Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Tristan Idoux
    @tristanidoux
    I'm facing a problem right now. Here is my config first 'Linux, Python 3.8.5, Scapy 2.4.3'.
    More context, I have a DHCP listener which uses L2 socket, used this way.
    Tristan Idoux
    @tristanidoux
            self._logger.info("Starting DHCP listener")
            self._socket = scapy.conf.L2listen(type=scapy.ETH_P_ALL, iface=self._interface, filter="udp and (port 67 or 68)")
            scapy.sniff(opened_socket=self._socket, prn=self._proc_packet, store=False, stop_filter=lambda bool: self._stop_event.isSet())
            self._logger.info("DHCP listener stopped")

    I also have a L2 socket for sending broadcast discover trames. Implementation below.

            result_list, unanswered = self._l2socket.sr(scapy.Ether(dst="ff:ff:ff:ff:ff:ff")/scapy.ARP(pdst=cidr), timeout=20, verbose=True)

    The problem is that when I receive a DHCP request callback & when a network discovery is running at the same time, I get the following error:

      File "app/lib/network_discoverer.py", line 87, in _discover_network_devices
        result_list, unanswered = self._l2socket.sr(scapy.Ether(dst="ff:ff:ff:ff:ff:ff")/scapy.ARP(pdst=cidr), timeout=20, verbose=True)
      File "usr/lib/python3.8/site-packages/scapy/supersocket.py", line 95, in sr
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 261, in sndrcv
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 136, in __init__
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 243, in _sndrcv_rcv
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 925, in _run
      File "usr/lib/python3.8/site-packages/scapy/sessions.py", line 47, in on_packet_received
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 212, in _process_packet
      File "usr/lib/python3.8/site-packages/scapy/layers/l2.py", line 166, in hashret
    TypeError: can't concat str to bytes

    It occurs only (I'm almost certain) when I'm receiving a DHCP frame while discovering the network.
    Any input on why this is happening ? Please :)

    Thanks for your time.

    jlescher
    @jlescher

    Hello everyone,

    Let me start with saying:

    • thanks for the tool, it looks super useful
    • I am fairly new to python and totally new to scapy

    Is there anyway to pass a variable when initializing a layer?

    Here is my use-case:
    Mypacket is a header followed by an encrypted payload.
    A field of the header indicates the certificate fingerprint of the public key used to cipher the payload.
    In post_dissect(), I would like to be able to: match the cert fingerprint and uncipher the payload.

    To avoid hardcoding the fingerprint/cert in my packet description, I was thinking of initializing the layer as follow:

    class Mypacket(Packet):
    
        name = "Mypacket"
        fields_desc = [
                LenField("mylen", None, fmt="I"),  # 4 bytes
                XNBytesField("fingerprint", 0, 20),
                ]
    
        def post_dissect(self, s):
            for c in self.credentials:
                if c.hash == self.fingerprint:
                    return crypto.uncipher(c.private_key, s)
            return s
    
    p = Mypacket(bytes, credentials=credentials)

    Is "post_dissect()" the right place for unciphering?
    Is there anyway to pass a variable when initializing a layer? if no is there a work-around (maybe a 0 byte field containing some information?) ?

    Thanks a lot !

    gpotter2
    @gpotter2
    post_dissect is indeed the correct place for this kind of stuff.
    You'll need to change the __init__ function of your packet to store an extra argument. Have a look online. You can copy the signature of __init__ from Packet.py or use __init__(*args, credentials=None, **kwargs). Remember to call super
    1 reply
    jlescher
    @jlescher

    Thanks Gabriel that is super useful !

    One additionnal questions here:

    Some of the fields within my packet are meant to be manipulated as "bytes field".
    Is there a better field than XNBytesField/NBytesField to manipulate them? By digging, I realize that NBytesField internal representation is a large int. So comparing c.hash and self.fingerprint needs some sugar syntax to either:

    • convert back self.fingerprint to bytes()
    • or convert c.hash to a NBytesField to make the comparison in the internal format

    Oh, nevermind I was reading the doc and realized that XStrLenField is probably the field that I am looking for.
    I think it would be worth mentioning "raw" or "raw bytes" in XStrLenField to make it more searchable.

