3 May 2006 18:54
RE: SR1 is not capturing the replies
Ritesh Rekhi <rrekhi <at> foundrynet.com>
2006-05-03 16:54:12 GMT
2006-05-03 16:54:12 GMT
Hi Philippe,
Here is the output from tcpdump and also output from srloop.
TCpdump
[root <at> localhost rr]# tcpdump -s 0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:31:37.158786 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:37.158861 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:39.483958 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:39.484064 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:41.783585 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:41.783803 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:44.093667 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:44.093823 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:46.376820 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:46.377026 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:48.563928 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:48.564018 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:50.848215 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:50.848407 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:53.045152 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:53.045263 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:55.356665 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:55.356850 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:57.547890 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:57.548010 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:31:59.835037 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:31:59.835222 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
10:32:02.051333 IP 10.45.3.60 > 10.45.3.49: icmp 8: echo request seq 0
10:32:02.051503 IP 10.45.3.49 > 10.45.3.60: icmp 8: echo reply seq 0
From srloop
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
fail 1: IP / ICMP 10.45.3.60 > 10.45.3.49 echo-request 0
-----Original Message-----
From: Philippe Biondi [mailto:phil <at> secdev.org]
Sent: Wednesday, May 03, 2006 12:31 AM
To: scapy.ml <at> secdev.org
Subject: Re: [scapy.ml] SR1 is not capturing the replies
Hi,
On Wed, 3 May 2006, Ritesh Rekhi wrote:
> Hi all,
> I was trying scapy for the first time and found that if i try to
use
> sr1 function ,The ICMP packets are going out and the replies are coming
back but
> scapy can't see the replies and keep on failing all the replies.
Please send me a "tcpdump -s 0" capture.
--
--
Philippe Biondi <phil <at> secdev.org> SecDev.org
Computer Security/R&D http://www.secdev.org
PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
RSS Feed