Question 37910 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Sending packet with python and scapy to local address doesn't work – Ubuntu

I am trying to send a udp packet to a local ip address. This is my example code:

from scapy.all import *

if __name__ == "__main__":

    send(IP(dst="127.0.0.1")/UDP(sport=19600,dport=39600)/"abc")

I’ve started netcat to catch what I am going to send:

nc -ul 39600

Then I am executing the code:

python3 example_scapy_send.py

Nothing is received by the listening netcat.
At the same time I have started wireshark and I can see the packet is sent.
Packet sent with scapy

If I send a packet using netcat it is ariving on the listening netcat.

usr@dev:/home/usr# nc -u 127.0.0.1 39600
test

Wireshark:
Packet sent with netcat

The only difference I can see is that at layer 2 – destination address is multicast/broadcast when sent with scapy and unicast when sent with netcat. But this is not something I can control.

If I sent the same packet with scapy to another ip on the network (another host) the packet is received (by netcat). So the issue applies only if I am sending to a local address. Tested with any local ip. Not only 127.0.0.1. I’ve also tested with sendp and sr scapy functions but the result is the same.

Something more: if I’ve started another scapy script to listen to UDP/39600 (instead of netcat) I can see/I am receiving the packet I’ve sent.

Any ideas what is wrong?

tests done under ubuntu/scapy 2.5/python 3.8

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I couldn't find a way to make it work with send/sendp scapy functions, but instead I tried using standart python socket and it did the job:

    someSocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) someSocket.sendto(bytes('abc', "utf-8"), (127.0.0.1, 39600))


  2. 0

    Acording to Scapy troubleshooting:

    The loopback interface is a very special interface. Packets going through it are not really assembled and disassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it.
    On Linux, in order to speak to local IPv4 applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux)

    So you may need to add line before sending packet:

    conf.L3socket = L3RawSocket

    In your script. That way everything should supposed to work. At least in my environment worked out fine.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search