SlideShare a Scribd company logo

Pycon Sec

Download as ODP, PDF
G
guesta762e4
Technology
1 of 30
PyCon India 2009 Presentation Python tools for Network Security Anand B Pillai (abpillai@gmail.com)
Agenda ,[object Object]
Python tools ,[object Object]
Quick introduction to pypcap, dpkt
Using Scapy to write your own tools
Examples ,[object Object]
Questions
Requirements ,[object Object]
Basic knowledge of network protocols – TCP/UDP/ICMP etc
Background in Network security is useful
Network Security ,[object Object]
Network security practitioner requires a toolset which allows him to, ,[object Object]
Inspect Packets obtained
Craft Packets for testing ,[object Object]
Packet Capture ,[object Object]
Uses the libpcap library behind the scenes to capture packets off the network
Libpcap -> Is the most basic library and most widely used for packet capturing. Almost every network security tool which requires packet capturing is based on libpcap
Python + libpcap ,[object Object]
Pylibcap - Python module for the libpcap packet capture library, based on the original python libpcap module by Aaron Rhodes, hosted on SF, latest stable rel 0.6.2
Pypcap - Simplified object-oriented Python extension module for libpcap, by dugsong, hosted on Google code, latest stable rel 1.1 ,[object Object]
Pypcap ,[object Object]
Installs using distutils as any other Python library
Requires libpcap library and header files
Ubuntu package available
Once installed, accessed using import of ”pcap” module
>>> import pcap
>>>
Pypcap in action ,[object Object]
File &quot;<stdin>&quot;, line 1, in <module>
File &quot;pcap.pyx&quot;, line 425, in pcap.pcap.__next__

Recommended

Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python toolsJose Manuel Ortega Candel
 
Writing and using php streams and sockets
Writing and using php streams and socketsWriting and using php streams and sockets
Writing and using php streams and socketsElizabeth Smith
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Network programming
Network programmingNetwork programming
Network programmingKrasimir Berov (Красимир Беров)
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and AdministrationKrasimir Berov (Красимир Беров)
 

Recommended

Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 
Penetration testing using python
Penetration testing using pythonPenetration testing using python
Penetration testing using pythonPurna Chander K
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python toolsJose Manuel Ortega Candel
 
Writing and using php streams and sockets
Writing and using php streams and socketsWriting and using php streams and sockets
Writing and using php streams and socketsElizabeth Smith
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Network programming
Network programmingNetwork programming
Network programmingKrasimir Berov (Красимир Беров)
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and AdministrationKrasimir Berov (Красимир Беров)
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2Kazuho Oku
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTSjulien pauli
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshopjulien pauli
 
Biopython
BiopythonBiopython
BiopythonKarin Lagesen
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationVictor Marcelino
 
Happy Go Programming Part 1
Happy Go Programming Part 1Happy Go Programming Part 1
Happy Go Programming Part 1Lin Yo-An
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesjulien pauli
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Unix And C
Unix And CUnix And C
Unix And CDr.Ravi
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Herejulien pauli
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension reviewjulien pauli
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Kamailio and VoIP Wild World
Kamailio and VoIP Wild WorldKamailio and VoIP Wild World
Kamailio and VoIP Wild WorldDaniel-Constantin Mierla
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performancesjulien pauli
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life CycleXinchen Hui
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionjulien pauli
 
Happy Go Programming
Happy Go ProgrammingHappy Go Programming
Happy Go ProgrammingLin Yo-An
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیMohammad Reza Kamalifard
 

More Related Content

What's hot

Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2Kazuho Oku
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTSjulien pauli
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshopjulien pauli
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationVictor Marcelino
 
Happy Go Programming Part 1
Happy Go Programming Part 1Happy Go Programming Part 1
Happy Go Programming Part 1Lin Yo-An
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesjulien pauli
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Unix And C
Unix And CUnix And C
Unix And CDr.Ravi
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension reviewjulien pauli
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performancesjulien pauli
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life CycleXinchen Hui
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionjulien pauli
 
Happy Go Programming
Happy Go ProgrammingHappy Go Programming
Happy Go ProgrammingLin Yo-An
 

What's hot (20)

Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD
 
Unix Programming with Perl 2
Unix Programming with Perl 2Unix Programming with Perl 2
Unix Programming with Perl 2
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 
Biopython
BiopythonBiopython
Biopython
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administration
 
Happy Go Programming Part 1
Happy Go Programming Part 1Happy Go Programming Part 1
Happy Go Programming Part 1
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from inside
 
