Saturday, November 19, 2005

Scapy On FreeBSD 6.0

Quick Installation Guide

Scapy requires lots of dependencies, so I have to install it. Luckily we have all of them in ports/packages and you can go for either one. For me I prefer package as it is fast instead of compiling from port.

python-2.4.1.3(/usr/ports/lang/python)
libpcap-0.9.4
libdnet-1.10 (/usr/ports/net/libdnet)
py24-pcap-0.4/0.5 (/usr/ports/net/py-pcap)
py24-pycrypto-2.0.1 (/usr/ports/security/py-pycrypto)
py24-PyX-0.8 (/usr/ports/graphics/py-PyX)
py-gnuplot-1.7 (/usr/ports/math/py-gnuplot/)
ImageMagick-6.2.2.1(/usr/ports/graphics/ImageMagick)
graphviz-2.2 (/usr/ports/graphics/graphviz)

Before you install those packages, basically you can specify which mirror site you want to fetch,

If you are using tcsh or csh,

shell>setenv PACKAGESITE \ ftp://ftp5.freebsd.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/

If you are using ksh or bash,

shell>export PACKAGESITE=\ ftp://ftp5.freebsd.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/

You can actually find the mirror sites in the link below.

http://www.freebsd.org/releases/6.0R/announce.html



Installing PYTHON

shell>pkg_add -r python-2.4.1.3

Installing libpcap from source

libpcap-0.9.4(Packet Capture Library)

shell>wget http://www.tcpdump.org/release/libpcap-0.9.4.tar.gz
shell>tar xvzf libpcap-0.9.4.tar.gz
shell>cd libpcap-0.9.4
shell>./configure
shell>make && make install

Installing libdnet-1.10 from port

*Note on libdnet - You have to install this by using port to enable python wrapping.

shell>cd /usr/ports/net/libdnet
shell>make WITH_PYTHON=yes install

Installing py24-pcap

*Note on py24-pcap - If you are installing py24-pcap-0.4, use port, and if you are going for py24-pcap-0.5 which is current, you can just install the package. However you still need to follow steps below to get Scapy working.

Workaround for py24-libpcap-0.4

py24-pcap-0.4 (/usr/ports/net/py-pcap)

shell>cd /usr/ports/net/py-pcap/
shell>make
shell>cd work/pylibpcap-0.4/
#Replace line 34 of pcap.py by: if 0:
shell>cd ../..
shell>make install clean

Thanks to Guillaume Valadon for this :).

Workaround for py24-libpcap-0.5

That's a change in behavior between pylibpcap 0.4 and 0.5. If pcap_next fails it used to return a 3-tuple (garbage, None, garbage); now it just returns None, which (as the TypeError points out) is not subscriptable.

That line in scapy could presumably be changed to pkt = (self.ins.next() or (None,None,None)) [1] or the loop could be changed to

while 1:
nextpkt = self.ins.next()
if nextpkt:
( pktlen, pkt, pkttime ) = nextpkt
break

Alternatively pylibpcap could be changed to return (None,None,None) in that case ... that seems like a less natural value than a plain old None, but it would also simplify the calling code a little bit in cases like this.

Just use the first option which is changing the self.ins.next()[1] to (self.ins.next() or (None,None,None)) will do. Thanks to Wim Lewis for pointing out in mailing list. Philippe has emailed and telling it will be resolved in next version -> 1.0.29.

Installing Other Needed Apps

For py24-pycrypto, py24-PyX, py-gnuplot, graphiviz, ImageMagick, you can just install using packages.

shell>pkg_add -vr py24-pycrypto py24-PyX py-gnuplot ImageMagick graphviz

For PyX font mapping,

Check out /usr/local/etc/pyxrc, or you can create a file under user directory, ~/.pyxrc

Edit this line,

fontmaps = psfonts.map bsr.map

then run

shell>updmap

#updmap is a utility that creates font config for dvips,pdftex, xdvi and etc. It updates font map files for Tex output drivers, thanks ctime for the tips.

To avoid informational message "Can't Open Ethertypes Files" when you run Scapy,

Download the ethertypes file that from this url - http://pierre.droids-corp.org/scapy/ethertypes and put it into /etc directory.


Get the latest Scapy now!

shell>wget http://www.secdev.org/projects/scapy/files/scapy.py

Now you can just run Scapy by typing ./scapy.py -s new.session

Extra Note:

To import Scapy as python module

shell>cp scapy.py /usr/local/lib/python2.4/

then you can launch python

shell>python

In python shell

import scapy

from scapy import *

That's all for now, tire of writing, hopefully this is helpful for user who want to run Scapy on BSD system. Please appreciate my effort :)

I will be concentrating my writing for Sguil On OpenBSD 3.8 now, hopefully get it done before Sguil 0.6 release (:])

3 comments:

Anonymous said...

it was very useful for me, thank you man , thank you.

Anonymous said...

thanks for sharing this site. various kinds of ebooks are available in this site

http://feboook.blogspot.com

adah said...

sir.i was asked to trace whether there is outside network that cross our network using freebsd.can you teach me how?