RCS file: RCS/scapy.py,v Working file: scapy.py head: 1.0 branch: 1.0.0 locks: access list: symbolic names: keyword substitution: kv total revisions: 214; selected revisions: 214 description: scapy ---------------------------- revision 1.0 date: 2005/08/09 18:26:09; author: pbi; state: Exp; lines: +7287 -946 branches: 1.0.0; 1.0 release ---------------------------- revision 0.9 date: 2003/03/26 13:26:13; author: pbi; state: Exp; branches: 0.9.7; 0.9.8; 0.9.9; 0.9.10; 0.9.11; 0.9.12; 0.9.13; 0.9.14; 0.9.15; 0.9.16; 0.9.17; Initial check-in ---------------------------- revision 0.9.17.110 date: 2005/08/09 18:19:17; author: pbi; state: Exp; lines: +7 -2 - nothing ---------------------------- revision 0.9.17.109 date: 2005/08/08 13:57:16; author: pbi; state: Exp; lines: +34 -6 - replaced use of __builtins__ by globals() - promiscuous mode is now default mode - added HTML color theme ---------------------------- revision 0.9.17.108 date: 2005/08/05 14:12:48; author: pbi; state: Exp; lines: +12 -7 - fix: IP fragmentation offset needs to be 0 for payload to be decoded (actually fixed in 0.9.17.106) ---------------------------- revision 0.9.17.107 date: 2005/08/05 14:04:03; author: pbi; state: Exp; lines: +29 -7 - added 'filter' parameter to PacketList.padding() - added PacketList.nzpadding() method - added 'lfilter' parameter to sniff() ---------------------------- revision 0.9.17.106 date: 2005/08/05 14:02:19; author: pbi; state: Exp; lines: +162 -138 - removed scapy module reloading to prepare interactive mode - tweaked interact() function, now fully functionnal ---------------------------- revision 0.9.17.105 date: 2005/07/20 16:24:06; author: pbi; state: Exp; lines: +7 -2 - small fix nmap database class ---------------------------- revision 0.9.17.104 date: 2005/07/20 16:22:51; author: pbi; state: Exp; lines: +18 -13 - modified Packet.guess_payload_class() semantic : added the payload as parameter - fixed TCP.answers() to take in account length of payload - added timeout arg to arping() ---------------------------- revision 0.9.17.103 date: 2005/06/07 10:18:27; author: pbi; state: Exp; lines: +18 -5 - added a try/catch for get_if_hw_addr - fixed the netstat parsing for OpenBSD - changed Dot11WEP's key ID field from "key" to "keyid" ---------------------------- revision 0.9.17.102 date: 2005/06/07 09:54:51; author: pbi; state: Exp; lines: +147 -2 - added LEShortEnumField - added L2CAP layer - added Bluetooth supersocket - added srbt() and srbt1() ---------------------------- revision 0.9.17.101 date: 2005/05/30 17:21:48; author: pbi; state: Exp; lines: +5 -2 - Fixes for 0.9.17.100 ---------------------------- revision 0.9.17.100 date: 2005/05/30 17:08:41; author: pbi; state: Exp; lines: +542 -5 - added NetBIOS, SMB & Co support (Sébastien Chenevot & Sylvain Sarméjeanne) ---------------------------- revision 0.9.17.99 date: 2005/05/28 14:28:40; author: pbi; state: Exp; lines: +29 -3 - WEP support and ICV computation ---------------------------- revision 0.9.17.98 date: 2005/05/27 23:05:35; author: pbi; state: Exp; lines: +12 -2 -fixed a smlal bug in graphic traceroute ---------------------------- revision 0.9.17.97 date: 2005/05/27 19:53:04; author: pbi; state: Exp; lines: +32 -4 - added WEP ciphering to Dot11WEP ---------------------------- revision 0.9.17.96 date: 2005/05/25 15:15:10; author: pbi; state: Exp; lines: +12 -7 - ability to give a WEP key as an argument to unwep() ---------------------------- revision 0.9.17.95 date: 2005/05/25 15:05:03; author: pbi; state: Exp; lines: +10 -4 - fixed pcap supersockets warnings ---------------------------- revision 0.9.17.94 date: 2005/05/25 15:01:24; author: pbi; state: Exp; lines: +13 -8 - fixed/cleaned ISAKMP ---------------------------- revision 0.9.17.93 date: 2005/05/25 15:00:34; author: pbi; state: Exp; lines: +16 -8 - fixed Packet.remove_underlayer() args - fixed FieldLenField - added Atheros Prism Header linktype ---------------------------- revision 0.9.17.92 date: 2005/05/18 16:59:32; author: pbi; state: Exp; lines: +95 -17 - some voip_play() stuff ---------------------------- revision 0.9.17.91 date: 2005/05/18 16:59:01; author: pbi; state: Exp; lines: +27 -3 - added BIOCIMMEDIATE option to fix BSD's BPF/pcap/select() behaviour issues - made PCAP/DNET the default mode, even for Linux (it seems quicker) ---------------------------- revision 0.9.17.90 date: 2005/05/18 16:57:07; author: pbi; state: Exp; lines: +14 -9 - purge ARP cache when changing IP address of an interface - fixed loopback interface detection get_if_raw_hwaddr() for dnet - changed a bit Dot11PacketList behaviour - fixed build() overload by EAP class - fixed close()/recv() mix up in L2pcapListenSocket ---------------------------- revision 0.9.17.89 date: 2005/05/03 19:18:22; author: pbi; state: Exp; lines: +92 -90 - DNET/PCAP stuff reordering ---------------------------- revision 0.9.17.88 date: 2005/05/03 00:10:12; author: pbi; state: Exp; lines: +20 -4 - made Padding not be seen as a payload ---------------------------- revision 0.9.17.87 date: 2005/04/29 22:37:39; author: pbi; state: Exp; lines: +105 -13 - added L2 recognition for L2pcapListenSocket - workarround for a bug in libpcap/wrapper?. .next() sometimes returns None - added consistant get_if_addr() and get_if_raw_addr() - added ifadd(), ifdel() and ifchange() methods to Route class ---------------------------- revision 0.9.17.86 date: 2005/04/27 21:14:24; author: pbi; state: Exp; lines: +14 -122 - small code cleaning ---------------------------- revision 0.9.17.85 date: 2005/04/27 13:53:32; author: pbi; state: Exp; lines: +258 -116 - early BSD port with libdnet and libpcap wrappers ---------------------------- revision 0.9.17.84 date: 2005/04/24 14:57:45; author: pbi; state: Exp; lines: +53 -68 - added a usable geolocation database from GeoIP. ---------------------------- revision 0.9.17.83 date: 2005/04/24 10:34:57; author: pbi; state: Exp; lines: +6 -3 - fixed fragment() (Peter Hardy) ---------------------------- revision 0.9.17.82 date: 2005/04/23 15:29:21; author: pbi; state: Exp; lines: +5 -2 - fixed sndrcv() when given an empty set of packets ---------------------------- revision 0.9.17.81 date: 2005/04/23 13:55:32; author: pbi; state: Exp; lines: +15 -7 - Some Sebek layers fixes (Pierre Lalet) ---------------------------- revision 0.9.17.80 date: 2005/04/23 13:43:16; author: pbi; state: Exp; lines: +37 -2 - Early IrDA support (Pierre Lalet) ---------------------------- revision 0.9.17.79 date: 2005/04/23 13:42:34; author: pbi; state: Exp; lines: +6 -3 - fixed SebekV1 and SebekV2 (Pierre Lalet) ---------------------------- revision 0.9.17.78 date: 2005/04/23 13:41:33; author: pbi; state: Exp; lines: +5 -2 - fixed BitField (Pierre Lalet) ---------------------------- revision 0.9.17.77 date: 2005/04/23 13:36:15; author: pbi; state: Exp; lines: +29 -1 - added threshold for warnings ---------------------------- revision 0.9.17.76 date: 2005/04/23 11:27:51; author: pbi; state: Exp; lines: +10 -7 - Renamed SndRcvAns into SndRcvList ---------------------------- revision 0.9.17.75 date: 2005/04/23 11:26:12; author: pbi; state: Exp; lines: +44 -5 - added color display in srloop() ---------------------------- revision 0.9.17.74 date: 2005/04/22 13:30:10; author: pbi; state: Exp; lines: +53 -24 - fixed dhcp_request() - changed make_table semantic : take one lambda instead of 3 - fixed import_hexcap() - fixed StrLenField - changed traceroute() and arping() to also return unanswered packets - ls() now sorts its output alphabetically - LaTeX color theme for straight copy/paste into your doc. ---------------------------- revision 0.9.17.73 date: 2005/04/15 15:56:08; author: pbi; state: Exp; lines: +24 -6 - fixed ARP.answers()' return value - made TracerouteResult.graph() use both ASN information source ---------------------------- revision 0.9.17.72 date: 2005/04/09 22:25:23; author: pbi; state: Exp; lines: +69 -18 - fix route.route() to handle extended IP sets (ex. 192.168.*.1-5) - generalised statistics in packet lists - added Dot11PacketList() - added some DHCP options - fixes in DHCP options building - modified unwep() to decrypt a WEP packet if it was not already done ---------------------------- revision 0.9.17.71 date: 2005/04/06 10:49:11; author: pbi; state: Exp; lines: +4 -2 - forgotten debug msg in Net() ---------------------------- revision 0.9.17.70 date: 2005/04/04 17:58:15; author: pbi; state: Exp; lines: +33 -13 - modified Net() to recognize things like 172.16.*.1-10 ---------------------------- revision 0.9.17.69 date: 2005/04/04 14:24:00; author: pbi; state: Exp; lines: +11 -3 - fix DHCP - added dhcp_request() ---------------------------- revision 0.9.17.68 date: 2005/03/28 22:18:04; author: pbi; state: Exp; lines: +20 -2 - first attempt with time skew graphing ---------------------------- revision 0.9.17.67 date: 2005/03/28 22:17:44; author: pbi; state: Exp; lines: +12 -6 - use gzip compression for load_object/save_object - made RandNum() and Emph() pickable - changed prompt color in default color theme ---------------------------- revision 0.9.17.66 date: 2005/03/28 14:30:01; author: pbi; state: Exp; lines: +116 -69 - more DHCP work ---------------------------- revision 0.9.17.65 date: 2005/03/28 14:29:03; author: pbi; state: Exp; lines: +20 -1 - first attempt to generate libnet C code from a packet ---------------------------- revision 0.9.17.64 date: 2005/03/28 14:28:20; author: pbi; state: Exp; lines: +10 -2 - forgot to delete temporary variables in scapy's global scope ---------------------------- revision 0.9.17.63 date: 2005/03/28 14:22:38; author: pbi; state: Exp; lines: +165 -16 - added colors, color themes, colored prompt ---------------------------- revision 0.9.17.62 date: 2005/03/24 16:19:33; author: pbi; state: Exp; lines: +7 -1 - made it possible to use a PacketList as a parameter for send* or sr* ---------------------------- revision 0.9.17.61 date: 2005/03/23 18:27:06; author: pbi; state: Exp; lines: +16 -3 - used init_cookie for ISAKMP.answers() - raised an exception in route.make_route if parameters are incomplete ---------------------------- revision 0.9.17.60 date: 2005/03/23 17:07:56; author: pbi; state: Exp; lines: +39 -30 - fixed session loading with -s - prevented save_session() to trash current session - changed AnsweringMachine to make send_reply() a bit more generic ---------------------------- revision 0.9.17.59 date: 2005/03/22 16:52:44; author: pbi; state: Exp; lines: +14 -2 - added _elt2show() to PacketList - changed PacketList.show() to use _elt2show() ---------------------------- revision 0.9.17.58 date: 2005/03/22 16:21:39; author: pbi; state: Exp; lines: +50 -5 - added conversation() to PacketList - added padding() to PacketList - fixed StrNullField - added haslayer_str() to Packet - changed Packet.sprintf() to use haslayer_str - changed answers() to ask payload if same class as other - add count parameter to rdpcap ---------------------------- revision 0.9.17.57 date: 