Regression tests for Scapy

Shrink All Expand All Expand Passed Expand Failed

CRC=7174A369 SHA=BA9669C94F64634488397E1558D8D86EDED7CF03
Run Mon Jul 24 16:31:35 2006 from [/spare/homepage/projects/UTscapy/demo_campaign.uts] by UTscapy

PASSED=39 FAILED=1

000 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039

0BBB9876 Informations on Scapy

+000+ -000- 14F389A8 Get conf
Dump the current configuration

>>> conf
Version    = 1.0.4.55beta
BTsocket   = <class scapy.BluetoothL2CAPSocket at 0xb6ed9dac>
IPCountry_base = 'GeoIPCountry4Scapy.gz'
L2listen   = <class scapy.L2ListenSocket at 0xb6ed9c5c>
L2socket   = <class scapy.L2Socket at 0xb6ed9bfc>
L3socket   = <class scapy.L3PacketSocket at 0xb6ed9bcc>
checkIPID  = 1
checkIPaddr = 1
checkIPsrc = 1
check_TCPerror_seqack = 0
color_theme = <HTMLTheme2>
countryLoc_base = 'countryLoc.csv'
debug_dissector = 0
debug_match = 0
except_filter = ''
gnuplot_world = 'world.dat'
histfile   = '/home/pbi/.scapy_history'
iface      = 'eth0'
nmap_base  = '/usr/share/nmap/nmap-os-fingerprints'
p0f_base   = '/etc/p0f/p0f.fp'
padding    = 1
prog       = Version    = 1.0.4.55beta
display    = 'display'
dot        = 'dot'
pdfreader  = 'acroread'
psreader   = 'gv'
tcpdump    = 'tcpdump'
promisc    = 1
prompt     = '>>> '
queso_base = '/etc/queso.conf'
route      = Network         Netmask         Gateway         Iface           Output IP
127.0.0.0       255.0.0.0       0.0.0.0         lo              127.0.0.1      
172.16.0.0      255.255.0.0     0.0.0.0         eth0            172.16.0.2   
0.0.0.0         0.0.0.0         172.16.0.1      eth0            172.16.0.2   

session    = ''
sniff_promisc = 1
stealth    = 'not implemented'
verb       = 0
warning_threshold = 5
wepkey     = ''

+001+ -001- 19EC7768 List layers

>>> ls()
ARP        : ARP
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options
DNS        : DNS
DNSQR      : DNS Question Record
DNSRR      : DNS Resource Record
Dot11      : 802.11
Dot11ATIM  : 802.11 ATIM
Dot11AssoReq : 802.11 Association Request
Dot11AssoResp : 802.11 Association Response
Dot11Auth  : 802.11 Authentication
Dot11Beacon : 802.11 Beacon
Dot11Deauth : 802.11 Deauthentication
Dot11Disas : 802.11 Disassociation
Dot11Elt   : 802.11 Information Element
Dot11ProbeReq : 802.11 Probe Request
Dot11ProbeResp : 802.11 Probe Response
Dot11ReassoReq : 802.11 Reassociation Request
Dot11ReassoResp : 802.11 Reassociation Response
Dot11WEP   : 802.11 WEP packet
Dot1Q      : 802.1Q
Dot3       : 802.3
EAP        : EAP
EAPOL      : EAPOL
Ether      : Ethernet
GPRS       : GPRSdummy
GRE        : GRE
HCI_ACL_Hdr : HCI ACL header
HCI_Hdr    : HCI header
HSRP       : HSRP
ICMP       : ICMP
ICMPerror  : ICMP in ICMP
IP         : IP
IPerror    : IP in ICMP
IPv6       : IPv6 not implemented here.
ISAKMP     : ISAKMP
ISAKMP_class : abstract packet
ISAKMP_payload : ISAKMP payload
ISAKMP_payload_Hash : ISAKMP Hash
ISAKMP_payload_ID : ISAKMP Identification
ISAKMP_payload_KE : ISAKMP Key Exchange
ISAKMP_payload_Nonce : ISAKMP Nonce
ISAKMP_payload_Proposal : IKE proposal
ISAKMP_payload_SA : ISAKMP SA
ISAKMP_payload_Transform : IKE Transform
ISAKMP_payload_VendorID : ISAKMP Vendor ID
IrLAPCommand : IrDA Link Access Protocol Command
IrLAPHead  : IrDA Link Access Protocol Header
IrLMP      : IrDA Link Management Protocol
L2CAP_CmdHdr : L2CAP command header
L2CAP_CmdRej : L2CAP Command Rej
L2CAP_ConfReq : L2CAP Conf Req
L2CAP_ConfResp : L2CAP Conf Resp
L2CAP_ConnReq : L2CAP Conn Req
L2CAP_ConnResp : L2CAP Conn Resp
L2CAP_DisconnReq : L2CAP Disconn Req
L2CAP_DisconnResp : L2CAP Disconn Resp
L2CAP_Hdr  : L2CAP header
L2CAP_InfoReq : L2CAP Info Req
L2CAP_InfoResp : L2CAP Info Resp
LLC        : LLC
MGCP       : MGCP
MobileIP   : Mobile IP (RFC3344)
MobileIPRRP : Mobile IP Registration Reply (RFC3344)
MobileIPRRQ : Mobile IP Registration Request (RFC3344)
MobileIPTunnelData : Mobile IP Tunnel Data Message (RFC3519)
NBNSNodeStatusResponse : NBNS Node Status Response
NBNSNodeStatusResponseEnd : NBNS Node Status Response
NBNSNodeStatusResponseService : NBNS Node Status Response Service
NBNSQueryRequest : NBNS query request
NBNSQueryResponse : NBNS query response
NBNSQueryResponseNegative : NBNS query response (negative)
NBNSRequest : NBNS request
NBNSWackResponse : NBNS Wait for Acknowledgement Response
NBTDatagram : NBT Datagram Packet
NBTSession : NBT Session Packet
NTP        : NTP
NetBIOS_DS : NetBIOS datagram service
NetflowHeader : Netflow Header
NetflowHeaderV1 : Netflow Header V1
NetflowRecordV1 : Netflow Record
NoPayload  : abstract packet
PPP        : PPP Link Layer
PPPoE      : PPP over Ethernet
PPPoED     : PPP over Ethernet Discovery
Packet     : abstract packet
Padding    : Padding
PrismHeader : Prism header
RIP        : RIP header
RIPEntry   : RIP entry
Radius     : Radius
Raw        : Raw
SMBMailSlot : SMB Mail Slot Protocol
SMBNegociate_Protocol_Request_Header : SMBNegociate Protocol Request Header
SMBNegociate_Protocol_Request_Tail : SMB Negociate Protocol Request Tail
SMBNegociate_Protocol_Response_Advanced_Security : SMBNegociate Protocol Response Advanced Security
SMBNegociate_Protocol_Response_No_Security : SMBNegociate Protocol Response No Security
SMBNegociate_Protocol_Response_No_Security_No_Key : abstract packet
SMBNetlogon_Protocol_Response_Header : SMBNetlogon Protocol Response Header
SMBNetlogon_Protocol_Response_Tail_LM20 : SMB Netlogon Protocol Response Tail LM20
SMBNetlogon_Protocol_Response_Tail_SAM : SMB Netlogon Protocol Response Tail SAM
SMBSession_Setup_AndX_Request : Session Setup AndX Request
SMBSession_Setup_AndX_Response : Session Setup AndX Response
SNAP       : SNAP
STP        : Spanning Tree Protocol
SebekHead  : Sebek header
SebekV1    : Sebek v1
SebekV2    : Sebek v3
SebekV2Sock : Sebek v2 socket
SebekV3    : Sebek v3
SebekV3Sock : Sebek v2 socket
Skinny     : Skinny
TCP        : TCP
TCPerror   : TCP in ICMP
UDP        : UDP
UDPerror   : UDP in ICMP
_IPv6OptionHeader : IPv6 not implemented here.

