Prev Contents Next

Raw packet creation

The very early, lame versions of btk were only capable of sending some raw packets. No packets were to be received and thus it made btk only useful as some kind of module helping you to write "spoofed IP DOS"-scripts. Fortunately, due to bad coding (hey I'm not c0deG0d! ;) a kiddie would 'cause a local DOS when doing something like this:
while 1:
	s.send("192.168.1.1", 80, "192.168.1.2", 5424) 
Those memory-eating bugs are mostly fixed and there are capabilities of receiving packages with the builtin libpcap-support. The libpcap parts from btk are explained in later sections. For now, we'll focus on simple, raw packet creation with btk.
>>> import btk
>>> dir(btk)
>>> ['ACK', 'CWR', 'ECN', 'FIN', 'ICMP', 'PUSH', 'RST', 'SYN', 'TCP', 'UDP', 'URG', '__doc__', '__file__', '__name__', 'btk', 'pcap', 'version']
If you do a dir(btk) you'll get confronted with all defined constants, classes and functions provided by btk. The objects starting and ending with __ are to be considered for (mostly) internal use and aren't very interesting for the usage of btk. The function version() is only meant to display btk's version. The most interesting things in the list are the two classes named btk and pcap.

If you've got any experience with raw packet creation you'll recognize the capitalized objects. Those are representing the supported protocols and some flags (to be used with TCP). As you've probably noticed, btk doesn't support many protocols at the moment. The btk internals are very easy coded and so its easy to extend it to another protocol (IGMP, ARP, RARP). It's likely that (when I'm not short of time) I'll implement them as wel as some IPV6 support.

Designing raw packets is very easy. The only thing you need is the btk class. After you've created a reference to the btk-class you can set all kind of packet options with the methods of the class. Sounds difficult? It isn't and now you'll remember why you love Python:
>>> import btk
>>> packet = btk.btk()
>>> dir(packet)
['data', 'flags', 'options', 'protocol', 'send']
>>> packet.protocol(btk.TCP)
>>> packet.flags(btk.SYN)
>>> packet.options(urp=55)
>>> packet.data("whoot")
>>> packet.send("192.168.1.1", 80, "192.168.1.2", 1234)
That's it. If you put tcpdump on a terminal you'll notice that a packet from "192.168.1.2:1234" is send to "192.168.1.1:www". The captured packet has an urgent pointer from 55 and a payload containing "whoot". Please note that if you hate it to do btk.TCP, btk.SYN etc everytime you need to import btk like so it gets imported in the main namespace:
>>> from btk import *
>>> packet = btk()
>>> packet.protocol(TCP)
On the next page all methods of the btk() class are explained in detail so check it out!
Prev Contents Next