028)
new_dns_header = packet['DNS']
new_packet = new_ip_header / new_udp_header / new_dns_header
del new_packet[IP].chksum
del new_packet[UDP].chksum
del new_packet[IP].payload.chksum
new_packet.show2()
send(new_packet)

Some notes:

  1. The message is being sent to my public IP address. It said "sent 1 packet" but it seems like the message was not received in port 1028 as expected.

  2. The checksum fields are being deleted and then I use the show2 method for recalculating them.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.