scapy – Interactive Packet Manipulation / Generation Tool for Linux / UNIX

Posted on in Categories Debian Linux, Hardware, Linux, Security, Ubuntu Linux, UNIX last updated January 28, 2008

Recently I started to play with scapy – a powerful interactive packet manipulation and custom packet generation program written using Python. Please note that this tool is not for a new Linux / UNIX users. This tool requires extensive knowledge of network protocols, packets, layers and other hardcore networking concepts. This tool is extermly useful for
a] Understanding network headers
b] Testing network security
c] Write your own utilities using scapy
d] Decoding protocols etc

From the man page:

You can use this tool to check the security of your own network as it allows to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics such as VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.

Continue reading “scapy – Interactive Packet Manipulation / Generation Tool for Linux / UNIX”

Linux or UNIX password protect files

Posted on in Categories Debian Linux, FreeBSD, Howto, Linux, OpenBSD, RedHat/Fedora Linux, Security, Solaris, Suse Linux, Tips, Ubuntu Linux, UNIX last updated December 14, 2007

From my mailbag:

Q. How do I password protect files?

Linux and other Unixish oses offers strong file permissions and ACL (access control list) concept in Linux/UNIX computer security used to enforce privilege separation.

However, none of them offers a password to protect files. You can use GNU gpg (GNU Privacy Guard) encryption and signing tool. It is a suite of cryptographic software. Many new UNIX/Linux users get confused with this fact.

Solution is to use following commands to encrypt or decrypt files with a password.

mcrypt command

Mcrypt is a simple crypting program, a replacement for the old unix crypt. When encrypting or decrypting a file, a new file is created with the extension .nc and mode 0600. The new file keeps the modification date of the original. The original file may be deleted by specifying the -u parameter.


Encrypt data.txt file:
$ mcrypt data.txt

Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

A new file is created with the extension .nc i.e.

$ ls
$ cat

Decrypt the file:
$ mcrypt -d

Enter passphrase:
File was decrypted.

Verify that file was decrypted:

$ ls data.txt
$ cat data.txt

For mcrypt to be compatible with the Solaris des, the following parameters are needed:
$ mcrypt -a des --keymode pkdes --bare -noiv data.txt
Delete the input file if the whole process of encryption/decryption succeeds (pass -u option):
$ mcrypt -u data.txt
$ mcrypt -u -d

openssl command

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. You can use the openssl program which is a command line tool for using the various cryptography functions of OpenSSL’s crypto library from the shell. It can be used for encrypt and decrypt files with a password:


Encrypt file.txt to file.out using 256-bit AES in CBC mode
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.out
Decrypt encrypted file file.out
$ openssl enc -d -aes-256-cbc -in file.out

  • enc : Encoding with Ciphers.

See also:

Penetration testing – security password auditing for UNIX / Linux systems

Posted on in Categories Linux, Monitoring, RedHat/Fedora Linux, Security, UNIX last updated October 29, 2007

If you just want to see how secure your network is or you would like to audit your own network, and to determine the insecurity of cleartext network protocols then you need to use sniffer programs. There are tons of Network protocol analyzer for Unix and Linux exist that allows examination of data from a live network, or from a capture file on disk For example Ethereal is one of such a program.

However, if you just interested in a password related auditing then nothing can beat dsniff program. It is simple and easy to use. dsniff capture passwords through http, ftp, smtp, pop3, telnet and many other cleartext protocols. dsniff includes various sniffing utilities for penetration testing.

Step # 1: Install dsniff

Install dsniff under Debian / Ubuntu Linux:
# apt-get install dsniff
If you are using FreeBSD then you can install it using ports or binary package:
# pkg_add -r dsniff
On the other hand, use ports collection:
># cd /usr/ports/security/dsniff
# make; make install; make clean

Step # 2: Start dsniff

dsniff automatically detects and minimally parses each application protocol, only saving the interesting bits, and uses Berkeley DB as its output file format, only logging unique authentication attempts. Login as a root user and type dsniff command:
# dsniff
For example, if user use ftp, telnet, or other cleartext protocol then you can capture passwords:

03/16/06 23:34:02 udp -> router.161 (snmp)
[version 1]

03/16/06 23:36:10 tcp -> (ftp)
USER rocky
PASS myF&6z#*

Depend upon this audit report:

  • You can block cleartext port
  • Educate your user and ask them to use secure version of each of these protocols