Unix And C
Unix And CUnix And C
Unix And C
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Kamailio and VoIP Wild World
Kamailio and VoIP Wild WorldKamailio and VoIP Wild World
Kamailio and VoIP Wild World
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life Cycle
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
 
Happy Go Programming
Happy Go ProgrammingHappy Go Programming
Happy Go Programming
 

Viewers also liked

Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیMohammad Reza Kamalifard
 
Evdokimov python arsenal for re
Evdokimov python arsenal for reEvdokimov python arsenal for re
Evdokimov python arsenal for reDefconRussia
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 PresentationAngelo Rago
 
Network programming in python..
Network programming in python..Network programming in python..
Network programming in python..Bharath Kumar
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersTal Be'ery
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.CrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaCrowdStrike
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit KitsJoe Desimone
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Pythonpycontw
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 

Viewers also liked (20)

Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونیاسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
 
Evdokimov python arsenal for re
Evdokimov python arsenal for reEvdokimov python arsenal for re
Evdokimov python arsenal for re
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 Presentation
 
Network programming in python..
Network programming in python..Network programming in python..
Network programming in python..
 
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Hunting For Exploit Kits
Hunting For Exploit KitsHunting For Exploit Kits
Hunting For Exploit Kits
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Python
 
Venom
Venom Venom
Venom
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 

Similar to Pycon Sec

Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
 
Euro python2011 High Performance Python
Euro python2011 High Performance PythonEuro python2011 High Performance Python
Euro python2011 High Performance PythonIan Ozsvald
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Python and Machine Learning
Python and Machine LearningPython and Machine Learning
Python and Machine Learningtrygub
 
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)Igalia
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.pptLyVu51
 
import rdma: zero-copy networking with RDMA and Python
import rdma: zero-copy networking with RDMA and Pythonimport rdma: zero-copy networking with RDMA and Python
import rdma: zero-copy networking with RDMA and Pythongroveronline
 
Cell processor lab
Cell processor labCell processor lab
Cell processor labcoolmirza143
 
BSides London - Scapy Workshop
BSides London - Scapy WorkshopBSides London - Scapy Workshop
BSides London - Scapy WorkshopAdam Maxwell
 
Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfsupport58
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealTzung-Bi Shih
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
Poker, packets, pipes and Python
Poker, packets, pipes and PythonPoker, packets, pipes and Python
Poker, packets, pipes and PythonRoger Barnes
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdbRoman Podoliaka
 
(Slightly) Smarter Smart Pointers
(Slightly) Smarter Smart Pointers(Slightly) Smarter Smart Pointers
(Slightly) Smarter Smart PointersCarlo Pescio
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 

Similar to Pycon Sec (20)

Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
 
Libpcap
LibpcapLibpcap
Libpcap
 
Euro python2011 High Performance Python
Euro python2011 High Performance PythonEuro python2011 High Performance Python
Euro python2011 High Performance Python
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATION
 
Python and Machine Learning
Python and Machine LearningPython and Machine Learning
Python and Machine Learning
 
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.ppt
 
import rdma: zero-copy networking with RDMA and Python
import rdma: zero-copy networking with RDMA and Pythonimport rdma: zero-copy networking with RDMA and Python
import rdma: zero-copy networking with RDMA and Python
 
Cell processor lab
Cell processor labCell processor lab
Cell processor lab
 
BSides London - Scapy Workshop
BSides London - Scapy WorkshopBSides London - Scapy Workshop
BSides London - Scapy Workshop
 
Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the Seal
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
Poker, packets, pipes and Python
Poker, packets, pipes and PythonPoker, packets, pipes and Python
Poker, packets, pipes and Python
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
Debugging Python with gdb
Debugging Python with gdbDebugging Python with gdb
Debugging Python with gdb
 
Debug generic process
Debug generic processDebug generic process
Debug generic process
 
(Slightly) Smarter Smart Pointers
(Slightly) Smarter Smart Pointers(Slightly) Smarter Smart Pointers
(Slightly) Smarter Smart Pointers
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
tit
tittit
tit
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Pycon Sec