+002+ -002- B614219C List commands

>>> lsc()
sr               : Send and receive packets at layer 3
sr1              : Send packets at layer 3 and return only the first answer
srp              : Send and receive packets at layer 2
srp1             : Send and receive packets at layer 2 and return only the first answer
srloop           : Send a packet at layer 3 in loop and print the answer each time
srploop          : Send a packet at layer 2 in loop and print the answer each time
sniff            : Sniff packets
p0f              : Passive OS fingerprinting: which OS emitted this TCP SYN ?
arpcachepoison   : Poison target's cache with (your MAC,victim's IP) couple
send             : Send packets at layer 3
sendp            : Send packets at layer 2
traceroute       : Instant TCP traceroute
arping           : Send ARP who-has requests to determine which hosts are up
ls               : List  available layers, or infos on a given layer
lsc              : List user commands
queso            : Queso OS fingerprinting
nmap_fp          : nmap fingerprinting
report_ports     : portscan a target and output a LaTeX table
dyndns_add       : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del       : Send a DNS delete message to a nameserver for "name"
is_promisc       : Try to guess if target is in Promisc mode. The target is provided by its ip.

+003+ -003- 17F96DD3 Configuration
```
>>> conf.debug_dissect=1
```

055BA27D Basic tests

Those test are here mainly to check nothing has been broken and to catch Exceptions

+004+ -004- 80FE5B0D Fake wrong test

>>> a = 3
>>> assert(a == 3)
>>> a+1 == 3
False

+005+ -005- 2306670D Building some packets packet

>>> IP()/TCP()
<IP  frag=0 proto=TCP |<TCP  |>>
>>> Ether()/IP()/UDP()/NTP()
<Ether  type=IPv4 |<IP  frag=0 proto=UDP |<UDP  sport=ntp dport=ntp |<NTP  |>>>>
>>> Dot11()/LLC()/SNAP()/IP()/TCP()/"XXX"
<Dot11  type=Data |<LLC  dsap=0xaa ssap=0xaa ctrl=3 |<SNAP  code=IPv4 |<IP  frag=0 proto=TCP |<TCP  |<Raw  load='XXX' |>>>>>>
>>> IP(ttl=25)/TCP(sport=12, dport=42)
<IP  frag=0 ttl=25 proto=TCP |<TCP  sport=12 dport=nameserver |>>

+006+ -006- 1E674999 Manipulating some packets

>>> a=IP(ttl=4)/TCP()
>>> a.ttl
4
>>> a.ttl=10
>>> del(a.ttl)
>>> a.ttl
64
>>> TCP in a
True
>>> a[TCP]
<TCP  |>
>>> a[TCP].dport=[80,443]
>>> a
<IP  frag=0 proto=TCP |<TCP  dport=['www', 'https'] |>>
>>> a=3

+007+ -007- A572EE61 Checking overloads

>>> a=Ether()/IP()/TCP()
>>> a.proto
6
>>> _ == 6
True

+008+ -008- 63973A6A sprintf() function

>>> a=Ether()/IP()/IP(ttl=4)/UDP()/NTP()
>>> a.sprintf("%type% %IP.ttl% %#05xr,UDP.sport% %IP:2.ttl%")
'IPv4 64 0x07b 4'
>>> _ in [ '0x800 64 0x07b 4', 'IPv4 64 0x07b 4']
True

+009+ -009- DCD84ABB sprintf() function
This test is on the conditionnal substring feature of sprintf()

>>> a=Dot11()/LLC()/SNAP()/IP()/TCP()
>>> a.sprintf("{IP:{TCP:flags=%TCP.flags%}{UDP:port=%UDP.ports%} %IP.src%}")
'flags=S 127.0.0.1'
>>> _ == 'flags=S 127.0.0.1'
True

