> packets = rdpcap("/home/chris/dns.pcap") 3. ![]() Then I ran Scapy and imported the packet capture: $ scapy This was probably unnecessary, but is a habit I have when starting any new Python project: mkdir mod_pcap Import pcap via scapyįirst I set up a virtual environment. I confirmed it worked: $ tcpdump -n -r dns.pcap I limited it to A records to reduce the number of packets generated: $ host -t a ![]() In another terminal I generated a DNS request. Tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes In one terminal I ran tcpdump, capturing only port 53 traffic: $ sudo tcpdump -i enp0s3 -w dns.pcap port 53 My planned steps were as follows:Īll the commands shown were run on an Ubuntu 18.04 LTS VM running on VirtualBox, but should work on any Linux host with Python3, Scapy, and tcpdump. ![]() I haven’t done much with Scapy before, but it seemed like the right tool for the task. My motivation was to start from a known good packet capture, for example, a DNS request and reply, and modify that request to create something interesting: an example to examine in Wireshark, or positive and negative test cases for an IDS software (Snort, Suricata).
0 Comments
Leave a Reply. |