├── LICENSE
├── README.md
└── hlk-mpls-vxlan-datacenter
    ├── mpls-vxlan-datacenter-ipv6.cap
    ├── mpls-vxlan-datacenter-ipv6.py
    ├── mpls-vxlan-datacenter.cap
    └── mpls-vxlan-datacenter.py


/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2019, Henrik Kramshøj
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | 1. Redistributions of source code must retain the above copyright notice, this
10 |    list of conditions and the following disclaimer.
11 | 
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 |    this list of conditions and the following disclaimer in the documentation
14 |    and/or other materials provided with the distribution.
15 | 
16 | 3. Neither the name of the copyright holder nor the names of its
17 |    contributors may be used to endorse or promote products derived from
18 |    this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # frankenpacket
 2 | What is the most encapsulated packet, with a somewhat believable story
 3 | 
 4 | So internet uses Internet Protocol (IP) suite but over the years a lot of technologies have been added to this mess :-D
 5 | 
 6 | Lets try to do some encapsulation, and lets see what stupid, strange, fun packets we can generate!
 7 | 
 8 | ## Rules
 9 | 
10 | Be Excellent to Each Other
11 | 
12 | Produce frankenpackets with a LOT of encapsulation and layers!
13 | 
14 | Produce packets in a repeatable way, I choose Scapy https://scapy.readthedocs.io/en/latest/installation.html which is easy to work with.
15 | 
16 | Packets should have a somewhat believable story, so adding 1000 (one thousand) MPLS labels is not believable.
17 | 
18 | So if you add IPv6 extension headers, I guess the limit is somewhere 5-10
19 | 
20 | First example in hlk-mpls-vxlan-datacenter
21 |  is an example which might happen if an ISP uses Ethernet, MPLS, VLAN and the customer uses VXLAN - to send a DNS packet, which is UDP, IP, in Ethernet.
22 | 
23 | Please include the pcap also when submitting packets.
24 | 
25 | ## Submit yours!
26 | 
27 | I want to see what crazy packets we can create. I hope you will join me, by submitting pull requests.
28 | 
29 | Make a new directory with your handle and some short name. In this I expect you to leave a script/program to produce it, and a pcap. You are free to build on my examples or start from scratch.
30 | 
31 | When you submit something I hope they are "correct" or somewhat perfect packets. Getting network tools like tcpdump, wireshark to at least parse some of it is mandatory - so they would be forwarded in case you sent them on a real network.
32 | 
33 | Note: perfect in this world might be something you can inject, and not necessarily something a real system would produce. Think of the ping of death
34 | which was a malformed packets.
35 | 
36 | https://en.wikipedia.org/wiki/Ping_of_death
37 | 
38 | ## Goals
39 | 
40 | Have fun and learn networking on a low level.
41 | 
42 | Find packets that make routers and firewalls puke, or at least spend more resources processing.
43 | 
44 | I will use these as input for Zeek https://www.zeek.org/ and Suricata https://suricata-ids.org/ to see if they break :-D
45 | 


--------------------------------------------------------------------------------
/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter-ipv6.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kramse/frankenpacket/3eea27a82a40ada9eab30611e1e4a61ddec6c551/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter-ipv6.cap


--------------------------------------------------------------------------------
/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter-ipv6.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | #
 3 | 
 4 | # This frankenpacket uses multiple levels of encapsulation.
 5 | 
 6 | # Its not unrealistic to see one such if two datacenters uses VXLAN
 7 | # and the underlying internet provider uses MPLS
 8 | 
 9 | ###[ Loading modules ]###
10 | import sys
11 | import getopt
12 | #from scapy.all import PcapReader, wrpcap, Packet, NoPayload
13 | from scapy.all import *
14 | 
15 | load_contrib("mpls")
16 | mpls_eth = Ether(src="00:16:3e:11:11:11", dst="ca:01:07:fc:00:1c", type=0x8847)
17 | mpls_lables=MPLS(label=16, s=0, ttl=255)/MPLS(label=18, s=0, ttl=255)/MPLS(label=18, s=0, ttl=255)/MPLS(label=16, s=1, ttl=255)
18 | 
19 | # VLAN
20 | prepacket=mpls_eth/mpls_lables/Ether(dst="00:00:00:00:00:03")/Dot1Q(vlan=42)
21 | 
22 | vtepsrc="fe80::2:f2ff:fe02:af0"
23 | vtepdst="fe80::2:f2ff:fe03:af0"
24 | vxlanport=4789
25 | vni=100
26 | 
27 | # This by me, with input from https://www.idsv6.de/Downloads/IPv6PacketCreationWithScapy.pdf
28 | extension1 = IPv6ExtHdrHopByHop()
29 | jumbo = Jumbo()
30 | jumbo.jumboplen = 2**30
31 | extension1.options = jumbo
32 | 
33 | extended=extension1/IPv6ExtHdrDestOpt()/IPv6ExtHdrRouting()/IPv6ExtHdrFragment()
34 | #extended=extension1
35 | 
36 | # Create a VXLAN header
37 | vxlan=prepacket/IPv6(src=vtepsrc,dst=vtepdst,plen=0)/extended/UDP(sport=1234,dport=vxlanport)/VXLAN(vni=vni,flags="Instance")
38 | 
39 | # Make VXLAN innner packet
40 | broadcast="ff:ff:ff:ff:ff:ff"
41 | srcmac="00:24:9b:47:0d:49"
42 | source="198.51.100.124"
43 | dstmac="00:50:56:12:34:56"
44 | destination="198.51.100.200"
45 | 
46 | realpacket=IP(src=source,dst=destination)/UDP()/DNS(rd=1,id=0xdead,qd=DNSQR(qname="www.bornhack.dk"))
47 | 
48 | # This part from https://www.packetlevel.ch/html/scapy/scapyipv6.html
49 | a=IPv6(nh=58, src='fe80::214:f2ff:fe07:af0', dst='ff02::1', version=6L, hlim=255, plen=64, fl=0L, tc=224L)
50 | b=ICMPv6ND_RA(code=0, chlim=64, H=0L, M=0L, O=0L, routerlifetime=1800, P=0L, retranstimer=0, prf=0L, res=0L, reachabletime=0, type=134)
51 | c=ICMPv6NDOptSrcLLAddr(type=1, len=1, lladdr='00:14:f2:07:0a:f1')
52 | d=ICMPv6NDOptMTU(res=0, type=5, len=1, mtu=1500)
53 | e=ICMPv6NDOptPrefixInfo(A=1L, res2=0, res1=0L, L=1L, len=4, prefix='2001:db99:dead::', R=0L, validlifetime=2592000, prefixlen=64, preferredlifetime=604800, type=3)
54 | 
55 | #realpacket=a/b/c/d
56 | 
57 | packet=vxlan/Ether(dst=dstmac,src=srcmac)/realpacket
58 | #packet2=vxlan/Ether(dst=dstmac,src=srcmac)/packet
59 | 
60 | # Debug
61 | packet.show()
62 | 
63 | headers=len(packet)-len(realpacket)
64 | 
65 | # Stats
66 | print ("Length of packet with all encapsulation: " + str(len(packet)))
67 | print ("Length of headers packet: " + str(headers))
68 | print ("Length of innermost packet: " + str(len(realpacket)))
69 | print ("Overhead ratio: " + str(100 * len(packet) / float ( len(realpacket)) ))
70 | 
71 | wrpcap("mpls-vxlan-datacenter-ipv6.cap",packet)
72 | wireshark (packet)
73 | 


