Thank you Guedou for you help !
The issue is that I try to forge mDNS queries, but they aren't successful as they don't return any answers. They are successfully sent though.
(The dig command : dig -x 192.168.50.29 @224.0.0.251 -p 5353 +short )
Here is what I tried :
sr1 or wireshark(IP(dst="224.0.0.251")/
UDP(dport=5353)/
DNS(rd=1,qd=DNSQR(qname="192.168.50.29",qtype='PTR')))
Wireshark:
->The dig frame is a good MDNS frame
-> The Scapy is a DNS frame (... I don't know why I expected a mDNS here)
When I try to replay the dig request, it doesn't work. It looks like this :
d=sr1(IP(dst="224.0.0.251")/
UDP(dport=5353)/
Raw(load= '\x03\x83'
#Transaction ID
'\x01\x00'
#Flags
'\x00\x01'
#Questions
'\x00\x00'
#Answers RR
'\x00\x00'
#Authority RR
'\x00\x00'
#Additionnal RRs
'\x02\x32\x39\x02\x00\x10\x35\x30\x03\x31\x36\x38\x03\x31\x39\x32\x07\x69\x6e\x2d\x61\x64\x00\x20\x64\x72\x04\x61\x72\x70\x61\x00'
#Name
'\x00\x0c'
#PT
'\x00\x01'))
#IN
However, when I try to send this kind of packet, forged by myself, it's detected as malformed by wireshark.
Do you have a better way to do this ?
If no, does a mDNS layer is required ? I'd love to contribute to Scapy and make one if it's needed. But as I am just an amateur in networks, is it relevant to create a new layer ?
Thank you !
Lodags -- I hope I'm understandable, I'm French. (And sometimes even Frenchs don't understand me)
Thank you Guedou for you help !
The issue is that I try to forge mDNS queries, but they aren't successful as they don't return any answers. They are successfully sent though.
(The dig command : dig -x 192.168.50.29 @224.0.0.251 -p 5353 +short )
Here is what I tried :
sr1 or wireshark(IP(dst="224.0.0.251")/
UDP(dport=5353)/
DNS(rd=1,qd=DNSQR(qname="192.168.50.29",qtype='PTR')))
Wireshark:
->The dig frame is a good MDNS frame
-> The Scapy is a DNS frame (... I don't know why I expected a mDNS here)
When I try to replay the dig request, it doesn't work. It looks like this :
d=sr1(IP(dst="224.0.0.251")/
UDP(dport=5353)/
Raw(load= '\x03\x83'
#Transaction ID
'\x01\x00'
#Flags
'\x00\x01'
#Questions
'\x00\x00'
#Answers RR
'\x00\x00'
#Authority RR
'\x00\x00'
#Additionnal RRs
'\x02\x32\x39\x02\x00\x10\x35\x30\x03\x31\x36\x38\x03\x31\x39\x32\x07\x69\x6e\x2d\x61\x64\x00\x20\x64\x72\x04\x61\x72\x70\x61\x00'
#Name
'\x00\x0c'
#PT
'\x00\x01'))
#IN
However, when I try to send this kind of packet, forged by myself, it's detected as malformed by wireshark.
Do you have a better way to do this ?
If no, does a mDNS layer is required ? I'd love to contribute to Scapy and make one if it's needed. But as I am just an amateur in networks, is it relevant to create a new layer ?
Thank you !
Lodags -- I hope I'm understandable, I'm French. (And sometimes even Frenchs don't understand me)