Sending DHCP Discover using python scapy
Solution 1
Solved ! I had the same problem,
The problem I think was on the srp() function, it can't receive packets on port 68, but I've created a new function with a new thread that sniffs BOOTP messages and displays the packet fields. you can simulate it :
sniff(iface=myiface, filter="port 68 and port 67")
then send the packet using srp() or sendp() func :)
NOTE: I have used multithreading mechanism cause my program sends messages and sniffs if a rogue DHCP Server is on the network
Solution 2
I am not sure if this would qualify as an answer, but we use scapy to simulate DHCP server/client exchange, and the following does the job for us:
discover = Ether(dst='ff:ff:ff:ff:ff:ff', src=cliMAC, type=0x0800) / IP(src='0.0.0.0', dst='255.255.255.255') / UDP(dport=67,sport=68) / BOOTP(op=1, chaddr=cliMACchaddr) / DHCP(options=[('message-type','discover'), ('end')])
The main difference between my code and yours seem to be how the BOOTP header is defined. Maybe you could try my packet definition and see if it works?
Comments
-
BeingNerd over 3 years
I am new to python and learning some network programming, I wish to send an DHCP Packet through my tap interface to my DHCP server and expecting some response from it. I tried with several packet building techniques such a structs and ctypes and ended up with using scapy. Here I am able to send DHCP Packet but unable to get any response from the DHCP server(Analyzed using wireshark and tcpdump)..My packet looked like same as original DHCP packet but failed to get response. Here is my code
import socket from scapy.all import * def main(): if len(sys.argv)<3: print " fewer arguments." sys.exit(1) else: tap_interface = sys.argv[1] src_mac_address = sys.argv[2] ethernet = Ether(dst='ff:ff:ff:ff:ff:ff',src=src_mac_address,type=0x800) ip = IP(src ='0.0.0.0',dst='255.255.255.255') udp =UDP (sport=68,dport=67) fam,hw = get_if_raw_hwaddr(tap_interface) bootp = BOOTP(chaddr = hw, ciaddr = '0.0.0.0',xid = 0x01020304,flags= 1) dhcp = DHCP(options=[("message-type","discover"),"end"]) packet = ethernet / ip / udp / bootp / dhcp fd = open('/dev/net/tun','r+') TUNSETIFF = 0x400454ca IFF_TAP = 0x0002 IFF_NO_PI = 0x1000 mode = IFF_TAP | IFF_NO_PI ifr = struct.pack('16sH', tap_interface, IFF_TAP | IFF_NO_PI) fcntl.ioctl(fd,TUNSETIFF,ifr) while True: sendp(packet, iface = tap_interface) time.sleep(10) if __name__ == '__main__': main()Is there any other ways of achieving this? If so please do mention them as well. Thanks in Advance.