reand other stuff into builtins when using scapy as a library
scapy.arch....become global interactive or not
Hi, just updated to newest Scapy for WPA3 support. Now I do have an issue with KillerBee (kbsniff function form scapy_extensions.py):
return plist.PacketList(__kb_recv(kb, count = count, store = store, prn = prn, lfilter = lfilter, stop_filter = stop_filter, verbose = verbose, timeout = timeout), 'Sniffed')
NameError: global name 'plist' is not defined
Anyone any clue where plist now is?
importto import things
Hi all, I hope this is the right place for me to ask this question:
I have a problem concerning the ethertype and Dot1Q headers.
802.1Q Frames are supposed to be inserted between the Ethernet Source field, and the EtherType field,
but it seems like they are inserted after the ethernet header (after EtherType).
(Ether(dst="AA:AA:AA:AA:AA:AA", src="BB:BB:BB:BB:BB:BB", type=0xEEEE)/Dot1Q(type=0x8100, vlan=0xDDD)).build()
While I expected to get (Ethertype and TPID field are switched):
Is this behavior anticipated?
sniffoffline. Any help would be greatly appreciated. Thanks!
from scapy.all import * packet_reader = RawPcapNgReader('my_pacapng_file.pcapng') while True: try: p = packet_reader.read_packet(size=500000) do_some_things_to_each_packet_function_or_class_here(p) except EOFError: break
I'm wondering if Scapy supports remote capture using rpcapd ?
scapy.sniff() works perfectly when capturing local packets but I want to capture packets on another pc with rpcapd running on it.
If rpcapd is installed on a remote machine, Wireshark/Tshark can capture remote packets by replacing local interface name with remote interface name like "rpcap://remoteip:2002/eth0".
I tried scapy.sniff(iface ="rpcap://remoteip:2002/eth0" ) but it returned with an error saying that this interface is not found(apparently scapy checked if the interface is available on the local machine).
If Scapy supports remote capture, what's the proper way of doing this ? I googled "scapy rpcap" but only got results of "scapy rdpcap" which is not what I want.
Thank you very much for your time.
bind_layerscall in the scapy codebase.
scapy/layers/l2.pyon line 581 the
SNAPlayer is being bound to the
bind_layers(SNAP, Ether, code=1).
OUI=000000, the code value's meaning is given by EtherTypes. However, when the
OUIfield is an organization's
OUI, the layer bindings are specific to the organization.
OUIthey are using? Otherwise wouldn't they overlap with other organization specific bindings? Thank you!
I'm using scapy 2.4.3dev699 and trying to use conf.layers.filter to improve performance by reducing the number of protocols being parsed. When I run the following code, which doesn't use the filter, everything works fine.
msg = IP(src="192.168.1.2", dst="192.168.50.5") / UDP(sport=1234, dport=4321) send(msg)
When I add conf.layers.filter([IP, TCP, UDP]) the above code sends the packet multiple times. After doing some digging I learned that this is because the destination MAC address can't be resolved so the packet is sent via broadcast. To only send 1 packet I have to use the following code
conf.layers.filter([IP, TCP, UDP]) msg = Ether(dst='00:01:02:03:04:06') / IP(src="192.168.1.2", dst="192.168.50.5") / UDP(sport=1234, dport=4321) sendp(msg)
Why do I have to specifically build the Ether layer when using the filter but don't have to do it when not using the filter?
elif pkt.haslayer(HTTPResponse): try: json.loads(str(pkt[Raw])) except Exception as e: print e print pkt[Raw] return
Yes. I tried it with both sendp and send after adding Ether to the filter list. when using send it would send the packet via broadcast. when using sendp it didnt sent at all even though scapy says it sent a packet.
I tested it on another system and didn't have the same problems. The only difference between the 2 systems is that the on the second system getmacbyip returned the MAC address of the destination. So my guess is that not being able to resolve the MAC is part of the problem. Just now sure how to fix that.
def packet_parse(pkt): """ This function is executed whenever a packet is sniffed """ now = time.strftime("%Y.%m.%d %H:%M:%S", time.localtime(time.time())) if pkt.haslayer(HTTPRequest): return elif pkt.haslayer(HTTPResponse): if "application/json" not in (str(pkt[HTTPResponse].Content_Type)).split(";"): return try: # json.loads(str(pkt[HTTPResponse].payload)) print pkt[HTTPResponse].load except Exception: print gzip_uncompress(pkt[HTTPResponse].load) if __name__ == '__main__': load_layer("http") conf.contribs["http"]["auto_compression"] = True print conf.contribs["http"]["auto_compression"] # sniff(offline=r'D:\\bigResponse.pcapng', prn=packet_parse, session=TCPSession) sniff(offline=r'C:\Users\test1\Documents\WXWork\1688850682072943\Cache\File\2020-07\debug_web_search_44k.pcap', prn=packet_parse, session=TCPSession)