Hi i am trying to Bridge Profinet traffic with scapy, here is my script:
from scapy.all import *
interfaces = {
"plc": "ens19",
"io": "ens20"
}
def pkt_PLC(pkt):
return pkt
def pkt_io(pkt):
return pkt
def bridge():
bridge_and_sniff(interfaces["plc"], interfaces["io"], xfrm12=pkt_PLC,
xfrm21=pkt_io, count=0, store=0)
if __name__ == '__main__':
conf.sniff_promisc = True
bridge()
the script is working and forwarding the traffic but only for about a minute. After that the connection is shortly lost and the devices have to reconnect. After that its working again for about a minute and than again the same problem. Now my Problem is that with Profinet the connection can’t be lost it always has to be up. So my question is am I doing something wrong, can I somehow up the performance or is it normal that scapy is resetting itself after a time?
Thanks for your help
i'm using scapy as part of a course I'm doing and I can't figure out why I'm getting errors for the following.
I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS
from scapy.all import *
ports = [25,80,53,443,445,8080,8443]
ans,unans = sr(IP(dst="8.8.8.8")/TCP(dport=ports,flags="S"),timeout=2,verbose=0)
for (s,r,) in ans:
if s[TCP].dport == r[TCP].sport:
print(s[TCP].dport)
The error I get is
IndexError Traceback (most recent call last)
<ipython-input-4-b68762f6bdfb> in <module>
1 for (s,r,) in ans:
----> 2 if s[TCP].dport == r[TCP].sport:
3 print(s[TCP].dport)
4
/usr/lib/python3/dist-packages/scapy/packet.py in getitem(self, cls)
1183 elif not isinstance(lname, bytes):
1184 lname = repr(lname)
-> 1185 raise IndexError("Layer [%s] not found" % lname)
1186 return ret
1187
IndexError: Layer [TCP] not found
I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS and when I start scapy I get the following
<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()
<frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()
<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()
<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()
<frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()
<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()
<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()
TLS 1.3
Scapy example server, client with PSK fails with
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_client.py --psk 636c69656e74696431 --debug --version tls13
DEBUG: Starting control thread [tid=139722989967104]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]
Starting TLS client automaton.
DEBUG: switching from [INITIAL] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [CONNECT]
DEBUG: ## state=[CONNECT]Trying to connect on 127.0.0.1:4433
DEBUG: switching from [CONNECT] to [TLS13_START]
DEBUG: ## state=[TLS13_START]
DEBUG: Trying Condition [tls13_should_add_ClientHello]
DEBUG: Condition [tls13_should_add_ClientHello] taken to state [TLS13_ADDED_CLIENTHELLO]
DEBUG: switching from [TLS13_START] to [TLS13_ADDED_CLIENTHELLO]
DEBUG: ## state=[TLS13_ADDED_CLIENTHELLO]
DEBUG: switching from [TLS13_ADDED_CLIENTHELLO] to [TLS13_SENDING_CLIENTFLIGHT1]
DEBUG: ## state=[TLS13_SENDING_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_send_ClientFlight1]
DEBUG: Condition [tls13_should_send_ClientFlight1] taken to state [TLS13_SENT_CLIENTFLIGHT1]
DEBUG: switching from [TLS13_SENDING_CLIENTFLIGHT1] to [TLS13_SENT_CLIENTFLIGHT1]
DEBUG: ## state=[TLS13_SENT_CLIENTFLIGHT1]
DEBUG: switching from [TLS13_SENT_CLIENTFLIGHT1] to [TLS13_WAITING_SERVERFLIGHT1]
DEBUG: ## state=[TLS13_WAITING_SERVERFLIGHT1]
DEBUG: switching from [TLS13_WAITING_SERVERFLIGHT1] to [TLS13_RECEIVED_SERVERFLIGHT1]
DEBUG: ## state=[TLS13_RECEIVED_SERVERFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ServerHello]
DEBUG: Condition [tls13_should_handle_ServerHello] taken to state [TLS13_HANDLED_SERVERHELLO]
DEBUG: switching from [TLS13_RECEIVED_SERVERFLIGHT1] to [TLS13_HANDLED_SERVERHELLO]
DEBUG: ## state=[TLS13_HANDLED_SERVERHELLO]
DEBUG: Trying Condition [tls13_should_handle_encrytpedExtensions]
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
DEBUG: Condition [tls13_should_handle_encrytpedExtensions] not taken
DEBUG: Trying Condition [tls13_should_handle_ChangeCipherSpec]
DEBUG: Condition [tls13_should_handle_ChangeCipherSpec] not taken
DEBUG: Trying Condition [tls13_missing_encryptedExtension]
Missing TLS 1.3 EncryptedExtensions message!
DEBUG: Condition [tls13_missing_encryptedExtension] taken to state [CLOSE_NOTIFY]
DEBUG: switching from [TLS13_HANDLED_SERVERHELLO] to [CLOSE_NOTIFY]
DEBUG: ## state=[CLOSE_NOTIFY]Trying to send a TLSAlert to the server...
DEBUG: Trying Condition [close_session]
DEBUG: Condition [close_session] taken to state [FINAL]
DEBUG: switching from [CLOSE_NOTIFY] to [FINAL]
DEBUG: ## state=[FINAL]
Closing client socket...
Ending TLS client automaton.
DEBUG: Stopping control thread (tid=139722989967104)
root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls#
root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
DEBUG: Starting control thread [tid=140400778635008]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]
Starting TLS server automaton.
Receiving 'stop_server' will cause a graceful exit.
Interrupting with Ctrl-Z might leave a loose socket hanging.
DEBUG: switching from [INITIAL] to [BIND]
DEBUG: ## state=[BIND]
DEBUG: switching from [BIND] to [WAITING_CLIENT]
DEBUG: ## state=[WAITING_CLIENT]Waiting for a new client on 127.0.0.1:4433
Accepted connection from 127.0.0.1:59432DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ClientHello]
DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [RECEIVED_CLIENTFLIGHT1]
root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
DEBUG: Starting control thread [tid=139891420256000]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]
Starting TLS server automaton.
Receiving 'stop_server' will cause a graceful exit.
Interrupting with Ctrl-Z might leave a loose socket hanging.
DEBUG: switching from [INITIAL] to [BIND]
DEBUG: ## state=[BIND]
DEBUG: switching from [BIND] to [WAITING_CLIENT]
DEBUG: ## state=[WAITING_CLIENT]Waiting for a new client on 127.0.0.1:4433
Accepted connection from 127.0.0.1:59436DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ClientHello]
DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [RECEIVED_CLIENTFLIGHT1] to [tls13_HANDLED_CLIENTHELLO]
DEBUG: ## state=[tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [tls13_HANDLED_CLIENTHELLO] to [tls13_PREPARE_SERVERFLIGHT1]
DEBUG: ## state=[tls13_PREPARE_SERVERFLIGHT1]
DEBUG: Trying Condition [tls13_should_add_ServerHello]
DEBUG: Condition [tls13_should_add_ServerHello] taken to state [tls13_ADDED_SERVERHELLO]
DEBUG: switching from [tls13_PREPARE_SERVERFLIGHT1] to [tls13_ADDED_SERVERHELLO]
DEBUG: ## state=[tls13_ADDED_SERVERHELLO]
DEBUG: Trying Condition [tls13_should_add_EncryptedExtensions]
DEBUG: Condition [tls13_should_add_EncryptedExtensions] taken to state [tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: switching from [tls13_ADDED_SERVERHELLO] to [tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: ## state=[tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: Trying Condition [tls13_should_add_CertificateRequest]
DEBUG: Condition [tls13_should_add_CertificateRequest] taken to state [tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: switching from [tls13_ADDED_ENCRYPTEDEXTENSIONS] to [tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: ## state=[tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: Trying Condition [tls13_should_add_Certificate]
DEBUG: Condition [tls13_should_add_Certificate] taken to state [tls13_ADDED_CERTIFICATE]
DEBUG: switching from [tls13_ADDED_CERTIFICATEREQUEST] to [tls13_ADDED_CERTIFICATE]
DEBUG: ## state=[tls13_ADDED_CERTIFICATE]
DEBUG: Trying Condition [tls13_should_add_CertificateVerifiy]
DEBUG: Condition [tls13_should_add_CertificateVerifiy] taken to state [tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: switching from [tls13_ADDED_CERTIFICATE] to [tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: ## state=[tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: Trying Condition [tls13_should_add_Finished]
DEBUG: Condition [tls13_should_add_Finished] taken to state [tls13_ADDED_SERVERFINISHED]
DEBUG: switching from [tls13_ADDED_CERTIFICATEVERIFY] to [tls13_ADDED_SERVERFINISHED]
DEBUG: ## state=[tls13_ADDED_SERVERFINISHED]
DEBUG: Trying Condition [tls13_should_send_ServerFlight1]
DEBUG: Condition [tls13_should_send_ServerFlight1] taken to state [tls13_WAITING_CLIENTFLIGHT2]
DEBUG: switching from [tls13_ADDED_SERVERFINISHED] to [tls13_WAITING_CLIENTFLIGHT2]
DEBUG: ## state=[tls13_WAITING_CLIENTFLIGHT2]
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
WARNING: InnerPlaintext should at least contain a byte type!