    gpotter2
    @gpotter2
    Yes.
    X just means "hexadecimal", it's not literally raw
    Pooshkis
    @Pooshkis
    hi, maybe someone could help me with packet[Raw].load - how to add new payload? (packet is RTP)
    Mauro M.
    @MM-coder
    Hello, Ive been having some difficulty extracting some information from a packet, namely one that has the TLS layer. I'm trying to get the extensions_server_name from a Client Hello request, I've been trying to access the extensions class but to no avail, any suggestions?
    MariMari7
    @MariMari7
    Hello, How to remove a Packet from a PCAP file using Scapy ?
    Nils Weiss
    @polybassa
    Hi, you can deserialize a pcap file with rdpcap(...). This returns a PacketList. From this PacketList, remove the desired packet. Finally you can serialize this packet list back into a pcap file with wrpcap(...)
    MariMari7
    @MariMari7
    Thank you M. @polybassa for this response, but I'm looking for a Scapy function able to remove complete packet, I found 'remove_payload' which remove only a part of packet.
    Yan0981181511
    @Yan0981181511
    Can someone help me?
    I want to use sendpfast as an lab. I want to send 10Mbps, but the link bandwidth is only 1Mbps. I want to measure the packet loss, but the speed seems to drop because of the link bandwidth, and it drops to the link bandwidth.
    Yan0981181511
    @Yan0981181511
    image.png
    Afilsi
    @Afilsi
    @MariMari7 You can use native python functions (e.g. mylist.pop(1) ) on the list of packets returned by rdpcap(...) to remove the packet from the list.
    TrumpetSven
    @trumpetsven
    Hi, I want to create a packet which Contains two DoIP/UDS Messages. So something like this: IP()/TCP()/DoIP(Data1)/UDS(Data1)/DoIP(Data2)/UDS(Data2). But the second part DoIP(Data2)/UDS(Data2) is treated as part of the payload for DoIP(Data1). Is this somehow possible?
    Daniel García
    @danigargu
    Hi ! does anyone know why scapy cuts USB packets to 65535 bytes? i need read all packet data
    I've tried with scapy.config.Conf.bufsize and RawPcapNgReader / read_packet(size=x), but without success
    it always cuts the packet, but in wireshark I see that some it is bigger than 65535
    Pierre Lalet
    @p-l-
    That's probably the MTU
    Daniel García
    @danigargu
    yep, but how could I change it? I'm reading the packages from a pcapng file
    Pierre Lalet
    @p-l-
    That's probably a bug; you should open an issue and attach a capture file
    Daniel García
    @danigargu
    it seems a bug in 2.4.5 version, i just tested with 2.4.3 and it works well
    Pierre Lalet
    @p-l-
    So you should really open an issue :)
    Daniel García
    @danigargu
    thx!
    MariMari7
    @MariMari7
    Hello, I want to write a script that take Two PCAP files to compare them by Packet (time, ip_source, ip_dest, port_source, port_dest, etc ..) and save the difference into another PCAP file. Any help ??
    Venkateswaran
    @VenkateswaranJ
    Can someone help me with this StackOverflow question https://stackoverflow.com/questions/67266751/remove-tcp-option-using-scapy
    I don't want to copy-paste the question here.
    Nils Weiss
    @polybassa
    @trumpetsven You can create bytes to be sent like you showed with Scapy. It's currently not possible to dissect bytes you receive into this kind of structure. Is there a specification for such an application?
    MariMari7
    @MariMari7
    I have a large size PCAP file (about 12GB), can I parse it using Scapy ?
    PhilippTakacs
    @PhilippTakacs
    Is there a way to get DNSQR/DNSRR out of a DNS packate as a list?
    gpotter2
    @gpotter2
    You can try list(DNS(qd=DNSQR()/DNSQR()).qd.iterpayloads())
    Pooshkis
    @Pooshkis
    hi, maybe someone will have any ideas - when i'm trying to maipulate with RTP packets using scapy (e.g. change version or other header field) and then send them away, everything works, except Wireshark on the other end doesn't "see" those packets as RTP anymore, only as UDP. pkt.show() still shows those packets as RTP (on both sides).. What am I missing?
    TrumpetSven
    @trumpetsven
    @polybassa At this time I got it working wth something like: ip/tcp/bytearray(raw(DoIP(Data1)/UDS(Data1)))/bytearray(raw(DoIP(Data2)/UDS(Data2))).
    This is probably defined in ISO 14229-5, but do not have in handy now.