2005/03/16 14:18:28; author: pbi; state: Exp; lines: +14 -1 - added StrNullField ---------------------------- revision 0.9.17.56 date: 2005/03/14 18:14:28; author: pbi; state: Exp; lines: +35 -19 - LLNumTypes fix - Added linktype recognition to PcapWriter class ---------------------------- revision 0.9.17.55 date: 2005/03/14 17:59:23; author: pbi; state: Exp; lines: +114 -111 - indentation cosmetic fix ---------------------------- revision 0.9.17.54 date: 2005/03/14 17:53:56; author: pbi; state: Exp; lines: +14 -2 - wrpcap() now writes the correct linktype in the pcap file ---------------------------- revision 0.9.17.53 date: 2005/03/14 17:22:23; author: pbi; state: Exp; lines: +49 -2 - added ISAKMP transforms decoding ---------------------------- revision 0.9.17.52 date: 2005/03/14 16:40:58; author: pbi; state: Exp; lines: +50 -28 - added ikescan() - added ISAKMPTransformField - fixed PacketList's private methods names do begin only with one "_" ---------------------------- revision 0.9.17.51 date: 2005/03/14 13:03:11; author: pbi; state: Exp; lines: +14 -6 - added a prn parameter to PacketList's summary() and nsummary() ---------------------------- revision 0.9.17.50 date: 2005/03/14 12:56:24; author: pbi; state: Exp; lines: +14 -11 - make internal methods of PacketResult begins with __ ---------------------------- revision 0.9.17.49 date: 2005/03/14 12:52:41; author: pbi; state: Exp; lines: +16 -5 - Deprecated display() method (for all objects). Use show() instead. ---------------------------- revision 0.9.17.48 date: 2005/03/14 12:48:29; author: pbi; state: Exp; lines: +129 -48 - Modified PacketField to stop at Padding instead of Raw - Added PacketLenField - More ISAKMP rework. Almost working. ---------------------------- revision 0.9.17.47 date: 2005/03/14 10:20:49; author: pbi; state: Exp; lines: +14 -3 - added unwep() method to Dot11 packets - fixed 4 missing bytes in Dot11WEP ---------------------------- revision 0.9.17.46 date: 2005/03/08 17:56:49; author: pbi; state: Exp; lines: +24 -12 - added a possibility to give a hint for srp() to choose the intended interface - added is_promisc() to find boxes in promisc mode (will not always work) (Javier Merino) ---------------------------- revision 0.9.17.45 date: 2005/03/08 17:21:14; author: pbi; state: Exp; lines: +66 -26 - added PacketField - ISAKMP work ---------------------------- revision 0.9.17.44 date: 2005/03/06 17:50:06; author: pbi; state: Exp; lines: +68 -13 - changed PCAP and DNET defaults ---------------------------- revision 0.9.17.43 date: 2005/03/03 17:15:26; author: pbi; state: Exp; lines: +23 -15 - ISAKMP work ---------------------------- revision 0.9.17.42 date: 2005/03/02 18:09:00; author: pbi; state: Exp; lines: +136 -1 - added make_world_trace() method to TracerouteResult for a xtraceroute-like ---------------------------- revision 0.9.17.41 date: 2005/02/20 22:33:55; author: pbi; state: Exp; lines: +8 -11 - Sebek protocol definitions enhancements (Pierre Lalet) ---------------------------- revision 0.9.17.40 date: 2005/02/20 22:31:49; author: pbi; state: Exp; lines: +46 -3 - added ARP answering machine (farpd) (Pierre Lalet) ---------------------------- revision 0.9.17.39 date: 2005/02/20 22:22:23; author: pbi; state: Exp; lines: +94 -30 - Graphic traceroute enhanced to cope with TCP, UDP, ICMP or other traceroutes - ASN clustering in graphic traceroute can be controlled with the "ASN" parameter ---------------------------- revision 0.9.17.38 date: 2005/02/18 21:03:26; author: pbi; state: Exp; lines: +58 -7 - MGCP early support - RandString() ---------------------------- revision 0.9.17.37 date: 2005/02/10 22:33:13; author: pbi; state: Exp; lines: +44 -11 - export_object()/import_object() to copy/paste base64 gzipped pickled objects - prevent save_session from deleting unpicklable objects - added hexdump() and hexraw() methods to PacketList object - Raw packet answers any Raw packet - added conf.checkIPaddr to recognize broadcast replies (BOOTP/DHCP) ---------------------------- revision 0.9.17.36 date: 2005/02/02 22:39:48; author: pbi; state: Exp; lines: +13 -1 - added GPRS dummy packet class ---------------------------- revision 0.9.17.35 date: 2005/01/29 00:29:25; author: pbi; state: Exp; lines: +12 -5 - added l4 parameter to traceroute() for UDP, ICMP and other layer 4 traceroutes - tweaked TracerouteResult display() ---------------------------- revision 0.9.17.34 date: 2005/01/26 23:43:19; author: pbi; state: Exp; lines: +5 -49 - removed some outdated functions ---------------------------- revision 0.9.17.33 date: 2005/01/26 23:41:58; author: pbi; state: Exp; lines: +7 -7 - small simplification of TracerouteResult display() thanks to new sprintf() conditionnal statement ---------------------------- revision 0.9.17.32 date: 2005/01/26 23:12:59; author: pbi; state: Exp; lines: +43 -3 - added conditionnal statements in format strings ---------------------------- revision 0.9.17.31 date: 2005/01/26 22:30:36; author: pbi; state: Exp; lines: +39 -37 - removed an uneeded "else" in sprintf() ---------------------------- revision 0.9.17.30 date: 2005/01/22 22:25:24; author: pbi; state: Exp; lines: +7 -2 - re-added node coloring lost code line in traceroute graphing code ---------------------------- revision 0.9.17.29 date: 2005/01/22 21:48:55; author: pbi; state: Exp; lines: +6 -2 - fixed need for warning() before it was declared ---------------------------- revision 0.9.17.28 date: 2005/01/22 21:47:11; author: pbi; state: Exp; lines: +20 -4 - added ARPingResult to handle arping() results - moved ARPing displaying logic to ARPing object ---------------------------- revision 0.9.17.27 date: 2005/01/22 21:42:59; author: pbi; state: Exp; lines: +185 -166 - added args todo_graph() - added TracerouteResults object to handle traceroute results - moved traceroute displaying logic to TracerouteResult object - moved traceroute graphing logic to TracerouteResult object ---------------------------- revision 0.9.17.26 date: 2005/01/20 22:59:07; author: pbi; state: Exp; lines: +97 -10 - graph_traceroute : added AS clustering, colors, tweaks ---------------------------- revision 0.9.17.25 date: 2005/01/17 22:10:58; author: pbi; state: Exp; lines: +82 -4 - added do_graph() to draw GraphViz graphs using SVG output, displayed with ImageMagick - added graph_traceroute() to make a graph from multiple traceroutes - added timeout parameter to traceroute() ---------------------------- revision 0.9.17.24 date: 2005/01/13 14:25:00; author: pbi; state: Exp; lines: +68 -1 - added Sebek v1 and v2 protocols (Pierre Lalet) ---------------------------- revision 0.9.17.23 date: 2005/01/10 21:55:14; author: pbi; state: Exp; lines: +10 -2 - addded promisc and iface parameters to L3RawSocket ---------------------------- revision 0.9.17.22 date: 2004/12/26 18:07:43; author: pbi; state: Exp; lines: +83 -50 - Improved PacketList with stability by addition and slicing - Added plot() to PacketList using Gnuplot - Added StrStopField - Added conf.debug_disssector to prevent dissector's exception from being catched - Added CookedLinux packet type - Show linktype number when it is unknown ---------------------------- revision 0.9.17.21 date: 2004/12/26 16:04:57; author: pbi; state: Exp; lines: +185 -5 - removed strace in soxmix command line - DHCP support (from Mattias Wadman) - added missing make_table to PacketList class - have UDP class asks its payload for answers() ---------------------------- revision 0.9.17.20 date: 2004/12/01 17:13:28; author: pbi; state: Exp; lines: +77 -26 - Early WEP support - voip_play() tweaks - Added LEShortField for Dot11 SC field ---------------------------- revision 0.9.17.19 date: 2004/10/18 13:42:50; author: pbi; state: Exp; lines: +245 -8 - HSRP early support - Cisco CSSP Skinny early support - added Little Endian IntEnumField - added filter() method to PacketList - some voip_play() work - loop parameter value in send*() is used as the time to sleep between 2 loops ---------------------------- revision 0.9.17.18 date: 2004/09/21 21:45:20; author: pbi; state: Exp; lines: +26 -12 - added recv() method to PcapReader to emulate a SuperSocket - added "offline" parameter to sniff() to use sniff on pcap files - removed voip_play_offline() and renamed voip_play_sniff() to voip_play() which is now available to play offline ---------------------------- revision 0.9.17.17 date: 2004/09/21 21:32:41; author: pbi; state: Exp; lines: +43 -6 - added early PPPoE support (Ralf Ertzinger) - fixed DNS summary() to handle empty queries or answers ---------------------------- revision 0.9.17.16 date: 2004/09/21 14:58:15; author: pbi; state: Exp; lines: +20 -1 - added VOIP playing functions (not tested) ---------------------------- revision 0.9.17.15 date: 2004/09/17 22:00:47; author: pbi; state: Exp; lines: +87 -9 - transfert traceroute() and arping() options to sndrcv() ("retry", etc.) - fixed retry option in sndrcv() - tweaked AnweringMachine class - rewrited airpwn to use AnsweringMachine ---------------------------- revision 0.9.17.14 date: 2004/09/13 16:57:01; author: pbi; state: Exp; lines: +7 -1 - added loopback routing ---------------------------- revision 0.9.17.13 date: 2004/09/12 21:44:45; author: pbi; state: Exp; lines: +86 -22 - AnsweringMachine working as I wanted! ---------------------------- revision 0.9.17.12 date: 2004/09/10 16:54:46; author: pbi; state: Exp; lines: +33 -11 - AnsweringMachine twaking - added DNS spoofing answering machine ---------------------------- revision 0.9.17.11 date: 2004/09/08 13:42:38; author: pbi; state: Exp; lines: +85 -4 - renamed ScapyPcapWriter class to PcapWriter - added linktype parameter to PcapWriter (William McVey) - added PcapReader class (William McVey) ---------------------------- revision 0.9.17.10 date: 2004/09/08 13:06:01; author: pbi; state: Exp; lines: +36 -5 - added some text correspondances to Radius code field ---------------------------- revision 0.9.17.9 date: 2004/09/06 14:28:02; author: pbi; state: Exp; lines: +30 -30 - early radius support ---------------------------- revision 0.9.17.8 date: 2004/09/06 14:17:11; author: pbi; state: Exp; lines: +133 -45 - added "store" parameter to sniff() - added AnsweringMachine class to handle request/response protocols - replaced bootpd by a AnsweringMachine subclass - created DHCP answering machine draft ---------------------------- revision 0.9.17.7 date: 2004/09/03 22:11:35; author: pbi; state: Exp; lines: +39 -21 - finished airpwn() ---------------------------- revision 0.9.17.6 date: 2004/08/13 16:49:51; author: pbi; state: Exp; lines: +110 -42 - added first version of airpwn() clone ---------------------------- revision 0.9.17.5 date: 2004/08/11 15:25:08; author: pbi; state: Exp; lines: +34 -3 - added RIP protocol ---------------------------- revision 0.9.17.4 date: 2004/08/09 14:00:20; author: pbi; state: Exp; lines: +20 -9 - added gzip support to sessions saving - can force pickle protocol to inferior values for pickle backward compatility ---------------------------- revision 0.9.17.3 date: 2004/08/07 10:59:34; author: pbi; state: Exp; lines: +49 -21 - fixed self reloading when launched from a different directory - fixed session reloading problems with PacketList() and SndRcvAns() - added load_session(), save_session(), update_session() ---------------------------- revision 0.9.17.2 date: 2004/07/28 21:16:12; author: pbi; state: Exp; lines: +8 -1 - added nsummary() method to SndRcvList() class ---------------------------- revision 0.9.17.1 date: 2004/07/26 19:52:55; author: pbi; state: Exp; lines: +3149 -582 Release 0.9.17 ---------------------------- revision 0.9.16.18 date: 2004/07/26 19:50:16; author: pbi; state: Exp; lines: +48 -1 - added ScapyPcapWriter class (William McVey) ---------------------------- revision 0.9.16.17 date: 2004/07/26 19:24:48; author: pbi; state: Exp; lines: +127 -13 - do not need to be named 'scapy.py' anymore - use of PacketList() for rdpcap() and sniff() - fixed a bug in StrFixedLenField - early IKE and ISAKMP support ---------------------------- revision 0.9.16.16 date: 2004/07/16 15:39:37; author: pbi; state: Exp; lines: +5 -3 - small fix on bootpd ---------------------------- revision 0.9.16.15 date: 2004/07/10 13:13:25; author: pbi; state: Exp; lines: +20 -14 - finished testing ethertype in supersockets to decide wether or not to apply BPF filters ---------------------------- revision 0.9.16.14 date: 2004/07/10 13:06:38; author: pbi; state: Exp; lines: +20 -15 - do not apply any BPF filter if ethertype is given to a supersocket (so that ARP requests will work whatever the conf.except_filter value is) ---------------------------- revision 0.9.16.13 date: 2004/07/09 09:11:15; author: pbi; state: Exp; lines: +9 -6 - changed the header and blocked the licence to GPLv2 only ---------------------------- revision 0.9.16.12 date: 2004/07/09 09:07:41; author: pbi; state: Exp; lines: +116 -25 - added an independant routing table (conf.route) and methods to manipulate it - tweaked results stats ---------------------------- revision 0.9.16.11 date: 2004/07/05 22:43:49; author: pbi; state: Exp; lines: +74 -9 - wrapper classes for results presentations and manipulation - sndrcv() retry auto adjustment when giving a negative value ---------------------------- revision 0.9.16.10 date: 2004/07/05 08:53:41; author: pbi; state: Exp; lines: +113 -94 - added retry option to sndrcv() - improved debug class - added ottl() and hops() methods for IPTools class - improved UDP and ICMP summary() ---------------------------- revision 0.9.16.9 date: 2004/06/07 16:09:21; author: pbi; state: Exp; lines: +13 -9 - fix again TCP.answers() and TCPerror.answers() ---------------------------- revision 0.9.16.8 date: 2004/06/07 16:06:27; author: pbi; state: Exp; lines: +58 -26 - fixed conf.checkIPsrc behaviour of answers() and hashret() for TCP/UDP/TCPerror/UDPerror - added conf.debug_match to keep track of unanswered packets in debug.sent and debug.recv ---------------------------- revision 0.9.16.7 date: 2004/06/07 09:20:43; author: pbi; state: Exp; lines: +40 -3 - added LEIntField and StrFixedLenField - added partial PrismHeader support ---------------------------- revision 0.9.16.6 date: 2004/04/29 15:46:19; author: pbi; state: Exp; lines: +18 -15 - fixed fragment() ---------------------------- revision 0.9.16.5 date: 2004/03/31 09:24:43; author: pbi; state: Exp; lines: +6 -1 - fix nmap fingerprint db parsing to handle the new format (Jochen Bartl) ---------------------------- revision 0.9.16.4 date: 2004/03/23 08:45:10; author: pbi; state: Exp; lines: +18 -8 - Support for reading big endian pcap files (Pekka Pietikainen) ---------------------------- revision 0.9.16.3 date: 2004/02/28 11:12:12; author: pbi; state: Exp; lines: +105 -12 - got rid of some future warnings (N. Bareil ) - improved BitField() for arbitrary length bit fields (N. Bareil ) - NTP protocol (N. Bareil ) ---------------------------- revision 0.9.16.2 date: 2004/02/22 17:49:51; author: pbi; state: Exp; lines: +49 -2 added first sketch of a bootp daemon: bootpd() ---------------------------- revision 0.9.16.1 date: 2004/01/26 18:01:00; author: pbi; state: Exp; lines: +2466 -485 Release 0.9.16 ---------------------------- revision 0.9.15.15 date: 2004/01/26 18:00:08; author: pbi; state: Exp; lines: +10 -3 - added more text for DNS codes ---------------------------- revision 0.9.15.14 date: 2004/01/15 13:24:48; author: pbi; state: Exp; lines: +37 -11 - fixed the case where IP field is a list of nets - randomize IPID in traceroute() to work better with conf.checkIPsrc=0 - added make_tex_table() and make_lined_table() - added IPID_count() to identify machines with their IPID - added sport and dport args to fragleak() ---------------------------- revision 0.9.15.13 date: 2004/01/11 11:47:07; author: pbi; state: Exp; lines: +14 -8 - srploop() and srloop() improvements ---------------------------- revision 0.9.15.12 date: 2004/01/11 01:28:21; author: pbi; state: Exp; lines: +17 -8 - srloop() and srploop() improvements ---------------------------- revision 0.9.15.11 date: 2004/01/11 01:07:05; author: pbi; state: Exp; lines: +21 -14 - srloop() and srploop() improvements ---------------------------- revision 0.9.15.10 date: 2004/01/10 23:42:58; author: pbi; state: Exp; lines: +5 -2 - added srloop() and srploop() functions ---------------------------- revision 0.9.15.9 date: 2004/01/10 23:40:51; author: pbi; state: Exp; lines: +40 -1 - added ---------------------------- revision 0.9.15.8 date: 2004/01/09 16:42:42; author: pbi; state: Exp; lines: +31 -18 - improved send() and sendp() with parameters loop and verbose ---------------------------- revision 0.9.15.7 date: 2004/01/09 16:04:07; author: pbi; state: Exp; lines: +5 -2 - fixed ARP opcodes values ---------------------------- revision 0.9.15.6 date: 2004/01/09 15:53:46; author: pbi; state: Exp; lines: +10 -2 - added RARP and IARP req/resp description in ARP operation Enum field ---------------------------- revision 0.9.15.5 date: 2003/12/19 15:54:30; author: pbi; state: Exp; lines: +85 -15 - added checkIPID and checkIPsrc options in conf to recognize IP in ICMP errors from broken IP stacks (see conf.