+010+ -010- 111C8A3A haslayer function

>>> x=IP(id=1)/ISAKMP_payload_SA(prop=ISAKMP_payload_SA(prop=IP()/ICMP()))/TCP()
>>> TCP in x, ICMP in x, IP in x, UDP in x
(True, True, True, False)
>>> _ == (True,True,True,False)
True

+011+ -011- 47614F5A getlayer function

>>> x=IP(id=1)/ISAKMP_payload_SA(prop=IP(id=2)/UDP(dport=1))/IP(id=3)/UDP(dport=2)
>>> x[IP]
<IP  id=1 |<ISAKMP_payload_SA  prop=<IP  id=2 frag=0 proto=UDP |<UDP  dport=1 |>> |<IP  id=3 frag=0 proto=UDP |<UDP  dport=2 |>>>>
>>> x[IP:2]
<IP  id=2 frag=0 proto=UDP |<UDP  dport=1 |>>
>>> x[IP:3]
<IP  id=3 frag=0 proto=UDP |<UDP  dport=2 |>>
>>> x[IP:4]
>>> x[UDP]
<UDP  dport=1 |>
>>> x[UDP:1]
<UDP  dport=1 |>
>>> x[UDP:2]
<UDP  dport=2 |>
>>> x[IP].id == 1 and x[IP:2].id == 2 and x[IP:3].id == 3 and \
...  x[UDP].dport == 1 and x[UDP:2].dport == 2 and x[UDP:3] is None
True

+012+ -012- 6D1CC6B7 equality

>>> w=Ether()/IP()/UDP(dport=53)
>>> x=Ether()/IP(dst="127.0.0.1")/UDP()
>>> y=Ether()/IP()/UDP(dport=4)
>>> z=Ether()/IP()/UDP()/NTP()
>>> t=Ether()/IP()/TCP()
>>> x==y, x==z, x==t, y==z, y==t, z==t, w==x
(False, False, False, False, False, False, True)
>>> _ == (False, False, False, False, False, False, True)
True

0C5C43D2 Tests on FieldLenField

+013+ -013- 5D24A719 Creation of a layer with FieldLenField

>>> class TestFLenF(Packet):
...     name = "test"
...     fields_desc = [ FieldLenField("len", None, "str", "B"),
...                     StrLenField("str", "default", "len", shift=1) ]
...

+014+ -014- 201D5022 Assembly of an empty packet

>>> TestFLenF()
<TestFLenF  |>
>>> str(_)
'\x08default'
>>> _ == "\x08default"
True

+015+ -015- 174DF639 Assembly of non empty packet

>>> TestFLenF(str="123")
<TestFLenF  str='123' |>
>>> str(_)
'\x04123'
>>> _ == "\x04123"
True

+016+ -016- 5CB93CC7 Disassembly

>>> TestFLenF("\x04ABCDEFGHIJKL")
<TestFLenF  len=4 str='ABC' |<Raw  load='DEFGHIJKL' |>>
>>> _
<TestFLenF  len=4 str='ABC' |<Raw  load='DEFGHIJKL' |>>
>>> _.len == 4 and _.str == "ABC" and Raw in _
True

FF3F455D Tests on FieldListField

+017+ -017- F2BF1D32 Creation of a layer

>>> class TestFLF(Packet):
...     name="test"
...     fields_desc = [ FieldLenField("len", None, "lst", "B"),
...                     FieldListField("lst", None, IntField("elt",0), "len")
...                    ]
...

+018+ -018- EF5DAC0E Assembly of an empty packet
```
>>> a = TestFLF()
>>> str(a)
'\x00'
```

+019+ -019- 92FBE492 Assembly of a non-empty packet

>>> a = TestFLF()
>>> a.lst = [7,65539]
>>> ls(a)
len        : FieldLenField        = None            (None)
lst        : FieldListField       = [7, 65539]      (None)
>>> str(a)
'\x02\x00\x00\x00\x07\x00\x01\x00\x03'
>>> _ == struct.pack("!BII", 2,7,65539)
True

+020+ -020- 60BD0B6E Disassemble

>>> TestFLF("\x00\x11\x12")
<TestFLF  len=0 lst=[] |<Raw  load='\x11\x12' |>>
>>> assert(_.len == 0 and Raw in _ and _[Raw].load == "\x11\x12")
>>> TestFLF(struct.pack("!BIII",3,1234,2345,12345678))
<TestFLF  len=3 lst=[1234L, 2345L, 12345678L] |>
>>> assert(_.len == 3 and _.lst == [1234,2345,12345678])

+021+ -021- 91BCBCC8 Manipulate

>>> a = TestFLF(lst=[4])
>>> str(a)
'\x01\x00\x00\x00\x04'
>>> assert(_ == "\x01\x00\x00\x00\x04")
>>> a.lst.append(1234)
>>> TestFLF(str(a))
<TestFLF  len=2 lst=[4L, 1234L] |>
>>> a.show2()
###[ test ]###
  len= 2
  lst= [4L, 1234L]
>>> a.len=7
>>> str(a)
'\x07\x00\x00\x00\x04\x00\x00\x04\xd2'
>>> assert(_ == "\x07\x00\x00\x00\x04\x00\x00\x04\xd2")
>>> a.len=2
>>> a.lst=[1,2,3,4,5]
>>> TestFLF(str(a))
<TestFLF  len=2 lst=[1L, 2L] |<Raw  load='\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x05' |>>
>>> assert(Raw in _ and _[Raw].load == '\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x05')

960D1C03 PacketListField tests

+022+ -022- D82F28CC Create a layer

>>> class TestPLF(Packet):
...     name="test"
...     fields_desc=[ FieldLenField("len", None, "plist"),
...                   PacketListField("plist", [], IP, "len",) ]
...

