Hi, I worked as GSOC 2011 student with UMIT project. I worked on UNS, UMPA and ZION as part of my project. The start was a little bumpy, but all is well that ends well. In this post I'll explain the work done during this summer.
No. Time Source Destination Protocol Info
1 0.000000 ::1 ::1 ICMPv6 Echo (ping) request id=0x0000, seq=0
Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Aug 29, 2011 01:21:18.734364000 IST
Epoch Time: 1314561078.734364000 seconds
[Protocols in frame: eth:ipv6:icmpv6:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
Payload length: 12
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: ::1 (::1)
Destination: ::1 (::1)
Internet Control Message Protocol v6
Type: 128 (Echo (ping) request)
Code: 0 (Should always be zero)
Checksum: 0xfb30 [correct]
ID: 0x0000
Sequence: 0
Data (4 bytes)
0000 41 42 43 44 ABCD
Data: 41424344
[Length: 4]
No. Time Source Destination Protocol Info
2 0.000019 ::1 ::1 ICMPv6 Echo (ping) reply id=0x0000, seq=0
Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Aug 29, 2011 01:21:18.734383000 IST
Epoch Time: 1314561078.734383000 seconds
[Protocols in frame: eth:ipv6:icmpv6:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
Payload length: 12
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: ::1 (::1)
Destination: ::1 (::1)
Internet Control Message Protocol v6
Type: 129 (Echo (ping) reply)
Code: 0 (Should always be zero)
Checksum: 0xfa30 [correct]
ID: 0x0000
Sequence: 0
Data (4 bytes)
0000 41 42 43 44 ABCD
Data: 41424344
[Length: 4]
Here are Screen Shot of Zion scan with two different public IPv6 address .
- Umit Network Scanner :
My goal is to release UNS 2.0 as part of my GSOC project. Most of the work has been done, and the release will follow shortly. I added following features to UNS
- Support for IPv6 : nmap supports IPv6 (baring some options), but the support was missing from UNS. For the options that are not supported by nmap we display an error message with appropriate information. Screen Shot of IPv6 Scan (done on testbed of 2 computers). It uses the address checker implemented in zion.
- Radialnet Improvements: Developed algorithm with the help of Joao, for display of network with large number of networks. This solved problems of superimposition when running a scan on large network. The algorithm was implemented and the results are shown below
- Scan Detail Improvements: Active and inactive nodes are shown in green and red respectively in the display column.
- Fixing of some other bugs
- Support for IPv6 : nmap supports IPv6 (baring some options), but the support was missing from UNS. For the options that are not supported by nmap we display an error message with appropriate information. Screen Shot of IPv6 Scan (done on testbed of 2 computers). It uses the address checker implemented in zion.
- UMPA:
In UMPA, I added support for IPv6, ICMP, ICMPv6. All the types/codes currently in use for ICMP and ICMP6 are now supported. For using the developed API's following code need to be called
ICMP :
>>from umit.umpa.protocols import IP
>>from umit.umpa.protocols import ICMP
>>from umit.umpa import Packet
>>from umit.umpa import Socket
>>from umit.umpa._sockets import INET
>>from umit.umpa.utils.security import super_priviliges
>>ip = IP(src='127.0.0.1', dst='127.0.0.1')
>>sock = super_priviliges(INET)
>>icmp = ICMP(type = 'ECHO' , code = 0)
>>icmp.data = 'ABCD'
>>first_packet = Packet(ip, icmp)
>>sock.send(first_packet)
TCP over IPv6 :
>>from umit.umpa.protocols import IPV6
>>from umit.umpa.protocols import TCP
>>from umit.umpa.protocols import Payload
>>from umit.umpa import Packet
>>from umit.umpa import Socket
>>from umit.umpa._sockets import INET6
>>from umit.umpa.utils.security import super_priviliges
>>ip = IPV6(src='0000:0000:0000:0000:0000:0000:0000:0001', >>dst='0000:0000:0000:0000:0000:0000:0000:0001')
>>ip.set_flags('ds',ect=True)
>>ip.set_flags('ds',ecn_ce=True)
>>tcp = TCP()
>>tcp.srcport = 2561
>>tcp.dstport = 253
>>tcp.set_flags('flags', syn=True)
>>payload = Payload()
>>payload.data = "this is umpa!"
