Issues with mac address values #23
Comments
|
Hi @dragonxtek, That's right. This is due to a limitation of the get_payload method of the external library Netfilterqueue, which is responsible for doing real-time network packet interception along with iptables. For the last version of Polymorph I was looking at the possibilities it offered to capture the Ethernet layer and I could not find a clean way to do it without doing some hacking on the existing python library. Therefore, nowadays, when a packet is intercepted it does not have the Ethernet layer incorporated and that is why it seems like 0. I will probably take up this requirement again for the next update and try to find a solution as clean as possible so that the intercepted packets incorporate this layer. Thanks for your comment! |
|
Hi @shramos , Could you advise which previous versions did have support for ['ETH']. I've got an application for this, but being able to filter by ethertype is critical. |
|
Hi @ConorShore , No previous version of Polymorph has support for the ETH layer due to a limitation in the netfilterqueue library with which network packets are intercepted. I am working on introducing support for this layer in the next Polymorph update. |
|
@shramos that would be great, there's a lot of fun to be had exploiting protocols that don't rely on IP |
Hi @shramos
I detected that polymorph when read packet['ETH']['src'], only reads 00:00:00:00:00:00
If I change the mac address value, I can't see the modification on packets
The text was updated successfully, but these errors were encountered: