How exactly would one go about creating a raw socket on the MAC layer in Micropython?
The UNIX equivalent is:
eth_p_all=3
netif='wlan0'
s=socket.socket(socket.AF_PACKET,socket.SOCK_RAW,socket.htons(eth_p_all))
s.bind((netif,0))
For one, it is not clear how to get the interface name, and there is no socket.AF_PACKET or socket.htons.
So, if there is no way to do this with the stock libraries or firmware, which libraries should I choose, or if firmware modification is required, how exactly should I modify the firmware?
There have no raw socket implementation at current upy firmware. Yo can check the following line. The raw socket dispatch has been removed from modlwip.c
https://github.com/micropython/micropython/blob/68a5d6fe7746850ce049b8bf295bfce1382383f3/extmod/modlwip.c#L712
If you want to modify firmware by your self, you can follow the steps.
Check your platform's origin SDK support raw socket or not. (for example, cc3200 use TI's cc3200 SDK and it support raw socket)
Modify modlwip.c
There's an unofficial port(realtek's ameba series) support raw socket. You could start from this one.
https://github.com/wylinks/micropython-ameba/blob/ameba/ports/ameba/mphelper/mods/modlwip.c
Related
I have been testing a connection to a TCP modbus device using the open source libmodbus library. The very first register I had to read was at 45001 on the device. It turns out that using libmodbus I have to give it an address of 0 to get this register. If I want register 45010 I use 9.
There is another register I want to read at 44001. I don't see anything in the documentation about changing the base address. Is it possible to use a negative offset? Am I going to have to recompile the library?
No, you're going to need to figure out how addresses described in your device's documentation map to actual Modbus addresses. This is extremely common.
The library you're using is just doing things the way the Modbus specification defines, and exposing that to you through its interface.
I am implemneting a code based on Raw sockets. In order to receive coming Ethernet frames I have to bind the socket I created to an Ethernet interface. The only way to do that, as far as I am concerned, is via setsockopt() function with the option SO_BINDTODEVICE.
The problem is that I am using FreeBSD which does not support such option. Is there any patch to use in order to enable this feature or any other trusted alternative?
You can use sendto if you are working with IPv6, see this example.
Unfortunately this doesn't work with IPv4.
As antiduh said, you can use libpcap to capture packets, provided you have access to /dev/bpf (which is usually restricted to root).
Can I somehow set the 802.11 channel programmatically with the pcap library (or even anything else)?
I've written a sniffer and need to sniff on different channels, so I need to set the specific one first. I've been searching but I can't find anything, so I currently set it with the iw tool manually.
No, libpcap currently doesn't have an API to get a list of available 802.11 channels or set the current channel.
I infer from "iw tool" that you're doing this on Linux; you'll have to directly use netlink calls to set the channels - see, for example, the code in the ws80211_utils.c file in the top-level source directory of Wireshark.
I'd like to be able to intercept/ modify data in tcp flow, on the side of tcp client. Examples for pcap show how to parse tcp packet header/ payload.
But suppose, i want to modify packet payload before tcp client reads it, or drop the packet entirely. How can i do that with pcap capure?
As above, you can't do interception/modification with pcap. For this you need one of the following OS-dependent techniques:
Linux: libnetfilter_queue + iptables
MacOS, FreeBSD: divert sockets + ipfw
Windows: WinPkFilter (commercial), WinDivert (LGPL), or write your own NDIS IM or WFP call-out driver.
(usual disclosure: WinDivert is my project).
Scapy used in conjunction with python is a very good tool cum library.
You can do all sorts of packet monitoring and editing via command line
Also you can build applications on top of scapy to do a specific task.
Scapy
You can't do that with libpcap or WinPcap; libpcap is built atop OS mechanisms that do not support that (those mechanisms exist to support passive packet capture and low-level packet capture and injection, not to support packet modification in the packet input and output path), and WinPcap's driver is built atop an OS mechanism of that sort.
You would have to find some mechanism, in whatever OS you're using, that supports tapping into the networking stack in a way that allows the tapping program to modify packets as they pass through the networking stack. Such a mechanism might not exist on some OSes; on OSes where it does exist, if there are any, it's probably very OS-dependent. (The mechanisms libpcap uses are also OS-dependent; libpcap exists, in part, to hide those differences from applications, to the maximum extend possible.)
(Apologies: I uninstalled and reinstalled WinPcap and now I can see the extra interface! Suggestion found in Wireshark FAQ. I leave the original question below.)
I use WireShark to examine ethernet packet contents at the byte level (in/out of custom FPGA-based hardware). I have a USB-Ethernet adapter to add a second Ethernet port to my laptop. It was a cheap Chinese device bought on Ebay but now that I've found an appropriate driver, it works OK. However, I see that, on Windows, WinPcap/WireShark doesn't support Ethernet capture over USB.
While it would be nice if WireShark could be made to work on USB capture, I'm really looking for an alternative way to grab the raw ethernet bytes. I have some perl scripts set up that operate on the raw frames output from tshark, (Wireshark command line) and I could easily feed it from any stream of frames/bytes.
Is anyone doing something similar or is there a tidy way to output the raw bytes?
Sniffed raw USB bytes would be OK, but it would be nicer if someone has already programmed/scripted extracting the Ethernet frames. I'm using perl but any compiled app or python or C# or C++ or .. would be fine.
You mentioned python, scapy can do a LOT of raw packet things, might want to look at that. From their git:
Scapy is a powerful Python-based interactive packet manipulation
program and library.
It is able to forge or decode packets of a wide number of protocols,
send them on the wire, capture them, store or read them using pcap
files, match requests and replies, and much more. It is designed to
allow fast packet prototyping by using default values that work.
It can easily handle most classical tasks like scanning, tracerouting,
probing, unit tests, attacks or network discovery (it can replace
hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f,
etc.). It also performs very well at a lot of other specific tasks
that most other tools can't handle, like sending invalid frames,
injecting your own 802.11 frames, combining techniques (VLAN
hopping+ARP cache poisoning, VoIP decoding on WEP protected channel,
...), etc.
Scapy supports Python 2.7 and Python 3 (3.3 to 3.6). It's intended to
be cross platform, and runs on many different platforms (Linux, OSX,
*BSD, and Windows).
Check them out at https://github.com/secdev/scapy
I don't have a Windows PC readily at hand to test, but as far as I can tell, there is no problem capturing Ethernet frames in Wireshark on Windows, from a USB-Ethernet adapter.
What you can't do, is capturing USB bus traffic, but that is not what you wanted, right?
To clarify, just select the USB-Ethernet device as you would any other, and you are set.