polymorph
polymorph copied to clipboard
shramos
Issues with mac address values
Hi @shramos I detected that polymorph when read packet['ETH']['src'], only reads 00:00:00:00:00:00 If I change the mac address value, I can't see the modification on packets
Hi @dragonxtek,
That's right. This is due to a limitation of the get_payload method of the external library Netfilterqueue, which is responsible for doing real-time network packet interception along with iptables. For the last version of Polymorph I was looking at the possibilities it offered to capture the Ethernet layer and I could not find a clean way to do it without doing some hacking on the existing python library. Therefore, nowadays, when a packet is intercepted it does not have the Ethernet layer incorporated and that is why it seems like 0.
I will probably take up this requirement again for the next update and try to find a solution as clean as possible so that the intercepted packets incorporate this layer.
Thanks for your comment!
Hi @shramos ,
Could you advise which previous versions did have support for ['ETH']. I've got an application for this, but being able to filter by ethertype is critical.
Hi @ConorShore ,
No previous version of Polymorph has support for the ETH layer due to a limitation in the netfilterqueue library with which network packets are intercepted. I am working on introducing support for this layer in the next Polymorph update.
@shramos that would be great, there's a lot of fun to be had exploiting protocols that don't rely on IP