__doc__) - changed default TCP source port to 20 (Muahahahah!) - tweaked TCP summary - changed default UDP source and destination ports to 53 - created import_hexcap() to copy-paste an hexcap from tcpdump -xX, and get a string to feed IP() or ARP() or whatever - created make_table() to present results in a table from a list, and functions that map the list to x,y and z=f(x,y). ---------------------------- revision 0.9.15.4 date: 2003/10/30 16:11:41; author: pbi; state: Exp; lines: +56 -9 - little enhancements to the DNS packets - added dyndns_add() and dyndns_del() (rfc2136) - fixed a format string error (3 times) ---------------------------- revision 0.9.15.3 date: 2003/10/16 10:41:42; author: biondi; state: Exp; lines: +24 -26 - redesign summary() method - fixed Dot11 addresses fields ---------------------------- revision 0.9.15.2 date: 2003/10/15 14:41:09; author: biondi; state: Exp; lines: +20 -7 - caching format size (calcsize()) in Field main class - allow first packet desassembly to fail in SuperSockets, falling back to Raw ---------------------------- revision 0.9.15.1 date: 2003/10/02 15:24:29; author: pbi; state: Exp; lines: +2198 -469 Release 0.9.15 ---------------------------- revision 0.9.14.8 date: 2003/10/02 15:16:26; author: pbi; state: Exp; lines: +148 -117 - small fix for p0f_base - lazy loading for p0f, queso and nmap knowledge databases ---------------------------- revision 0.9.14.7 date: 2003/10/02 14:14:17; author: pbi; state: Exp; lines: +130 -3 - added a LongField - added classes and bonds for 802.11 - added error handling and magic checks for rdpcap() ---------------------------- revision 0.9.14.6 date: 2003/09/12 14:45:35; author: pbi; state: Exp; lines: +68 -12 - had Dot11 working ---------------------------- revision 0.9.14.5 date: 2003/09/12 10:04:05; author: pbi; state: Exp; lines: +67 -6 - added summary() method to Packet objects ---------------------------- revision 0.9.14.4 date: 2003/09/12 09:28:28; author: pbi; state: Exp; lines: +51 -8 - added SNAP protocol - catched broken pipe exception when shild die in sndrcv() - fixed default L2socket type in srp() and srp1() (ETH_P_ALL) - fixed format string in attach_filter() ---------------------------- revision 0.9.14.3 date: 2003/09/10 08:47:41; author: pbi; state: Exp; lines: +49 -23 - fixed the fact that bpf filters were generated in cooked mode, and thus did not work - filter on socket type ETH_P_ARP instead of using a bpf filter for ARP replies - fixed the way of handling the SuperSocket close. - uniformised the naming for interface parameter : iface instead of iff - fixed the FutureWarning for long integers - fixed a typo in 3 format strings (%*i instead of %i) ---------------------------- revision 0.9.14.2 date: 2003/07/20 00:12:04; author: pbi; state: Exp; lines: +15 -7 -added "-i any" for tcpdump to compile filters even if they don't work on main interface - put PPP special case before layer 2 general case in a super socket - added th filter parameter to L3RawSocket - added a special case in getmacbyip() when loopback interface is concernet - added value for RAWIP linktype in pcap capture files ---------------------------- revision 0.9.14.1 date: 2003/06/25 13:18:23; author: pbi; state: Exp; lines: +1779 -406 Release 0.9.14, from 0.9.13.4 ---------------------------- revision 0.9.13.5 date: 2003/06/25 13:17:00; author: pbi; state: Exp; lines: +142 -130 - tried to avoid the "import scapy". completer does not work well anymore, and performance is the same ---------------------------- revision 0.9.13.4 date: 2003/06/25 12:35:57; author: pbi; state: Exp; lines: +10 -3 - fixed a regression in L3PacketSocket for ppp links ---------------------------- revision 0.9.13.3 date: 2003/05/31 14:01:12; author: biondi; state: Exp; lines: +16 -2 - more tweaks on Packet.sprintf(). Added __doc__. ---------------------------- revision 0.9.13.2 date: 2003/05/31 13:17:42; author: biondi; state: Exp; lines: +6 -4 - small tweaks in Packet.sprintf() ---------------------------- revision 0.9.13.1 date: 2003/05/16 13:34:30; author: pbi; state: Exp; lines: +1755 -408 Release 0.9.13 ---------------------------- revision 0.9.12.9 date: 2003/05/16 13:32:38; author: pbi; state: Exp; lines: +6 -2 - fixed verbose parameter in nmap_fp() ---------------------------- revision 0.9.12.8 date: 2003/05/16 13:28:49; author: pbi; state: Exp; lines: +86 -5 - small enhancements in self-documentation - added early experiemental support for BOOTP and 802.11 ---------------------------- revision 0.9.12.7 date: 2003/05/16 11:25:48; author: pbi; state: Exp; lines: +95 -38 - added workarroung python bug 643005 (socket.inet_aton("255.255.255.255")) - use answers() method instead of operator - added hashret() method : returns a hash that is invariant for a packet and its reply - use hashret() in sndrcv() for dramatic improvements for matching replies on big set of packets - change report_ports() to return a string instead of printing ---------------------------- revision 0.9.12.6 date: 2003/05/16 09:28:40; author: pbi; state: Exp; lines: +9 -12 - improved the __repr__() method of Packet class ---------------------------- revision 0.9.12.5 date: 2003/05/12 15:15:02; author: pbi; state: Exp; lines: +6 -3 - added minttl parameter to traceroute() ---------------------------- revision 0.9.12.4 date: 2003/05/06 13:39:21; author: pbi; state: Exp; lines: +6 -39 - Improved random number object (thanks to O. Poyen) ---------------------------- revision 0.9.12.3 date: 2003/05/06 10:45:27; author: pbi; state: Exp; lines: +6 -3 - fixed a name overlap on "type" in L2ListenSocket and L3PacketSocket (thanks to E. M. Hopper) ---------------------------- revision 0.9.12.2 date: 2003/05/06 10:41:58; author: pbi; state: Exp; lines: +37 -17 - externalized conversion from probes to signature with nmap_probes2sig() use probe results from, say, a pcap file ---------------------------- revision 0.9.12.1 date: 2003/04/27 10:07:30; author: pbi; state: Exp; lines: +1539 -327 Release 0.9.12 ---------------------------- revision 0.9.11.5 date: 2003/04/27 10:04:03; author: pbi; state: Exp; lines: +8 -2 - Fixed long int conversion in attach_filter() ---------------------------- revision 0.9.11.4 date: 2003/04/27 10:00:57; author: pbi; state: Exp; lines: +60 -41 - rectification in SetGen to unroll Gen instances in lists - Completed DNS types and qtypes names - Small tuning in nmap_match_one_sig() - Parallelized nmap_sig() ---------------------------- revision 0.9.11.3 date: 2003/04/24 12:47:49; author: pbi; state: Exp; lines: +120 -30 - removed 4 byte IP string autorecognition. Never used and broken for 4 byte names - added "islist" flag to fields to distinguish a list value from a list of values - changed TCP options from dict to list to preserve order and redundancy - added conf.except_filter, to have every command ignore your own traffic (BPF filter) - worked in progress for nmap OS fingerprint. Added PU test. Fixed other tests. - added nmap_sig2txt() to transform a signature to its text form, suitable for nmap base ---------------------------- revision 0.9.11.2 date: 2003/04/23 21:23:30; author: pbi; state: Exp; lines: +125 -11 - small fixes in init_queso() - experimental support of nmap fingerprinting (not complete yet) ---------------------------- revision 0.9.11.1 date: 2003/04/22 14:38:16; author: pbi; state: Exp; lines: +1295 -315 Release 0.9.11 ---------------------------- revision 0.9.10.8 date: 2003/04/22 14:37:32; author: pbi; state: Exp; lines: +23 -12 - fixed bug in getmacbyip() using dnet module - deactivated getmacbyip() using dnet module because it did not resolve unknown IPs - added some commands listed by lsc() ---------------------------- revision 0.9.10.7 date: 2003/04/22 13:55:01; author: pbi; state: Exp; lines: +47 -42 - some getattr/setattr/delattr enhancements ---------------------------- revision 0.9.10.6 date: 2003/04/22 13:52:00; author: pbi; state: Exp; lines: +109 -4 - added experimental support for QueSO OS fingerprinting. Has someone a *recent* database ? ---------------------------- revision 0.9.10.5 date: 2003/04/18 17:45:15; author: pbi; state: Exp; lines: +42 -2 - improved the completer to complete with protocol fields - small fix in get_working_if() ---------------------------- revision 0.9.10.4 date: 2003/04/16 14:53:36; author: pbi; state: Exp; lines: +16 -8 - added option to include padding or not ---------------------------- revision 0.9.10.3 date: 2003/04/16 14:35:32; author: pbi; state: Exp; lines: +34 -6 - added L2dnetSocket() - improved arping() ---------------------------- revision 0.9.10.2 date: 2003/04/16 12:40:40; author: pbi; state: Exp; lines: +12 -2 - fixed the case when the history file does not exist ---------------------------- revision 0.9.10.1 date: 2003/04/14 15:43:45; author: pbi; state: Exp; lines: +1039 -271 Release 0.9.10 ---------------------------- revision 0.9.9.15 date: 2003/04/14 15:42:47; author: pbi; state: Exp; lines: +36 -3 - added L3pcapListenSocket - fixed L3ListenSocket to use ETH_P_ALL instead of ETH_P_IP by default ---------------------------- revision 0.9.9.14 date: 2003/04/14 14:57:53; author: pbi; state: Exp; lines: +12 -32 - reworked L3dnetSocket ---------------------------- revision 0.9.9.13 date: 2003/04/14 13:53:28; author: pbi; state: Exp; lines: +15 -5 - added completion (rlcompleter) and history support ---------------------------- revision 0.9.9.12 date: 2003/04/14 10:05:42; author: pbi; state: Exp; lines: +9 -6 - bugfixed the close() method of some supersockets ---------------------------- revision 0.9.9.11 date: 2003/04/13 21:41:01; author: biondi; state: Exp; lines: +32 -2 - added get_working_if() - use get_working_if() for default interface ---------------------------- revision 0.9.9.10 date: 2003/04/12 23:33:42; author: biondi; state: Exp; lines: +222 -9 - add DNS layer (do not compress when assemble, answers() is missing) ---------------------------- revision 0.9.9.9 date: 2003/04/12 22:15:40; author: biondi; state: Exp; lines: +70 -18 - added EnumField - used EnumField for ARP(), ICMP(), IP(), EAPOL(), EAP(),... ---------------------------- revision 0.9.9.8 date: 2003/04/11 16:52:29; author: pbi; state: Exp; lines: +68 -51 - better integration of libpcap and libdnet, if available ---------------------------- revision 0.9.9.7 