  • 1. PyCon India 2009 Presentation Python tools for Network Security Anand B Pillai (abpillai@gmail.com)
  • 2.
  • 3.
  • 4. Quick introduction to pypcap, dpkt
  • 5. Using Scapy to write your own tools
  • 6.
  • 8.
  • 9. Basic knowledge of network protocols – TCP/UDP/ICMP etc
  • 10. Background in Network security is useful
  • 11.
  • 12.
  • 14.
  • 15.
  • 16. Uses the libpcap library behind the scenes to capture packets off the network
  • 17. Libpcap -> Is the most basic library and most widely used for packet capturing. Almost every network security tool which requires packet capturing is based on libpcap
  • 18.
  • 19. Pylibcap - Python module for the libpcap packet capture library, based on the original python libpcap module by Aaron Rhodes, hosted on SF, latest stable rel 0.6.2
  • 20.
  • 21.
  • 22. Installs using distutils as any other Python library
  • 23. Requires libpcap library and header files
  • 25. Once installed, accessed using import of ”pcap” module
  • 27. >>>
  • 28.
  • 30. File &quot;pcap.pyx&quot;, line 425, in pcap.pcap.__next__
  • 31. TypeError: raise: exception class must be a subclass of BaseException
  • 34.
  • 36. >>> pc = pcap.pcap()
  • 37. To listen to a specific interface pass it explicitly
  • 38. >>> pc = pcap.pcap('wlan0')
  • 39. By default listens promiscously. To listen non-promiscously,
  • 40. >>> pc = pcap.pcap(promisc=False)
  • 41. To use a dumpfile,
  • 42. >>> pc = pcap.pcap(dumpfile='pkts.pcap')
  • 43.
  • 44. Code is written as follows, iterating on the pcap object
  • 45. >>> pc = pcap.pcap()
  • 46. >>> for ts, pkt in pc:
  • 48. Optionally the dispatch method can be used to pass the packet to a call-back function. The callback function accepts the time-stamp, pkt and any other arguments.
  • 49. The loop method works similarly, but in an infinite loop.
  • 50. Examples Import pcap pc = pcap.pcap('wlan0') pc.setfilter('icmp') def process(ts, pkt, *args): &quot;&quot;&quot; Process packets &quot;&quot;&quot; print ts, pkt if __name__ == &quot;__main__&quot;: try: pc.loop(process) except Exception: pc.stats()
  • 51.
  • 52. Project hosted at http://code.google.com/p/dpkt/
  • 54. Pure Python library, installtion using distutils
  • 56. Supports a number of protocols with an API that allows easy creation of custom protocol classes.
  • 57. Has a Pcap writer class which allows to save pycap packets to pcap files. These files are compatible with tcpdump/wireshark.
  • 58. Pcap is useful with dpkt than simply by itself
  • 59. Using dpkt with pypcap A simple example which prints details of IP traffic in the network. import pcap, dpkt, socket pc = pcap.pcap('wlan0') count =0 def process(ts, pkt, *args): eth = dpkt.ethernet.Ethernet(pkt) ip = eth.data if ip.__class__==dpkt.ip.IP: global count count += 1
  • 60. Using dpkt with pypcap ... src_ip = socket.inet_ntoa(ip.src) dst_ip = socket.inet_ntoa(ip.dst) print 'Packet #%d, %s=>%s, length %d, proto: %d' % (count, src_ip, dst_ip, ip.len, ip.p) if __name__ == &quot;__main__&quot;: try: pc.loop(process) except KeyboardInterrupt: print pc.stats()
  • 61. Sample Output anand@anand-laptop:~/programs/python$ sudo python2.5 pcap2.py Packet #1, 192.168.1.2=>66.102.7.99, length 84, proto: 1 Packet #2, 66.102.7.99=>192.168.1.2, length 84, proto: 1 Packet #3, 192.168.1.2=>192.168.1.1, length 70, proto: 17 Packet #4, 192.168.1.1=>192.168.1.2, length 246, proto: 17 Packet #5, 192.168.1.2=>66.102.7.99, length 84, proto: 1 Packet #6, 74.125.67.17=>192.168.1.2, length 80, proto: 6 Packet #7, 192.168.1.2=>74.125.67.17, length 52, proto: 6 Packet #8, 66.102.7.99=>192.168.1.2, length 84, proto: 1 Packet #9, 192.168.1.2=>192.168.1.1, length 70, proto: 17 Packet #10, 192.168.1.1=>192.168.1.2, length 246, proto: 17 ^Packet #11, 192.168.1.2=>66.102.7.99, length 84, proto: 1
  • 62.