--------------------------------------------------------------------------------
/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kramse/frankenpacket/3eea27a82a40ada9eab30611e1e4a61ddec6c551/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter.cap


--------------------------------------------------------------------------------
/hlk-mpls-vxlan-datacenter/mpls-vxlan-datacenter.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | #
 3 | 
 4 | # This frankenpacket uses multiple levels of encapsulation.
 5 | 
 6 | # Its not unrealistic to see one such if two datacenters uses VXLAN
 7 | # and the underlying internet provider uses MPLS
 8 | 
 9 | ###[ Loading modules ]###
10 | import sys
11 | import getopt
12 | #from scapy.all import PcapReader, wrpcap, Packet, NoPayload
13 | from scapy.all import *
14 | 
15 | load_contrib("mpls")
16 | mpls_eth = Ether(src="00:16:3e:11:11:11", dst="ca:01:07:fc:00:1c", type=0x8847)
17 | mpls_lables=MPLS(label=16, s=0, ttl=255)/MPLS(label=18, s=0, ttl=255)/MPLS(label=18, s=0, ttl=255)/MPLS(label=16, s=1, ttl=255)
18 | 
19 | # VLAN
20 | prepacket=mpls_eth/mpls_lables/Ether(dst="00:00:00:00:00:03")/Dot1Q(vlan=42)
21 | 
22 | vtepsrc="192.0.2.1"
23 | vtepdst="192.0.2.2"
24 | vxlanport=4789
25 | vni=100
26 | 
27 | # Create a VXLAN header
28 | vxlan=prepacket/IP(src=vtepsrc,dst=vtepdst, options=IPOption(b'\x44\x10\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x88\x04\x10\x10\x83\x03\x10\x07\x04\x00\x00'))/UDP(sport=1234,dport=vxlanport)/VXLAN(vni=vni,flags="Instance")
29 | 
30 | # Make VXLAN innner packet
31 | broadcast="ff:ff:ff:ff:ff:ff"
32 | srcmac="00:24:9b:47:0d:49"
33 | source="198.51.100.124"
34 | dstmac="00:50:56:12:34:56"
35 | destination="198.51.100.200"
36 | 
37 | realpacket=IP(src=source,dst=destination, options=IPOption(b'\x44\x10\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x83\x03\x10'))/UDP()/DNS(rd=1,id=0xdead,qd=DNSQR(qname="www.bornhack.dk"))
38 | 
39 | packet=vxlan/Ether(dst=dstmac,src=srcmac)/realpacket
40 | #packet2=vxlan/Ether(dst=dstmac,src=srcmac)/packet
41 | 
42 | # Debug
43 | #packet.show()
44 | 
45 | headers=len(packet)-len(realpacket)
46 | 
47 | # Stats
48 | print ("Length of packet with all encapsulation: " + str(len(packet)))
49 | print ("Length of headers packet: " + str(headers))
50 | print ("Length of innermost packet: " + str(len(realpacket)))
51 | print ("Overhead ratio: " + str(100 * len(packet) / float ( len(realpacket)) ))
52 | 
53 | wrpcap("mpls-vxlan-datacenter.cap",packet)
54 | wireshark (packet)
55 | 


--------------------------------------------------------------------------------