date: 2003/04/11 15:49:31; author: pbi; state: Exp; lines: +68 -7 - some tweaks about supersockets close() and __del__() (not satisfied) - added L3dnetSocket, that use libdnet and libpcap if available ---------------------------- revision 0.9.9.6 date: 2003/04/11 13:46:49; author: pbi; state: Exp; lines: +42 -46 - fixed a regression in bitfield dissection - tweaked and fixed a lot of small things arround supersockets ---------------------------- revision 0.9.9.5 date: 2003/04/10 14:50:22; author: pbi; state: Exp; lines: +16 -12 - clean session only if it is to be saved - forgot to give its name to Padding class - fixed the NoPayload comparison tests so that they work on reloaded sessions ---------------------------- revision 0.9.9.4 date: 2003/04/10 13:45:22; author: pbi; state: Exp; lines: +62 -55 - Prepared the configuration of L2/L3 supersockets ---------------------------- revision 0.9.9.3 date: 2003/04/08 18:34:48; author: pbi; state: Exp; lines: +43 -9 - little fix in L2ListenSocket.__del__() - added doc and options in Conf class - added promisc support for L3PacketSocket, so that you can get answers to spoofed packets ---------------------------- revision 0.9.9.2 date: 2003/04/08 17:42:19; author: pbi; state: Exp; lines: +7 -1 - added extract_padding() method to UDP ---------------------------- revision 0.9.9.1 date: 2003/04/08 17:23:33; author: pbi; state: Exp; lines: +455 -130 Release 0.9.9 ---------------------------- revision 0.9.8.9 date: 2003/04/08 17:22:25; author: pbi; state: Exp; lines: +19 -29 - use cPickle instead of pickle (quicker and works with __getattr__() recursion) - small fixes on send() and sendp() ---------------------------- revision 0.9.8.8 date: 2003/04/08 16:48:04; author: pbi; state: Exp; lines: +22 -6 - EAPOL overload Ether dst with PAE_GROUP_ADDR - tuning in ports_report() - tuning in fragleak ---------------------------- revision 0.9.8.7 date: 2003/04/07 15:32:10; author: pbi; state: Exp; lines: +5 -2 - uses /usr/bin/env invocation ---------------------------- revision 0.9.8.6 date: 2003/04/07 14:57:12; author: pbi; state: Exp; lines: +14 -4 - catch error during payload dissection and consider payload as raw data ---------------------------- revision 0.9.8.5 date: 2003/04/07 14:43:13; author: pbi; state: Exp; lines: +101 -9 - srp() becomes srp1() and sr() equivalent for L2 is called srp() - hastype() Packet methods renamed to haslayer() - added getlayer() Packet method - added padding detection for layers that have a length field - added fragment() that fragment an IP packet - added report_ports() to scan a machine and output LaTeX report ---------------------------- revision 0.9.8.4 date: 2003/04/01 11:19:06; author: pbi; state: Exp; lines: +24 -8 - added FlagsField(), used for TCP and IP - rfc3514 compliance ---------------------------- revision 0.9.8.3 date: 2003/03/28 14:55:18; author: pbi; state: Exp; lines: +18 -2 Added pkt2uptime() : uses TCP timestamp to predict when the machine was booted ---------------------------- revision 0.9.8.2 date: 2003/03/27 15:58:54; author: pbi; state: Exp; lines: +8 -2 - fixed sprintf() regression to use attributes from a packet that are not fields (eg: payload) ---------------------------- revision 0.9.8.1 date: 2003/03/27 15:43:20; author: pbi; state: Exp; lines: +254 -82 Release 0.9.8 ---------------------------- revision 0.9.7.9 date: 2003/03/27 15:07:42; author: pbi; state: Exp; lines: +24 -11 - add filter support for sr(), sr1() and srp() - use filters for getmacbyip() and traceroute() for better reliability under heavy load ---------------------------- revision 0.9.7.8 date: 2003/03/27 14:45:11; author: pbi; state: Exp; lines: +84 -33 - better timeout management in sndrcv - bugfixed sys.exit() imbrication issues - some self documentation - added lsc()command ---------------------------- revision 0.9.7.7 date: 2003/03/26 17:51:33; author: pbi; state: Exp; lines: +33 -11 - Added IPTool class, to add commands like whois() to IP layer. - Have unknown class attributes be asked to payload before raising an exception. ---------------------------- revision 0.9.7.6 date: 2003/03/26 17:35:36; author: pbi; state: Exp; lines: +42 -11 More powerful sprintf format string : %[fmt[r],][cls[:nb].]field% where fmt is a classic one, r can be appended for raw substitution (ex: IP.flags=0x18 instead of SA), nb is the number of the layer we want (ex: for IP/IP packets, IP:2.src is the src of the upper IP layer). Special case : "%.time" is the creation time. Ex : p.sprintf("%.time% %-15s,IP.src% -> %-15s,IP.dst% %IP.chksum% %03xr,IP.proto% %r,TCP.flags%") ---------------------------- revision 0.9.7.5 date: 2003/03/26 14:47:39; author: pbi; state: Exp; lines: +18 -17 Added creation time packet. Supported by read/write pcap. ---------------------------- revision 0.9.7.4 date: 2003/03/26 14:25:09; author: pbi; state: Exp; lines: +67 -27 Added the NoPayload terminal class ---------------------------- revision 0.9.7.3 date: 2003/03/26 13:31:11; author: pbi; state: Exp; lines: +5 -2 Fixed RCS Id ---------------------------- revision 0.9.7.2 date: 2003/03/26 13:30:05; author: pbi; state: Exp; lines: +7 -0 Adding RCS Id ---------------------------- revision 0.9.7.1 date: 2003/03/26 13:28:37; author: pbi; state: Exp; lines: +0 -0 Creating branch 0.9.7 ---------------------------- revision 1.0.0.1 date: 2005/08/09 18:30:10; author: pbi; state: Exp; lines: +4 -1 Release 1.0.0 =============================================================================