I Smell Packets


Solution to the “Check It Out” Packet Challenge using Scapy
April 22, 2011, 1:03 am
Filed under: Packet Challenge, scapy | Tags: , ,

Here’s a nifty solution to the “Check It Out” Packet Challenge by StalkR (@stalkr_ on Twitter) that uses Scapy:

StalkR writes:

Just seen the challenge and wanted to try 🙂

1) save the hexdump on the blog post into packet.txt

2) turn it back into a hex string
$ awk ‘$0!=””{print $0}’ packet.txt |sed ‘s/ //g’ |tr -d ‘\n’ > packet.hex

3) run scapy
$ scapy
Welcome to Scapy (2.1.0)

4) load hex and decode
$ scapy
>>> p = open(‘packet.hex’).read().decode(‘hex’)
>>> p
‘E\x00\x05\’\x00\x01@\x0[…]’

5) load it as an IP packet
>>> p = IP(p)
>>> p
<IP  version=4L ihl=5L tos=0x0 len=1319 […] chksum=0x0

6) remove chksum to force calculation
>>> p.chksum = None

7a) force calculation of chksum either with show2()
>>> p.show2()
###[ IP ]###
[…]
chksum= 0xb27c

7b) or just turn packet into string and load it again:
>>> ‘0x%04x’ % IP(str(p)).chksum
‘0xb27c’

Hurray for scapy \o/

Chris continues:

Very cool use of scapy.  What other tools could we use to solve this?

As always, if you’d like to submit a challenge to http://www.ismellpackets.com contact me at chris (dot) christianson (at) gmail (dot) com.

Bookmark and Share

 

Advertisements

Leave a Comment so far
Leave a comment



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: