search

phaethon / kamene

Network packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.
GNU General Public License v2.0
868 stars 191 forks source link

failed run of scapy3k on Vmware ESX(vsphere) with python 3.5 #145

Open heeyeol72 opened 7 years ago

heeyeol72 commented 7 years ago

I installed scapy3k for vmware ESX with python 3.5. There is architecture dependent macros like SIOCGIFCOUNT in scapy-python3-0.20/scapy/arch/linux.py

I verify all macros are same as ESX system(vmkernel) except SIOCGSTAMP But still scapy won't work with ESX's vmk I/F which is a special I/F for ESX management purpose like vmotion/VSAN. Note that scapy3k works in vnic of guest VM.

  1. issue1 sys.path: ['', '/', '/build/toolchain/lin64/python-3.5.1/lib64/python3.5', '/build/toolchain/lin64/python-3.5.1/lib64/python3.5/lib-dynload', '/build/toolchain/lin64/python-3.5.1/lib/python35.zip', '/build/toolchain/lin64/python-3.5.1/lib64/python3.5/plat-linux', '/build/toolchain/lin64/python-3.5.1/lib64/python3.5/site-packages', '/vmfs/volumes/datastore1 (1)/scapy-python3-0.20'] WARNING: Failed to execute tcpdump. Check it is installed and in the PATH WARNING: Can't open /proc/net/dev ! WARNING: Can't open /proc/net/route ! WARNING: No route found for IPv6 destination :: (no default route?). This affects only IPv6 Send tcp packets to 10.116.249.100 from source 10.10.10.1

/vmfs/volumes/datastore1 (1)/scapy-python3-0.20/scapy/arch/linux.py(446)init() -> sa_ll = self.outs.getsockname() (Pdb) (Pdb) n OSError: [Errno 95] Operation not supported

There are several warning of tcpdump and /proc/net/dev, router since ESX has tcpdump-uw and doesn't have /proc/net folder. But this simple operation (self.outs.getsockname) complains failure.

  1. issue2 /vmfs/volumes/datastore1 (1)/scapy-python3-0.20/scapy/arch/linux.py(442)init() -> self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 2**30) (Pdb) n OSError: [Errno 95] Operation not supported

setsockopt failed to run, but once I change the third argument to 2*20, it sometime worked or didn’t I know this error means OS(i.e. vmware vmkernel) expresses this setsockopt function is not supported. But setsockopt is general function and it's from original package (arch/linux.py)

Can anyone help me fix these issue on vmware ESX vmk?

Thx

ghost commented 7 years ago

Esxi has its own implementation of ping to work with the vmkernel nics, as well as its own implementation of tcpdump to sniff traffic. If it is a production esxi server I would not install 3rd party packages, and if you are doing security work, you should use the already supported vmware cli commands. I know it isn't a fix, mostly advise from a virtualization person.

heeyeol72 commented 7 years ago

I know there is vmkping/tcpdump-uw in ESXi, but I need some packet manipulation tool for testing purpose.