+023+ -023- 33099673 Test the PacketListField assembly

>>> x=TestPLF()
>>> str(x)
'\x00\x00'
>>> _ == "\x00\x00"
True

+024+ -024- A39DF413 Test the PacketListField assembly 2

>>> x=TestPLF()
>>> x.plist=[IP()/TCP(), IP()/UDP()]
>>> str(x)
'\x00\x02E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r'
>>> _.startswith('\x00\x02E')
True

+025+ -025- 7ACA7707 Test disassembly

>>> x=TestPLF(plist=[IP()/TCP(seq=1234567), IP()/UDP()])
>>> TestPLF(str(x))
<TestPLF  len=2 plist=[<IP  version=4L ihl=5L tos=0x0 len=40 id=1 flags= frag=0L ttl=64 proto=TCP chksum=0x7ccd src=127.0.0.1 dst=127.0.0.1 options='' |<TCP  sport=ftp-data dport=www seq=1234567L ack=0L dataofs=5L reserved=0L flags=S window=8192 chksum=0xbae2 urgptr=0 |>>, <IP  version=4L ihl=5L tos=0x0 len=28 id=1 flags= frag=0L ttl=64 proto=UDP chksum=0x7cce src=127.0.0.1 dst=127.0.0.1 options='' |<UDP  sport=domain dport=domain len=8 chksum=0x172 |>>] |>
>>> _.show()
###[ test ]###
  len= 2
  \plist\
   |###[ IP ]###
   |  version= 4L
   |  ihl= 5L
   |  tos= 0x0
   |  len= 40
   |  id= 1
   |  flags= 
   |  frag= 0L
   |  ttl= 64
   |  proto= TCP
   |  chksum= 0x7ccd
   |  src= 127.0.0.1
   |  dst= 127.0.0.1
   |  options= ''
   |###[ TCP ]###
   |     sport= ftp-data
   |     dport= www
   |     seq= 1234567L
   |     ack= 0L
   |     dataofs= 5L
   |     reserved= 0L
   |     flags= S
   |     window= 8192
   |     chksum= 0xbae2
   |     urgptr= 0
   |     options= {}
   |###[ IP ]###
   |  version= 4L
   |  ihl= 5L
   |  tos= 0x0
   |  len= 28
   |  id= 1
   |  flags= 
   |  frag= 0L
   |  ttl= 64
   |  proto= UDP
   |  chksum= 0x7cce
   |  src= 127.0.0.1
   |  dst= 127.0.0.1
   |  options= ''
   |###[ UDP ]###
   |     sport= domain
   |     dport= domain
   |     len= 8
   |     chksum= 0x172
>>> IP in _ and TCP in _ and UDP in _ and _[TCP].seq == 1234567
True

+026+ -026- E2DAAA2E Nested PacketListField

>>> y=IP()/TCP(seq=111111)/TestPLF(plist=[IP()/TCP(seq=222222),IP()/UDP()])
>>> TestPLF(plist=[y,IP()/TCP(seq=333333)])
<TestPLF  plist=[<IP  frag=0 proto=TCP |<TCP  seq=111111 |<TestPLF  plist=[<IP  frag=0 proto=TCP |<TCP  seq=222222 |>>, <IP  frag=0 proto=UDP |<UDP  |>>] |>>>, <IP  frag=0 proto=TCP |<TCP  seq=333333 |>>] |>
>>> _.show()
###[ test ]###
  len= 0
  \plist\
   |###[ IP ]###
   |  version= 4
   |  ihl= 0
   |  tos= 0x0
   |  len= 0
   |  id= 1
   |  flags= 
   |  frag= 0
   |  ttl= 64
   |  proto= TCP
   |  chksum= 0x0
   |  src= 127.0.0.1
   |  dst= 127.0.0.1
   |  options= ''
   |###[ TCP ]###
   |     sport= ftp-data
   |     dport= www
   |     seq= 111111
   |     ack= 0
   |     dataofs= 0
   |     reserved= 0
   |     flags= S
   |     window= 8192
   |     chksum= 0x0
   |     urgptr= 0
   |     options= {}
   |###[ test ]###
   |        len= 0
   |        \plist\
   |         |###[ IP ]###
   |         |  version= 4
   |         |  ihl= 0
   |         |  tos= 0x0
   |         |  len= 0
   |         |  id= 1
   |         |  flags= 
   |         |  frag= 0
   |         |  ttl= 64
   |         |  proto= TCP
   |         |  chksum= 0x0
   |         |  src= 127.0.0.1
   |         |  dst= 127.0.0.1
   |         |  options= ''
   |         |###[ TCP ]###
   |         |     sport= ftp-data
   |         |     dport= www
   |         |     seq= 222222
   |         |     ack= 0
   |         |     dataofs= 0
   |         |     reserved= 0
   |         |     flags= S
   |         |     window= 8192
   |         |     chksum= 0x0
   |         |     urgptr= 0
   |         |     options= {}
   |         |###[ IP ]###
   |         |  version= 4
   |         |  ihl= 0
   |         |  tos= 0x0
   |         |  len= 0
   |         |  id= 1
   |         |  flags= 
   |         |  frag= 0
   |         |  ttl= 64
   |         |  proto= UDP
   |         |  chksum= 0x0
   |         |  src= 127.0.0.1
   |         |  dst= 127.0.0.1
   |         |  options= ''
   |         |###[ UDP ]###
   |         |     sport= domain
   |         |     dport= domain
   |         |     len= 0
   |         |     chksum= 0x0
   |###[ IP ]###
   |  version= 4
   |  ihl= 0
   |  tos= 0x0
   |  len= 0
   |  id= 1
   |  flags= 
   |  frag= 0
   |  ttl= 64
   |  proto= TCP
   |  chksum= 0x0
   |  src= 127.0.0.1
   |  dst= 127.0.0.1
   |  options= ''
   |###[ TCP ]###
   |     sport= ftp-data
   |     dport= www
   |     seq= 333333
   |     ack= 0
   |     dataofs= 0
   |     reserved= 0
   |     flags= S
   |     window= 8192
   |     chksum= 0x0
   |     urgptr= 0
   |     options= {}
>>> IP in _ and TCP in _ and UDP in _ and _[TCP].seq == 111111 and _[TCP:2].seq==222222 and _[TCP:3].seq == 333333
True

