Recently, I tried a little operation principle about "ping ASCII art" which has become a hot topic in the network industry. I'm sorry because it's just a touch, but it's just for personal study.
The original story will be the presentation material of JANOG BoF & LT Night # 2 by @kooshin.
-ping ASCII Art (JANOG BoF & LT Night # 2) This is the presentation material of -A service that returns "Nyan" when you ping, developed by a network engineer
Even so, @kooshin, who has actually embodied the overflowing ideas, is really amazing.
I created an environment with Ubuntu 16.04.3 LTS.
root@ubuntu:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
I don't want to pollute the python environment as the root user, so I will maintain a virtual environment with pyenv. It has nothing to do with the main subject, so you can skip the work here.
tsubo@ubuntu:~$ sudo apt-get install git gcc make openssl libssl-dev libbz2-dev libreadline-dev libsqlite3-dev
root@ubuntu:~# git clone https://github.com/yyuu/pyenv.git ~/.pyenv
export PYENV_ROOT=$HOME/.pyenv
export PATH=$PYENV_ROOT/bin:$PATH
eval "$(pyenv init -)"
root@ubuntu:~# source .bashrc
root@ubuntu:~# pyenv --version
pyenv 1.1.3-33-g48aa0c4
root@heat:~# pyenv install 3.6.2
Downloading Python-3.6.2.tar.xz...
-> https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz
Installing Python-3.6.2...
Installed Python-3.6.2 to /root/.pyenv/versions/3.6.2
root@ubuntu:~# pyenv global 3.6.2
root@ubuntu:~# pyenv versions
system
* 3.6.2 (set by /root/.pyenv/version)
You will need these python library environments.
root@ubuntu:~# pip install NetfilterQueue
Collecting NetfilterQueue
Downloading NetfilterQueue-0.8.1.tar.gz (58kB)
100% |████████████████████████████████| 61kB 3.2MB/s
Installing collected packages: NetfilterQueue
Running setup.py install for NetfilterQueue ... done
Successfully installed NetfilterQueue-0.8.1
root@ubuntu:~# pip install scapy-python3
Collecting scapy-python3
Downloading scapy-python3-0.21.tar.gz (2.2MB)
100% |████████████████████████████████| 2.2MB 694kB/s
Installing collected packages: scapy-python3
Running setup.py install for scapy-python3 ... done
Successfully installed scapy-python3-0.21
First, deploy the sample app posted on NetfilterQueue.
sample_icmp.py
from netfilterqueue import NetfilterQueue
def print_and_accept(pkt):
print(pkt)
pkt.accept()
nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
root@ubuntu:~# iptables -A INPUT -p icmp -j NFQUEUE --queue-num 1
root@ubuntu:~# python sample_icmp.py
ttsubo-no-macbook-pro:~ ttsubo$ ping 192.168.195.204
PING 192.168.195.204 (192.168.195.204): 56 data bytes
64 bytes from 192.168.195.204: icmp_seq=0 ttl=64 time=0.409 ms
64 bytes from 192.168.195.204: icmp_seq=1 ttl=64 time=0.491 ms
64 bytes from 192.168.195.204: icmp_seq=2 ttl=64 time=0.732 ms
64 bytes from 192.168.195.204: icmp_seq=3 ttl=64 time=0.753 ms
64 bytes from 192.168.195.204: icmp_seq=4 ttl=64 time=0.400 ms
^C
--- 192.168.195.204 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.400/0.557/0.753/0.155 ms
** No problem, ping succeeds. ** **
root@ubuntu:~# python sample_icmp.py
ICMP packet, 84 bytes
ICMP packet, 84 bytes
ICMP packet, 84 bytes
ICMP packet, 84 bytes
ICMP packet, 84 bytes
With that feeling, I can now confirm that the ICMP packet has been received.
If the sequence number of ICMP Echo Request is "multiple of 5", modify the previous sample application so that it does not reply ICMP Echo Reply.
sample_icmp_fake.py
from scapy.all import *
from netfilterqueue import NetfilterQueue
def print_and_accept(pkt):
packet = IP(pkt.get_payload())
icmp = packet[ICMP]
if (icmp.seq % 5) == 0:
pkt.drop()
else:
pkt.accept()
if __name__ == "__main__":
nfqueue = NetfilterQueue()
nfqueue.bind(1, print_and_accept)
try:
nfqueue.run()
except KeyboardInterrupt:
print('')
nfqueue.unbind()
root@ubuntu:~# python sample_icmp_fake.py
WARNING: No route found for IPv6 destination :: (no default route?). This affects only IPv6
ttsubo-no-macbook-pro:~ ttsubo$ ping 192.168.195.204
PING 192.168.195.204 (192.168.195.204): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 192.168.195.204: icmp_seq=1 ttl=64 time=1.515 ms
64 bytes from 192.168.195.204: icmp_seq=2 ttl=64 time=1.507 ms
64 bytes from 192.168.195.204: icmp_seq=3 ttl=64 time=1.367 ms
64 bytes from 192.168.195.204: icmp_seq=4 ttl=64 time=1.383 ms
Request timeout for icmp_seq 5
64 bytes from 192.168.195.204: icmp_seq=6 ttl=64 time=1.453 ms
64 bytes from 192.168.195.204: icmp_seq=7 ttl=64 time=1.694 ms
64 bytes from 192.168.195.204: icmp_seq=8 ttl=64 time=1.301 ms
64 bytes from 192.168.195.204: icmp_seq=9 ttl=64 time=1.376 ms
Request timeout for icmp_seq 10
64 bytes from 192.168.195.204: icmp_seq=11 ttl=64 time=1.273 ms
64 bytes from 192.168.195.204: icmp_seq=12 ttl=64 time=1.358 ms
64 bytes from 192.168.195.204: icmp_seq=13 ttl=64 time=1.161 ms
64 bytes from 192.168.195.204: icmp_seq=14 ttl=64 time=1.180 ms
Request timeout for icmp_seq 15
64 bytes from 192.168.195.204: icmp_seq=16 ttl=64 time=1.305 ms
64 bytes from 192.168.195.204: icmp_seq=17 ttl=64 time=1.288 ms
^C
--- 192.168.195.204 ping statistics ---
18 packets transmitted, 14 packets received, 22.2% packet loss
round-trip min/avg/max/stddev = 1.161/1.369/1.694/0.135 ms
** As expected, if icmp_seq is a "multiple of 5", the ping will fail. ** **
As mentioned above, I was able to confirm the operation, although it is a small part. I was very impressed with the fact that packets can be controlled without using OpenFlow.
Recommended Posts