Python for Network Engineers

Perform an Arp Poisoning Attack Using Scapy

By George El. • November 2019 • Reading time: 3 minutes

In this post I will show you how to perform an arp poisoning attack on local network using a python package called scapy. Scapy is a package that allows us to craft our own packets specifying all layers from layer2 to layer7. In my local network I have two pcs, with addresses 192.

How to Ping Multiple Addresses Asynchronously Part I

By George El. • February 2019 • Reading time: 2 minutes

In this post, I will show you how to ping many ip addresses synchronously, or asynchronously using threads. the following examples work only with python 3. First I will use a list comprehension to create a list of ip addresses ips = ["192.168.2.{}".format(i) for i in range(1,11)] the above code will create addresses 192.

How to Find Syn Packets without Syn Ack

By George El. • February 2019 • Reading time: 1 minute

This post is based on a question on wireshark.org and all credit goes there to Kurt Knochner. I just thought it would be nice to test it. So I launched wireshark and I tried to connect to 8.8.8.8 port 80, which I know it won’t reply. if you use as display filter “tcp.

How to Decrypt Https in Wireshark

By George El. • February 2019 • Reading time: 1 minute

In this post, I will show you how to decrypt an https session with wireshark. These instruction will only work with windows 10 and chrome or firefox browser. First I am going to browse to udemy.com and get a capture with wireshark. You see that wireshark cannot see above tcp layer because it is encrypted with TLSv1.

Analyzing an Ftp Connection With Wireshark

By George El. • February 2019 • Reading time: 3 minutes

In this post we will analyze an ftp connection with wireshark. First we see that the client establishes a control connection to port 21 on the server. The server is the one with the public IP address. The RTT time is the difference between SYN and SYN-ACK and is 0.0849. (In order to see the time or delta between displayed packets you have to go to View, Time Display Format, Seconds since previous displayed packet)

Analyzing Dhcp Process with Wireshark When There is Relay Agent

By George El. • February 2019 • Reading time: 2 minutes

In this post, I will analyze the dhcp process, when the dhcp server is not on the local locan, but on a remote lan. As we saw on the previous posts, dhcp packets are sent as broadcasts. Broadcasts by default do not leave the local lan. So what happens when you want to have a centralised dhcp server?

Analyzing Dhcp Process With Wireshark

By George El. • February 2019 • Reading time: 2 minutes

In this post, I will analyze the dhcp process using wireshark. Before I begin a few things to note. On windows if you do an ipconfig /release the pc will not go through the entire dhcp process and most likely will send a request, requesting the same ip address. to force the whole process you have to do, net stop dhcp.

Analyzing an Http Connection With Wireshark

By George El. • February 2019 • Reading time: 6 minutes

In this post we will use wireshark to analyze an http connection, where a client requests a single webpage from a server. Here is the output of the capture. you can do right click, open in a new tab, to see full size image. if you want to download the pcap file click here

How to Sort IP Addresses in Bash in One Line

By George El. • January 2019 • Reading time: 1 minute

Lets assume we have the following file with IPs and we want to sort them. Obviosuly if we sort them like strings, we won’t get what we want. We want to sort on the first octet, then the second, then the third, then the fourth. more IPs.txt 255.1.1.1 1.1.1.1 120.10.1.5 120.

Configuring Dhcp Snooping and Arp Inspection on Cisco Switches

By George El. • January 2019 • Reading time: 4 minutes

Dhcp snooping is a feature that protects against rogue DHCP agents. This happens by characterising links as trusted and untrusted. Untrusted ports can only forward requests, while trusted can forward all dhcp messages. steps to to configure dhcp 1. characterize uplink interfaces as trusted I assume your dhcp server is on the distribution or core layer.