3A75FD22 ISAKMP transforms test

+027+ -027- 545C3B6B ISAKMP creation

>>> p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)])))
>>> p.show()
###[ IP ]###
  version= 4
  ihl= 0
  tos= 0x0
  len= 0
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= UDP
  chksum= 0x0
  src= 192.168.8.14
  dst= 10.0.0.1
  options= ''
###[ UDP ]###
     sport= isakmp
     dport= isakmp
     len= 0
     chksum= 0x0
###[ ISAKMP ]###
        init_cookie= ''
        resp_cookie= ''
        next_payload= SA
        version= 0x10
        exch_type= None
        flags= 0
        id= 0
        length= 0
###[ ISAKMP SA ]###
           next_payload= None
           res= 0
           length= 0
           DOI= IPSEC
           situation= identity
           \prop\
            |###[ IKE proposal ]###
            |  next_payload= None
            |  res= 0
            |  length= 0
            |  proposal= 1
            |  proto= ISAKMP
            |  SPIsize= 0
            |  trans_nb= 0
            |  SPI= ''
            |  \trans\
            |   |###[ IKE Transform ]###
            |   |  next_payload= Transform
            |   |  res= 0
            |   |  length= 0
            |   |  num= 0
            |   |  id= KEY_IKE
            |   |  res2= 0
            |   |  transforms= [('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)]
            |   |###[ IKE Transform ]###
            |   |     next_payload= None
            |   |     res= 0
            |   |     length= 0
            |   |     num= 0
            |   |     id= KEY_IKE
            |   |     res2= 12345
            |   |     transforms= [('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)]
>>> p
<IP  frag=0 proto=UDP src=192.168.8.14 dst=10.0.0.1 |<UDP  sport=isakmp dport=isakmp |<ISAKMP  next_payload=SA |<ISAKMP_payload_SA  prop=<ISAKMP_payload_Proposal  trans=<ISAKMP_payload_Transform  next_payload=Transform transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)] |<ISAKMP_payload_Transform  res2=12345 transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)] |>> |> |>>>>

+028+ -028- EFF2F68C ISAKMP manipulation

>>> p[ISAKMP_payload_Transform:2]
<ISAKMP_payload_Transform  res2=12345 transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)] |>
>>> _.res2 == 12345
True

+029+ -029- 98051DEF ISAKMP assembly

>>> hexdump(p)
0000   45 00 00 96 00 01 00 00  40 11 A7 9F C0 A8 08 0E   E.......@.......
0010   0A 00 00 01 01 F4 01 F4  00 82 BF 1E 00 00 00 00   ................
0020   00 00 00 00 00 00 00 00  00 00 00 00 01 10 00 00   ................
0030   00 00 00 00 00 00 00 7A  00 00 00 5E 00 00 00 01   .......z...^....
0040   00 00 00 01 00 00 00 52  01 01 00 00 03 00 00 27   .......R.......'
0050   00 01 00 00 80 01 00 07  80 02 00 01 80 03 00 01   ................
0060   80 04 00 05 80 0E 01 00  80 0B 00 01 00 0C 00 03   ................
0070   01 51 80 00 00 00 23 00  01 30 39 80 01 00 05 80   .Q....#..09.....
0080   02 00 02 80 03 00 01 80  04 00 02 80 0B 00 01 00   ................
0090   0C 00 03 01 51 80                                  ....Q.
>>> str(p) == "E\x00\x00\x96\x00\x01\x00\x00@\x11\xa7\x9f\xc0\xa8\x08\x0e\n\x00\x00\x01\x01\xf4\x01\xf4\x00\x82\xbf\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00^\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00R\x01\x01\x00\x00\x03\x00\x00'\x00\x01\x00\x00\x80\x01\x00\x07\x80\x02\x00\x01\x80\x03\x00\x01\x80\x04\x00\x05\x80\x0e\x01\x00\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80\x00\x00\x00#\x00\x0109\x80\x01\x00\x05\x80\x02\x00\x02\x80\x03\x00\x01\x80\x04\x00\x02\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80"
True

+030+ -030- A0CD4650 ISAKMP disassembly

>>> q=IP(str(p))
>>> q.show()
###[ IP ]###
  version= 4L
  ihl= 5L
  tos= 0x0
  len= 150
  id= 1
  flags= 
  frag= 0L
  ttl= 64
  proto= UDP
  chksum= 0xa79f
  src= 192.168.8.14
  dst= 10.0.0.1
  options= ''
###[ UDP ]###
     sport= isakmp
     dport= isakmp
     len= 130
     chksum= 0xbf1e
###[ ISAKMP ]###
        init_cookie= '\x00\x00\x00\x00\x00\x00\x00\x00'
        resp_cookie= '\x00\x00\x00\x00\x00\x00\x00\x00'
        next_payload= SA
        version= 0x10
        exch_type= None
        flags= 0
        id= 0L
        length= 122L
###[ ISAKMP SA ]###
           next_payload= None
           res= 0
           length= 94
           DOI= IPSEC
           situation= identity
           \prop\
            |###[ IKE proposal ]###
            |  next_payload= None
            |  res= 0
            |  length= 82
            |  proposal= 1
            |  proto= ISAKMP
            |  SPIsize= 0
            |  trans_nb= 0
            |  SPI= ''
            |  \trans\
            |   |###[ IKE Transform ]###
            |   |  next_payload= Transform
            |   |  res= 0
            |   |  length= 39
            |   |  num= 0
            |   |  id= KEY_IKE
            |   |  res2= 0
            |   |  transforms= [('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)]
            |   |###[ IKE Transform ]###
            |   |     next_payload= None
            |   |     res= 0
            |   |     length= 35
            |   |     num= 0
            |   |     id= KEY_IKE
            |   |     res2= 12345
            |   |     transforms= [('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)]
>>> q[ISAKMP_payload_Transform:2]
<ISAKMP_payload_Transform  next_payload=None res=0 length=35 num=0 id=KEY_IKE res2=12345 transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400L)] |>
>>> _.res2 == 12345
True

