1#!/usr/local/bin/python2.7 2# send ping6 fragment without payload with other proto before first fragment 3 4# || 5# |---------| 6# |----| 7 8import os 9from addr import * 10from scapy.all import * 11 12pid=os.getpid() & 0xffff 13payload="ABCDEFGHIJKLMNOP" 14packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) 15frag=[] 16frag.append(IPv6ExtHdrFragment(nh=59, id=pid, m=1)) 17frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:56]) 18frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/str(packet)[56:64]) 19eth=[] 20for f in frag: 21 pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f 22 eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) 23 24if os.fork() == 0: 25 time.sleep(1) 26 sendp(eth, iface=SRC_IF) 27 os._exit(0) 28 29ans=sniff(iface=SRC_IF, timeout=3, filter= 30 "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") 31for a in ans: 32 if a and a.type == ETH_P_IPV6 and \ 33 ipv6nh[a.payload.nh] == 'ICMPv6' and \ 34 icmp6types[a.payload.payload.type] == 'Echo Reply': 35 id=a.payload.payload.id 36 print "id=%#x" % (id) 37 if id != pid: 38 print "WRONG ECHO REPLY ID" 39 exit(2) 40 data=a.payload.payload.data 41 print "payload=%s" % (data) 42 if data == payload: 43 exit(0) 44 print "PAYLOAD!=%s" % (payload) 45 exit(2) 46print "NO ECHO REPLY" 47exit(1) 48