DEBUG: Transferring exception from tid=139891420256000:
Traceback (most recent call last):
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 986, in _do_control
state = next(iterator)
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 1021, in _do_iter
state_output = self.state.run()
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 347, in run
return self.func(self.automaton, self.args, *self.kargs)
File "/home/localadmin/workspace/scapy_new/scapy/scapy/layers/tls/automaton_srv.py", line 839,
class IPFIXHeader(Packet):
name = "IPFIX Header"
fields_desc = [ ShortField("version", 10),
FieldLenField("length",None, length_of="sets"),
IntField("exportTime", 0),
IntField("sequenceNumber", 0),
IntField("observationDomainId", 0),
PacketListField("sets",None, SetHeader, length_from=lambda pkt:pkt.length-16) ]
# This calculates the length of the IPFIX message after the packet is assembled
def post_build(self, p, pay):
if self.length is None:
l = len(p)+len(pay)
p = p[:2]+struct.pack("!H", l)+p[4:]
return p+pay
def extract_padding(self, s):
return "", s
class SetHeader(Packet):
name = "Set Header"fields_desc = [ ShortField("setID", 0),
FieldLenField("setLength", None, length_of="records"),
PacketListField("records", None, None, length_from=lambda pkt:pkt.setLength-4) ]
def extract_padding(self, s):
return "", s
# Overwrites class of packets in "records" depending on value of setID, hence allowing
# for correct dissection of records (into Template, Volume Record, or Performance Record)
def do_dissect(self, s):
flist = self.fields_desc[:]
flist.reverse()
while s and flist:
f = flist.pop()
s,fval = f.getfield(self, s)
self.fields[f.name] = fval
if f.name == "setID":
if fval == 2:
print("Should call TemplateHeader", flush=True)
max(flist).cls = TemplateHeader
class TemplateHeader(Packet):
name = "Template Header"
fields_desc = [ ShortField("templateID", 1000),
ShortField("fieldCount", 21) ]
def guess_payload_class(self, payload):
print("I am in the TemplateHeader Now", flush=True)
if (self.templateID >= 1000 and self.templateID <= 1999):
return VolumeTemplate
I am trying to wrap my head around scapy (with rusty python knowledge in a jupyter notebook)
I've managed to load a pcap file and I am looking at the first package.
I am trying to reproduce wiresharks parsing of the package.
That package contains BTP-B and Intelligent Transport Data (where the ultimate goal is to write a scapy layer for these protocols. Scapy decodes Ethernet, IP and UDP Layers and everything else is just raw hex. Wireshark shows me that the next layer is TZSP IEEE 802.11 Good
Naive me thought that i only need to do:
from scapy.all import *
from scapy.contrib.tzsp import TZSP
pcap = rdpcap("/home/jovyan/work/my.pcap")
first_packet = pcap[0]
first_packet[TZSP]
but that returns : IndexError: Layer [TZSP] not found
Hello there, I'm hitting the below issue when using scapy to process hundreds of packets performing header manipulation from a process. I already have set the max open files to open files (-n) 1048576 as can be seen from ulimit.
Process Process-4126:
Traceback (most recent call last):
File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, self._kwargs)
File "<>", line 286, in send
self._sendComposite(pkt, padToLength)
File "<>", line 276, in _sendComposite
send(packet, verbose=0)
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 429, in send kargs
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 394, in _send
socket = socket or _func(iface)(iface=iface, *kargs)
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 503, in init
_flush_fd(self.ins.fileno())
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 460, in _flush_fd
r, w, e = select([fd], [], [], 0)
ValueError: filedescriptor out of range in select()
@tkekan
This error is usually seen after Process Process-1016
just before issue starts.
bash-4.2$ cat /proc/sys/fs/file-nr
3040 0 6155890
Initial state :
bash-4.2$ cat /proc/sys/fs/file-nr
2176 0 6155890
Hello, I'm trying to sniff TCP packets from my PC to an Ethernet/RS485 adapter (IP: 192.168.0.97
, port: 502). So I tried both
sniff(iface=None, prn=Packet.summary, filter="tcp port 502")
# and
sniff(iface=None, prn=Packet.summary, filter="ip host 192.168.0.97")
But none of these print packets.