41970CD0 Dot11 tests

+031+ -031- 19D713FC WEP tests

>>> conf.wepkey = "ABCDEFGH"
>>> str(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678))
'\x00\x00\x00\x00\x1e\xafK5G\x94\xd4m\x81\xdav\xd4,c\xf1\xfe{\xfc\xba\xd6;T\x93\xd0\t\xdb\xfc\xa5\xb9\x85\xce\x05b\x1cC\x10\xd7p\xde22&\xf0\xbcUS\x99\x83Z\\D\xa6'
>>> assert(_ == '\x00\x00\x00\x00\x1e\xafK5G\x94\xd4m\x81\xdav\xd4,c\xf1\xfe{\xfc\xba\xd6;T\x93\xd0\t\xdb\xfc\xa5\xb9\x85\xce\x05b\x1cC\x10\xd7p\xde22&\xf0\xbcUS\x99\x83Z\\D\xa6')
>>> Dot11WEP(_)
<Dot11WEP  iv='\x00\x00\x00' keyid=0 wepdata='\x1e\xafK5G\x94\xd4m\x81\xdav\xd4,c\xf1\xfe{\xfc\xba\xd6;T\x93\xd0\t\xdb\xfc\xa5\xb9\x85\xce\x05b\x1cC\x10\xd7p\xde22&\xf0\xbcUS\x99\x83' icv=1515996326L |<LLC  dsap=0xaa ssap=0xaa ctrl=3 |<SNAP  OUI=0x0L code=IPv4 |<IP  version=4L ihl=5L tos=0x0 len=40 id=1 flags= frag=0L ttl=64 proto=TCP chksum=0x7ccd src=127.0.0.1 dst=127.0.0.1 options='' |<TCP  sport=ftp-data dport=www seq=12345678L ack=0L dataofs=5L reserved=0L flags=S window=8192 chksum=0x2f72 urgptr=0 |>>>>>
>>> assert(TCP in _ and _[TCP].seq == 12345678)

2040945A Network tests

Those tests need network access

+032+ -032- 0CF1FB69 Sending and receiving an ICMP

>>> x=sr1(IP(dst="www.apple.com")/ICMP(),timeout=3)
>>> x
<IP  version=4L ihl=5L tos=0x0 len=28 id=1 flags= frag=0L ttl=237 proto=ICMP chksum=0xf2d0 src=17.254.0.91 dst=192.168.8.14 options='' |<ICMP  type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0 |<Padding  load='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xdb\xb2\x9a' |>>>
>>> x is not None and ICMP in x and x[ICMP].type == 0
True

+033+ -033- B6AA1633 DNS request
A possible cause of failure could be that the open DNS (147.210.18.138) is not reachable or down.

>>> dns_ans = sr1(IP(dst="147.210.18.138")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.slashdot.com")))
>>> dns_ans
<IP  version=4L ihl=5L tos=0x0 len=278 id=5187 flags=DF frag=0L ttl=241 proto=UDP chksum=0x581 src=147.210.18.138 dst=192.168.8.14 options='' |<UDP  sport=domain dport=domain len=258 chksum=0x3dcc |<DNS  id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=ok qdcount=1 ancount=2 nscount=5 arcount=5 qd=<DNSQR  qname='www.slashdot.com.' qtype=A qclass=IN |> an=<DNSRR  rrname='www.slashdot.com.' type=CNAME rclass=IN ttl=6313L rdata='slashdot.com.' |<DNSRR  rrname='slashdot.com.' type=A rclass=IN ttl=6313L rdata='66.35.250.150' |>> ns=<DNSRR  rrname='slashdot.com.' type=NS rclass=IN ttl=6313L rdata='ns1.vasoftware.com.' |<DNSRR  rrname='slashdot.com.' type=NS rclass=IN ttl=6313L rdata='ns2.ostg.com.' |<DNSRR  rrname='slashdot.com.' type=NS rclass=IN ttl=6313L rdata='ns2.vasoftware.com.' |<DNSRR  rrname='slashdot.com.' type=NS rclass=IN ttl=6313L rdata='ns3.vasoftware.com.' |<DNSRR  rrname='slashdot.com.' type=NS rclass=IN ttl=6313L rdata='ns1.ostg.com.' |>>>>> ar=<DNSRR  rrname='ns1.ostg.com.' type=A rclass=IN ttl=75002L rdata='66.35.250.10' |<DNSRR  rrname='ns1.vasoftware.com.' type=A rclass=IN ttl=154153L rdata='12.152.184.135' |<DNSRR  rrname='ns2.ostg.com.' type=A rclass=IN ttl=75001L rdata='66.35.250.11' |<DNSRR  rrname='ns2.vasoftware.com.' type=A rclass=IN ttl=154153L rdata='12.152.184.136' |<DNSRR  rrname='ns3.vasoftware.com.' type=A rclass=IN ttl=154153L rdata='66.35.250.12' |>>>>> |>>>

