@guedou del() the late evaluated field or setting its value to None indeed works.
But, if I’m new to the protocol, how to know which field is late evaluated thus it should be deleted after assignment?
@guedou Got it, thanks!
So, for one new protocol, how to know which field is late evaluated thus it should be deleted after assignment?
post_build, some fields are change in
i2m, I went through the
fields.pyand listed them:
[LenField, FCSField, PacketLenField, StrFixedLenField, StrLenField, _XStrLenField, FieldLenField, LenField, BitFixedLenField, BitFieldLenField, MultiFlagsField, _IPPrefixFieldBase, _ScalingField]
:point_up: Edit: Hi everybody, I'm trying to manipulate a 1.3 TLS session with scapy. My test setup uses 3 containers and the mitm container is sniffing the packets. My goal right now is to create a new verify message which is created in the handshake.py (line 1194).
How do i handle the TLS Connection in scapy and how can i create a new verify message?
This is some of my code so far: https://pastebin.com/BkD82cXy
for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
from scapy.all import * for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"): pass `
Traceback (most recent call last): File "sample.py", line 3, in <module> for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"): ValueError: too many values to unpack (expected 2)
This is how I loop now, but the change doesn't reflect when I write that
last = None counter = 0 while True: layer = pkt.getlayer(counter) if layer is None: break if isinstance(layer, scapy.contrib.diameter.AVPNV_StrLenField): if layer.name == 'AVP Public-Identity': orig = layer.val.decode('us-ascii') repl = _generate_replacement(orig) layer.val = repl.encode('us-ascii') counter = counter + 1
pktto a file.
I would like to generate 5G GTP-U packets from Trex. I am able to do the same through GTP_U_Header(teid=740294658,gtp_type=255,S=0) in scapy.
I would like to check if there is support in scapy to encode Next extension header type= PDU Session Container also so that QFI (Qos flow identifier) field also can be encoded?