Scapy requires lots of dependencies, so I have to install it. Luckily we have all of them in ports/packages and you can go for either one. For me I prefer package as it is fast instead of compiling from port.
python-2.4.1.3(/usr/ports/lang/python)
libpcap-0.9.4
libdnet-1.10 (/usr/ports/net/libdnet)
py24-pcap-0.4/0.5 (/usr/ports/net/py-pcap)
py24-pycrypto-2.0.1 (/usr/ports/security/py-pycrypto)
py24-PyX-0.8 (/usr/ports/graphics/py-PyX)
py-gnuplot-1.7 (/usr/ports/math/py-gnuplot/)
ImageMagick-6.2.2.1(/usr/ports/graphics/ImageMagick)
graphviz-2.2 (/usr/ports/graphics/graphviz)
Before you install those packages, basically you can specify which mirror site you want to fetch,
If you are using tcsh or csh,
shell>setenv PACKAGESITE \ ftp://ftp5.freebsd.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/
If you are using ksh or bash,
shell>export PACKAGESITE=\ ftp://ftp5.freebsd.org/pub/FreeBSD/releases/i386/6.0-RELEASE/packages/All/
You can actually find the mirror sites in the link below.
http://www.freebsd.org/releases/6.0R/announce.html
Installing PYTHON
shell>pkg_add -r python-2.4.1.3
Installing libpcap from source
libpcap-0.9.4(Packet Capture Library)
shell>wget http://www.tcpdump.org/release/libpcap-0.9.4.tar.gz
shell>tar xvzf libpcap-0.9.4.tar.gz
shell>cd libpcap-0.9.4
shell>./configure
shell>make && make install
Installing libdnet-1.10 from port
*Note on libdnet - You have to install this by using port to enable python wrapping.
shell>cd /usr/ports/net/libdnet
shell>make WITH_PYTHON=yes install
Installing py24-pcap
*Note on py24-pcap - If you are installing py24-pcap-0.4, use port, and if you are going for py24-pcap-0.5 which is current, you can just install the package. However you still need to follow steps below to get Scapy working.
*Note on libdnet - You have to install this by using port to enable python wrapping.
shell>cd /usr/ports/net/libdnet
shell>make WITH_PYTHON=yes install
Installing py24-pcap
*Note on py24-pcap - If you are installing py24-pcap-0.4, use port, and if you are going for py24-pcap-0.5 which is current, you can just install the package. However you still need to follow steps below to get Scapy working.
Workaround for py24-libpcap-0.4
py24-pcap-0.4 (/usr/ports/net/py-pcap)
shell>cd /usr/ports/net/py-pcap/
shell>make
shell>cd work/pylibpcap-0.4/
#Replace line 34 of pcap.py by: if 0:
shell>cd ../..
shell>make install clean
Thanks to Guillaume Valadon for this :).
Workaround for py24-libpcap-0.5
That's a change in behavior between pylibpcap 0.4 and 0.5. If pcap_next fails it used to return a 3-tuple (garbage, None, garbage); now it just returns None, which (as the TypeError points out) is not subscriptable.
That line in scapy could presumably be changed to pkt = (self.ins.next() or (None,None,None)) [1] or the loop could be changed to
while 1:
nextpkt = self.ins.next()
if nextpkt:
( pktlen, pkt, pkttime ) = nextpkt
break
Alternatively pylibpcap could be changed to return (None,None,None) in that case ... that seems like a less natural value than a plain old None, but it would also simplify the calling code a little bit in cases like this.
Just use the first option which is changing the self.ins.next()[1] to (self.ins.next() or (None,None,None)) will do. Thanks to Wim Lewis for pointing out in mailing list. Philippe has emailed and telling it will be resolved in next version -> 1.0.29.
Just use the first option which is changing the self.ins.next()[1] to (self.ins.next() or (None,None,None)) will do. Thanks to Wim Lewis for pointing out in mailing list. Philippe has emailed and telling it will be resolved in next version -> 1.0.29.
Installing Other Needed Apps
For py24-pycrypto, py24-PyX, py-gnuplot, graphiviz, ImageMagick, you can just install using packages.
shell>pkg_add -vr py24-pycrypto py24-PyX py-gnuplot ImageMagick graphviz
For PyX font mapping,
Check out /usr/local/etc/pyxrc, or you can create a file under user directory, ~/.pyxrc
Edit this line,
fontmaps = psfonts.map bsr.map
then run
shell>updmap
#updmap is a utility that creates font config for dvips,pdftex, xdvi and etc. It updates font map files for Tex output drivers, thanks ctime for the tips.
To avoid informational message "Can't Open Ethertypes Files" when you run Scapy,
Download the ethertypes file that from this url - http://pierre.droids-corp.org/scapy/ethertypes and put it into /etc directory.
Get the latest Scapy now!
shell>wget http://www.secdev.org/projects/scapy/files/scapy.py
Now you can just run Scapy by typing ./scapy.py -s new.session
Extra Note:
To import Scapy as python module
shell>cp scapy.py /usr/local/lib/python2.4/
then you can launch python
shell>python
In python shell
import scapy
from scapy import *
That's all for now, tire of writing, hopefully this is helpful for user who want to run Scapy on BSD system. Please appreciate my effort :)
I will be concentrating my writing for Sguil On OpenBSD 3.8 now, hopefully get it done before Sguil 0.6 release (:])
3 comments:
it was very useful for me, thank you man , thank you.
thanks for sharing this site. various kinds of ebooks are available in this site
http://feboook.blogspot.com
sir.i was asked to trace whether there is outside network that cross our network using freebsd.can you teach me how?
Post a Comment