00BE9933 More complex tests

+034+ -034- 68FE0D72 Implicit logic

>>> a=IP(ttl=(5,10))/TCP(dport=[80,443])
>>> [p for p in a]
[<IP  frag=0 ttl=5 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=5 proto=TCP |<TCP  dport=https |>>, <IP  frag=0 ttl=6 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=6 proto=TCP |<TCP  dport=https |>>, <IP  frag=0 ttl=7 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=7 proto=TCP |<TCP  dport=https |>>, <IP  frag=0 ttl=8 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=8 proto=TCP |<TCP  dport=https |>>, <IP  frag=0 ttl=9 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=9 proto=TCP |<TCP  dport=https |>>, <IP  frag=0 ttl=10 proto=TCP |<TCP  dport=www |>>, <IP  frag=0 ttl=10 proto=TCP |<TCP  dport=https |>>]
>>> len(_) == 12
True

D67C3A14 Real usages

+035+ -035- 87D8199C Port scan

>>> ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]),timeout=2)
>>> ans.make_table(lambda (s,r): (s.dst, s.dport, r.sprintf("{TCP:%TCP.flags%}{ICMP:%ICMP.code%}")))
    66.249.93.104 66.249.93.107 
80  SA            SA            
443 SA            SA

+036+ -036- 97755875 Traceroute function
Let's test traceroute

>>> traceroute("www.slashdot.org")
   66.35.250.151:tcp80 
1  192.168.8.1     11  
2  80.122.44.36    11  
6  80.122.73.17    11  
7  216.6.87.25     11  
8  216.6.63.41     11  
9  216.6.63.46     11  
10 209.58.27.46    11  
11 204.70.193.5    11  
12 206.24.238.97   11  
13 204.70.192.53   11  
14 204.70.192.82   11  
15 204.70.192.86   11  
16 204.70.192.117  11  
17 204.70.192.90   11  
18 208.172.156.198 11  
19 66.35.194.50    11  
20 66.35.212.174   11  
21 66.35.250.151   SA  
22 66.35.250.151   SA  
23 66.35.250.151   SA  
24 66.35.250.151   SA  
25 66.35.250.151   SA  
26 66.35.250.151   SA  
27 66.35.250.151   SA  
28 66.35.250.151   SA  
29 66.35.250.151   SA  
30 66.35.250.151   SA  
(<Traceroute: UDP:0 TCP:10 ICMP:17 Other:0>, <Unanswered: UDP:0 TCP:3 ICMP:0 Other:0>)
>>> ans,unans=_

+037+ -037- 4A3C3B08 Result manipulation

>>> ans.nsummary()
0000 IP / TCP 192.168.8.14:53516 > 66.35.250.151:www S ==> IP / ICMP 192.168.8.1 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0001 IP / TCP 192.168.8.14:11011 > 66.35.250.151:www S ==> IP / ICMP 80.122.44.36 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0002 IP / TCP 192.168.8.14:3877 > 66.35.250.151:www S ==> IP / ICMP 80.122.73.17 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0003 IP / TCP 192.168.8.14:64403 > 66.35.250.151:www S ==> IP / ICMP 216.6.87.25 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0004 IP / TCP 192.168.8.14:27857 > 66.35.250.151:www S ==> IP / ICMP 216.6.63.41 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0005 IP / TCP 192.168.8.14:25622 > 66.35.250.151:www S ==> IP / ICMP 216.6.63.46 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0006 IP / TCP 192.168.8.14:45393 > 66.35.250.151:www S ==> IP / ICMP 209.58.27.46 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0007 IP / TCP 192.168.8.14:27480 > 66.35.250.151:www S ==> IP / ICMP 204.70.193.5 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0008 IP / TCP 192.168.8.14:3675 > 66.35.250.151:www S ==> IP / ICMP 206.24.238.97 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0009 IP / TCP 192.168.8.14:14943 > 66.35.250.151:www S ==> IP / ICMP 204.70.192.53 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0010 IP / TCP 192.168.8.14:8813 > 66.35.250.151:www S ==> IP / ICMP 204.70.192.82 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0011 IP / TCP 192.168.8.14:34596 > 66.35.250.151:www S ==> IP / ICMP 204.70.192.86 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0012 IP / TCP 192.168.8.14:17675 > 66.35.250.151:www S ==> IP / ICMP 204.70.192.117 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror / Padding
0013 IP / TCP 192.168.8.14:43755 > 66.35.250.151:www S ==> IP / ICMP 204.70.192.90 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0014 IP / TCP 192.168.8.14:29037 > 66.35.250.151:www S ==> IP / ICMP 208.172.156.198 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0015 IP / TCP 192.168.8.14:7285 > 66.35.250.151:www S ==> IP / ICMP 66.35.194.50 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0016 IP / TCP 192.168.8.14:5331 > 66.35.250.151:www S ==> IP / ICMP 66.35.212.174 > 192.168.8.14 time-exceeded 0 / IPerror / TCPerror
0017 IP / TCP 192.168.8.14:50966 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:50966 SA / Padding
0018 IP / TCP 192.168.8.14:63483 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:63483 SA / Padding
0019 IP / TCP 192.168.8.14:16772 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:16772 SA / Padding
0020 IP / TCP 192.168.8.14:12829 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:12829 SA / Padding
0021 IP / TCP 192.168.8.14:16994 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:16994 SA / Padding
0022 IP / TCP 192.168.8.14:1386 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:1386 SA / Padding
0023 IP / TCP 192.168.8.14:3702 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:3702 SA / Padding
0024 IP / TCP 192.168.8.14:37558 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:37558 SA / Padding
0025 IP / TCP 192.168.8.14:48847 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:48847 SA / Padding
0026 IP / TCP 192.168.8.14:59068 > 66.35.250.151:www S ==> IP / TCP 66.35.250.151:www > 192.168.8.14:59068 SA / Padding
>>> s,r=ans[0]
>>> s.show()
###[ IP ]###
  version= 4
  ihl= 0
  tos= 0x0
  len= 0
  id= 46900
  flags= 
  frag= 0
  ttl= 1
  proto= TCP
  chksum= 0x0
  src= 192.168.8.14
  dst= 66.35.250.151
  options= ''
###[ TCP ]###
     sport= 53516
     dport= www
     seq= 1532424647
     ack= 0
     dataofs= 0
     reserved= 0
     flags= S
     window= 8192
     chksum= 0x0
     urgptr= 0
     options= {}
>>> s.show(2)
###[ IP ]###
  version= 4
  ihl= 0
  tos= 0x0
  len= 0
  id= 46900
  flags= 
  frag= 0
  ttl= 1
  proto= TCP
  chksum= 0x0
  src= 192.168.8.14
  dst= 66.35.250.151
  options= ''
###[ TCP ]###
    sport= 53516
    dport= www
    seq= 1532424647
    ack= 0
    dataofs= 0
    reserved= 0
    flags= S
    window= 8192
    chksum= 0x0
    urgptr= 0
    options= {}