    Afilsi
    @Afilsi
    @MariMari7, you can use for pkt in PcapReader('datas.pcap'):, which allows to load a packet in memory only when it is needed and not to overload the memory with the complete capture.
    Michael Bruhn
    @EviLDgL_gitlab
    Hey guys. Im actually implementing an ssh client/server in scapy with the automaton framework and i came across a problem. decrypting/enrypting/parsing ect works just fine until it comes to tcp fragmentation. i discovered the tcp_reassamble method but i dont get it 100% by now. My problem is that the "ssh packet length" is encrypted so there is no way to find if the data is segmentend or not. is there any way to pass the "decryptor" object with the meta data dictionary and decrypt the first chunk of a packet and extract the "ssh packet length"? And sometimes there are multiple "small" ssh packets encrypted in one tcp payload this is kinda the contrary problem with that. i want the master_filter return the separatly. My solution so far is decrypting everything in the master_filter and overwrite the packet ref with the "big concatenated packet", but this only triggers the receive.conditions of my automaton once even if there are multiple packets returned. Is there any mechanism implemented to get the master_filter do return the sequentially or needs this to be implemented somewhere in the "scapy area" of my ssh definition? Greetings :)
    the "decryptor" object ist part of the class which contains the automaton, so one "layer" above the actuall scapy ssh implementation
    sezb51
    @sezb51
    Hello. I'm new to scapy and in my learning I'm trying to simulate a vowifi request which includes ipsec (isakmp/esp) toward ePDG then a sip register toward ims. Currently I'm struggling on the first "ike_sa_init initiator request" where I'm not able to add multiple transform proposal to the security association payload. Do you think my objective is doable with scapy ? How is the ipsec implementation so far ? Is this the proper forum for these kind of requests or is there any better repository for more data/code exchange ?
    sezb51
    @sezb51
    The below screenshot is an attempt to derive packet configuration from a working pcap capture.
    Unfortunately scapy seems unable to inspect (or support) all different sublayers and just show the "load" field populated with the data I hoped to re-use as baseline in my python code...
    scapy_isakmp_issue.png
    davehouser1
    @davehouser1
    Hello
    I am trying to configure EDNS for a DNS packet with scapy.
    I need to craft specific sections for EDNS Opt0 based on RFC7871. See section 6
    https://datatracker.ietf.org/doc/html/rfc7871
    I read though this documentation
    https://scapy.readthedocs.io/en/latest/api/scapy.layers.dns.html
    The "Display RFC-like schema" for class scapy.layers.dns.DNSRROPT(args, *kargs) does not seem to resemble this structure. Notice that RFC7871 references RFC6891 in section 6
    Is there a way to adjust scapy to send Option: Padding, and Option: CSUBNET - client subnet sections?
    I can do this with the clientsubnetoption module in python, I have tested. You can see this post for details
    https://stackoverflow.com/questions/28609181/resolve-dns-edns-with-client-subnet-option-in-python
    Plans to incorporate this into Scapy? or am I missing something
    bishop527
    @bishop527
    I'm starting to learn about the HDLC protocol and have a question about how it's implemented in Scapy. I see the address and control fields are defined, but not the Flag or FCS/CRC fields. How are those fields accounted for/handled in Scapy? Thanks.
    Guillaume Valadon
    @guedou
    @davehouser1 we have the basic EDNS0TLV RR, but you will need to do the encoding/decoding yourself. Feel free to submit a PR.
    iznogoud-zz
    @iznogoud-zz
    Hello,
    I am doing some experiments with IPsec and would like to decrypt the IKE_AUTH and INFORMATIONAL IKEv2 messages. I have access to the all the keys necessary, SK_e(i,r) and SK_a(i,r) and SPIs but am not sure this is even possible with scapy. Does anyone know if I can do this with scapy? Is there an alternative, if not?
    Thanks
    XyKong
    @TraverseBiTree
    scapy sniffing less packets than wireshark
    image.png
    XyKong
    @TraverseBiTree
    image.png