How to create an IP packet with timestamp field using Scapy

0
votes

I am new with scapy. I tried creating an IP packet with options field having security set with the following scapy code.

packet = IP(dst="10.230.228.146", options=IPOption('\x81\x30'))

But every time I try running it, it throws an ICMP reply with type field set to 12, code field set to 0 and pointer field also set to 0.

<IP version=4 ihl=5 tos=0x0 len=52 id=16349 flags= frag=0 ttl=128 proto=icmp
chksum=0x7793 src=10.*.*.* dst=10.*.*.* | <ICMP type=parameter-problem
code=ip-header-bad chksum=0xf3ea ptr=0 length=0 unused=None | <IPerror
version=4 ihl=6 tos=0x0 len=24 id=1 flags= frag=0 ttl=64 proto=ip chksum=0x40b
src=10.*.*.* dst=10.*.*.* options=[<IPOption_Security copy_flag=1
optclass=debug option=security length=129 security=12288 |>] |>>>

Please help if you know how to correct this.

Thanks

I tried creating an IP packet with options field having security set with the following scapy code.

packet = IP(dst="10.230.228.146", options=IPOption('\x81\x30'))

I got this ICMP message in response.

<IP version=4 ihl=5 tos=0x0 len=52 id=16349 flags= frag=0 ttl=128 proto=icmp
chksum=0x7793 src=10.*.*.* dst=10.*.*.* |<ICMP type=parameter-problem
code=ip-header-bad chksum=0xf3ea ptr=0 length=0 unused=None |<IPerror version=4
ihl=6 tos=0x0 len=24 id=1 flags= frag=0 ttl=64 proto=ip chksum=0x40b
src=10.*.*.* dst=10.*.*.* options=[<IPOption_Security copy_flag=1
optclass=debug option=security length=129 security=12288 |>] |>>>

Please help how to correct this.

1
networkingipscapyicmp

1 Answers

0
votes

I have no idea where you came up with those options. If you want the option copied to all fragments, then you would set the high-order bit to 1. Then you have two bits for the Class, and that would be 10 for "debugging and measurement." The next five bits are for the Number, which would be 00100 for "Internet Timestamp."

After that, you have other values. It is clearly explained in RFC 791, Internet Protocol:

  Internet Timestamp

    +--------+--------+--------+--------+
    |01000100| length | pointer|oflw|flg|
    +--------+--------+--------+--------+
    |         internet address          |
    +--------+--------+--------+--------+
    |             timestamp             |
    +--------+--------+--------+--------+
    |                 .                 |
                      .
                      .
    Type = 68

    The Option Length is the number of octets in the option counting
    the type, length, pointer, and overflow/flag octets (maximum
    length 40).

    The Pointer is the number of octets from the beginning of this
    option to the end of timestamps plus one (i.e., it points to the
    octet beginning the space for next timestamp).  The smallest
    legal value is 5.  The timestamp area is full when the pointer
    is greater than the length.

    The Overflow (oflw) [4 bits] is the number of IP modules that
    cannot register timestamps due to lack of space.

    The Flag (flg) [4 bits] values are

      0 -- time stamps only, stored in consecutive 32-bit words,

      1 -- each timestamp is preceded with internet address of the
           registering entity,

      3 -- the internet address fields are prespecified.  An IP
           module only registers its timestamp if it matches its own
           address with the next specified internet address.

    The Timestamp is a right-justified, 32-bit timestamp in
    milliseconds since midnight UT.  If the time is not available in
    milliseconds or cannot be provided with respect to midnight UT
    then any time may be inserted as a timestamp provided the high
    order bit of the timestamp field is set to one to indicate the
    use of a non-standard value.

    The originating host must compose this option with a large
    enough timestamp data area to hold all the timestamp information
    expected.  The size of the option does not change due to adding
    timestamps.  The intitial contents of the timestamp data area
    must be zero or internet address/zero pairs.

    If the timestamp data area is already full (the pointer exceeds
    the length) the datagram is forwarded without inserting the
    timestamp, but the overflow count is incremented by one.

    If there is some room but not enough room for a full timestamp
    to be inserted, or the overflow count itself overflows, the
    original datagram is considered to be in error and is discarded.
    In either case an ICMP parameter problem message may be sent to
    the source host [3].

    The timestamp option is not copied upon fragmentation.  It is
    carried in the first fragment.  Appears at most once in a
    datagram.

Padding: variable

The internet header padding is used to ensure that the internet
header ends on a 32 bit boundary.  The padding is zero.