+038+ -038- 658B8F34 DNS packet manipulation
We have to recalculate IP and UDP length because DNS is not able to reassemble correctly

>>> dns_ans.show()
###[ IP ]###
  version= 4L
  ihl= 5L
  tos= 0x0
  len= 278
  id= 5187
  flags= DF
  frag= 0L
  ttl= 241
  proto= UDP
  chksum= 0x581
  src= 147.210.18.138
  dst= 192.168.8.14
  options= ''
###[ UDP ]###
     sport= domain
     dport= domain
     len= 258
     chksum= 0x3dcc
###[ DNS ]###
        id= 0
        qr= 1L
        opcode= QUERY
        aa= 0L
        tc= 0L
        rd= 1L
        ra= 1L
        z= 0L
        rcode= ok
        qdcount= 1
        ancount= 2
        nscount= 5
        arcount= 5
        \qd\
         |###[ DNS Question Record ]###
         |  qname= 'www.slashdot.com.'
         |  qtype= A
         |  qclass= IN
        \an\
         |###[ DNS Resource Record ]###
         |  rrname= 'www.slashdot.com.'
         |  type= CNAME
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'slashdot.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 4
         |  rdata= '66.35.250.150'
        \ns\
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns1.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'ns2.ostg.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns2.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns3.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'ns1.ostg.com.'
        \ar\
         |###[ DNS Resource Record ]###
         |  rrname= 'ns1.ostg.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 75002L
         |  rdlen= 4
         |  rdata= '66.35.250.10'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns1.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '12.152.184.135'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns2.ostg.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 75001L
         |  rdlen= 4
         |  rdata= '66.35.250.11'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns2.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '12.152.184.136'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns3.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '66.35.250.12'
>>> del(dns_ans[IP].len)
>>> del(dns_ans[UDP].len)
>>> dns_ans.show2()
###[ IP ]###
  version= 4L
  ihl= 5L
  tos= 0x0
  len= 498
  id= 5187
  flags= DF
  frag= 0L
  ttl= 241
  proto= UDP
  chksum= 0x581
  src= 147.210.18.138
  dst= 192.168.8.14
  options= ''
###[ UDP ]###
     sport= domain
     dport= domain
     len= 478
     chksum= 0x3dcc
###[ DNS ]###
        id= 0
        qr= 1L
        opcode= QUERY
        aa= 0L
        tc= 0L
        rd= 1L
        ra= 1L
        z= 0L
        rcode= ok
        qdcount= 1
        ancount= 2
        nscount= 5
        arcount= 5
        \qd\
         |###[ DNS Question Record ]###
         |  qname= 'www.slashdot.com.'
         |  qtype= A
         |  qclass= IN
        \an\
         |###[ DNS Resource Record ]###
         |  rrname= 'www.slashdot.com.'
         |  type= CNAME
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'slashdot.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 4
         |  rdata= '66.35.250.150'
        \ns\
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns1.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'ns2.ostg.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns2.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 20
         |  rdata= 'ns3.vasoftware.com.'
         |###[ DNS Resource Record ]###
         |  rrname= 'slashdot.com.'
         |  type= NS
         |  rclass= IN
         |  ttl= 6313L
         |  rdlen= 14
         |  rdata= 'ns1.ostg.com.'
        \ar\
         |###[ DNS Resource Record ]###
         |  rrname= 'ns1.ostg.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 75002L
         |  rdlen= 4
         |  rdata= '66.35.250.10'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns1.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '12.152.184.135'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns2.ostg.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 75001L
         |  rdlen= 4
         |  rdata= '66.35.250.11'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns2.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '12.152.184.136'
         |###[ DNS Resource Record ]###
         |  rrname= 'ns3.vasoftware.com.'
         |  type= A
         |  rclass= IN
         |  ttl= 154153L
         |  rdlen= 4
         |  rdata= '66.35.250.12'
>>> dns_ans[DNS].an.show()
###[ DNS Resource Record ]###
  rrname= 'www.slashdot.com.'
  type= CNAME
  rclass= IN
  ttl= 6313L
  rdlen= 14
  rdata= 'slashdot.com.'
###[ DNS Resource Record ]###
  rrname= 'slashdot.com.'
  type= A
  rclass= IN
  ttl= 6313L
  rdlen= 4
  rdata= '66.35.250.150'
>>> DNS in IP(str(dns_ans))
True

+039+ -039- 70C79069 Arping
This test assumes the local network is a /24. This is bad.

>>> conf.route.route("0.0.0.0")[2]
'192.168.8.1'
>>> arping(_+"/24")
00:12:a0:1c:33:17 192.168.8.1
(<ARPing: UDP:0 TCP:0 ICMP:0 Other:1>, <Unanswered: UDP:0 TCP:0 ICMP:0 Other:255>)