  • 63. HTTP Protocol Sniffer (Contd.) if ip.__class__==dpkt.ip.IP: ip1, ip2 = map(socket.inet_ntoa,[ip.src, ip.dst]) if ip.p != 6: return l7 = ip.data sport, dport = [l7.sport, l7.dport] if sport in ports or dport in ports: print 'From %s to %s, length: %d' % (ip1, ip2, len(l7.data)) # Save packet to file... pcw.writepkt(pkt) if __name__ == &quot;__main__&quot;: try: pc.loop(process) except KeyboardInterrupt: print pc.stats() pcw.close()
  • 64.
  • 65. Craft packets of a variety of protocols, send them on the wire, recieve replies, match requests and replies...
  • 66. Handles most basic tasks like scanning, traceroute, ping, probe etc.
  • 67. Scapy can be used to write new tools without the need of any special libraries
  • 68. Instead of writing 100 lines of code in C for a special tool, write 2 lines in Scapy!
  • 69. An interactive session with Scapy Send an echo request and dissect the first return packet. >>> from scapy import * >>> ip=IP(dst='www.google.com') >>> icmp=ICMP() >>> sr1(ip/icmp) Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets <IP version=4L ihl=5L tos=0x60 len=28 id=1 flags= frag=0L ttl=239 proto=ICMP chksum=0xc007 src=66.102.7.104 dst=192.168.1.2 options='' |<ICMP type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0 |>>
  • 70.
  • 71. Host scanner (contd.) >>> results = _[0] >>> for pout, pin in results: ... if pin.flags == 2: print pout.dst ... 210.212.26.5 210.212.26.15 210.212.26.19 210.212.26.20 210.212.26.22 210.212.26.23 210.212.26.24 210.212.26.25 210.212.26.26 210.212.26.27
  • 72. A slow port-scanner from scapy import * def scan(ip,start=80,end=443): open_ports = [] ip=IP(dst=ip)/TCP(dport=range(start,end+1), flags='S') results=sr(ip,verbose=0,timeout=30) for res in results[0]: if res[1]==None: continue if res[1].payload.flags==18: print 'Port %d is open' % res[0].dport open_ports.append(res[0].dport) return open_ports if __name__ == &quot;__main__&quot;: print scan('random.org')
  • 73.
  • 74. DNS Query >>> sr1(IP(dst=&quot;192.168.1.1&quot;)/UDP()/DNS(rd=1,qd=DNSQR(qname=&quot;www.python.org&quot;))) Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets <IP version=4L ihl=5L tos=0x0 len=152 id=17093 flags=DF frag=0L ttl=250 proto=UDP chksum=0xba3b src=192.168.1.1 dst=192.168.1.2 options='' |<UDP sport=domain dport=domain len=132 chksum=0xee58 |<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=ok qdcount=1 ancount=1 nscount=2 arcount=2 qd=<DNSQR qname='www.python.org.' qtype=A qclass=IN |> an=<DNSRR rrname='www.python.org.' type=A rclass=IN ttl=30106 rdata=' 82.94.164.162 ' |> ns=<DNSRR rrname='python.org.' type=NS rclass=IN ttl=27914 rdata='ns.xs4all.nl.' |<DNSRR rrname='python.org.' type=NS rclass=IN ttl=27914 rdata='ns2.xs4all.nl.' |>> ar=<DNSRR rrname='ns.xs4all.nl.' type=A rclass=IN ttl=117171 rdata='194.109.6.67' |<DNSRR rrname='ns2.xs4all.nl.' type=A rclass=IN ttl=117171 rdata='194.109.9.100' |>> |>>>
  • 75. Traceroute >>>ans,unans=sr(IP(dst=' www.google.com ',ttl=(4,25),id=123)/TCP(flags=0x2) Finished to send 22 packets. ********************.. >>> for snd,rcv in ans: ... print snd.ttl, rcv.src, isinstance(rcv.payload, TCP) 8 218.248.255.66 False 9 218.248.250.82 False 10 195.2.7.37 False 11 198.32.146.46 False 12 216.239.43.12 False 13 72.14.238.130 False 14 209.85.243.122 False 15 209.85.251.94 False 16 74.125.19.105 True
  • 76.
  • 77. Passive OS fingerprinting >>> p <Ether dst=00:10:4b:b3:7d:4e src=00:40:33:96:7b:60 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=60 id=61681 flags=DF frag=0L ttl=64 proto=TCP chksum=0xb85e src=192.168.8.10 dst=192.168.8.1 options='' |<TCP sport=46511 dport=80 seq=2023566040L ack=0L dataofs=10L reserved=0L flags=SEC window=5840 chksum=0x570c urgptr=0 options=[('Timestamp', (342940201L, 0L)), ('MSS', 1460), ('NOP', ()), ('SAckOK', ''), ('WScale', 0)] |>>> >>> p0f(p) (1.0, ['Linux 2.4.2 - 2.4.14 (1)'])
  • 78.
  • 79.
  • 82.
  • 83.
  • 84. Dpkt - http://code.google.com/p/dpkt/
  • 85. Scapy - http://www.secdev.org/projects/scapy/
  • 86. Python-libcap - http://sourceforge.net/projects/pylibpcap/