>>first_packet = Packet(ip, tcp)
>>first_packet.include(payload)
>>sock = super_priviliges(INET6)
>>sock.send(first_packet)
Similar for UDP over IPv6
ICMPv6:
>>from umit.umpa.protocols import IPV6
>>from umit.umpa.protocols import ICMPV6
>>from umit.umpa import Packet
>>from umit.umpa import Socket
>>from umit.umpa._sockets import INET6
>>from umit.umpa.utils.security import super_priviliges
>>ip = IPV6(src='0000:0000:0000:0000:0000:0000:0000:0001', >>dst='0000:0000:0000:0000:0000:0000:0000:0001')
>>sock = super_priviliges(INET6)
>>icmp = ICMPV6(type = 'ECHO' , code = 0)
>>icmp.data = 'ABCD'
>>first_packet = Packet(ip, icmp)
>>sock.send(first_packet)
No. Time Source Destination Protocol Info
1 0.000000 ::1 ::1 ICMPv6 Echo (ping) request id=0x0000, seq=0
Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Aug 29, 2011 01:21:18.734364000 IST
Epoch Time: 1314561078.734364000 seconds
[Protocols in frame: eth:ipv6:icmpv6:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
Payload length: 12
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: ::1 (::1)
Destination: ::1 (::1)
Internet Control Message Protocol v6
Type: 128 (Echo (ping) request)
Code: 0 (Should always be zero)
Checksum: 0xfb30 [correct]
ID: 0x0000
Sequence: 0
Data (4 bytes)
0000 41 42 43 44 ABCD
Data: 41424344
[Length: 4]
No. Time Source Destination Protocol Info
2 0.000019 ::1 ::1 ICMPv6 Echo (ping) reply id=0x0000, seq=0
Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Arrival Time: Aug 29, 2011 01:21:18.734383000 IST
Epoch Time: 1314561078.734383000 seconds
[Protocols in frame: eth:ipv6:icmpv6:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
Payload length: 12
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: ::1 (::1)
Destination: ::1 (::1)
Internet Control Message Protocol v6
Type: 129 (Echo (ping) reply)
Code: 0 (Should always be zero)
Checksum: 0xfa30 [correct]
ID: 0x0000
Sequence: 0
Data (4 bytes)
0000 41 42 43 44 ABCD
Data: 41424344
[Length: 4]
- ZION:
IPv6 support added to zion. As ZION uses UMPA for sending the packets, the IPv6 implemented in UMPA was directly used here. We first detect the type of destination address (IPv6,IPv4,Domain Name). Then we correspondingly select the available source IP address (our address), and set interface accordingly for packet capture. For dynamically setting the interface depending on destination address,
It set this device same as for capturing the packet .
- Regular expressions used are as follows :
ipv4
"((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\ d|1\d\d|[1-9]\d|\d)"
ipv6 (all address types are supported with the given regex)
eg, ****************************************
"^(?:(?:(?:[A-F0-9]{1,4}:){6}|(?=(?:[A-F0-9]{0,4}:){0,6}(?:[ 0-9]{1,3}\.){3}[0-9]{1,3}$)(([ 0-9A-F]{1,4}:){0,5}|:)((:[0- 9A-F]{1,4}){1,5}:|:))(?:(?:25[ 0-5]|2[0-4][0-9]|[01]?[0-9][0- 9]?)\.){3}(?:25[0-5]|2[0-4][0- 9]|[01]?[0-9][0-9]?)|(?:[A-F0- 9]{1,4}:){7}[A-F0-9]{1,4}|(?=( ?:[A-F0-9]{0,4}:){0,7}[A-F0-9] {0,4}$)(([0-9A-F]{1,4}:){1,7}| :)((:[0-9A-F]{1,4}){1,7}|:))$"
and a domain name list (containing top level domains).
Here are Screen Shot of Zion scan with two different public IPv6 address .
No comments:
Post a Comment