Network Discovery with Scapy

A free video tutorial from Packt Publishing
Tech Knowledge in Motion
Rating: 3.9 out of 5Instructor rating
1,262 courses
401,487 students
Network Discovery with Scapy

Lecture description

Custom discovery scans / Scapy for scan scripting

Learn more from the full course

Kali Linux - Backtrack Evolved

Assuring Security by Penetration Testing

02:43:30 of on-demand video • Updated September 2014

Many advanced techniques are addressed within this series, but it is still designed to simultaneously accommodate less experienced viewers. The series provides detailed explanations intended to clearly address the underlying processes involved with all tasks performed.
English [Auto]
Scampi is a very powerful object oriented scripting to in Cali in order to access gappy into the term Skapti at the command line. The first object that we're going to look at is IP. So enter IP and capital letters and then open and close parentheses and the way we want to do is assign this object to a variable. So we'll do IP and lowercase and then the IP object once again and then use IP dot display and then open and close Quincy's to see the different characteristics of that object the object is already built with predefined figuration for each of the different characteristics listed here. We can change those configurations by using the variable characteristics and set it equal to about. So IP dot DST or destination and set it equal to an IP address of a Windows system that I have in my lab. They don't use IP dot display once again to verify the changes were made to that characteristic. And as you can see this will update both the destination as defined and also the source address to our Akali IP address. Next we want to create an ICMP object and assign it to the variable ping. So we used ping equals ICMP. Open and close prints and then ping got display to see the characteristics of that later. And as you can see by default it's an echo request. So we'll then send the packet with Windows equals S.R. will which is send or receive one packet and then IP overpaying will then receive the reply and we can review the results of that reply with Windows not display. And as you can see the result is an ICMP echo reply and also please take notes of the TTL or time to live out of 120. Now let's try the exact same Krause's but this time we will send a pink packet and receive the response from a Linux machine that I have in my lab so we use IP got DST and set the destination IP address to the IP address of our Linux machine. And then we'll do Linux equals and then send it receive and IP over Ping and then we'll do Linux stop display display the receive packet and once again an ICMP echo reply. But this time noticed that the value is not 128 but instead 64 This is one of the common distinctions between most Linux and Windows operating systems is that Windows starts the TTL value 128 in Linux starts at 64 and for each hop required to get to the destination the initial value is decremented by 1. This can be a very simple way of fingerprinting appearances or at least to distinguish between Windows and Linux hosts. So will exit out escape. And one of the great things about Skype is that it can be used or imported into Python for scripting purposes. I've actually already created a very basic Python's script that tests to see if the operating system is Linux or Windows based. So we'll look at this script and basically all it does is import the scaping module and then takes input from the user regarding the IP address that you want to test and then it creates the IP and the ICMP packet layers and then if the TTL value is less than sixty five it defines it as Linux. Otherwise it defines it as Windows and then prints the results. So we can run this real quick against each var different systems. First we'll go ahead and do a S.H. mod 777 in order to change the python script to an executable and then period board slash and the python script to execute it and then we'll enter the IP address bar Windows host and it immediately returns the result that the operating system is Windows. We can also try the exact same thing with our Linux IP address so this is a very simple and crude example of how operating system fingerprinting can take place and also an example of how you can use Skeete be with in a scripting environment. So in the next video we go ahead and look at some more advanced operating system fingerprint tools in come.