Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    grandnew
    @grandnew

    @guedou del() the late evaluated field or setting its value to None indeed works.
    But, if I’m new to the protocol, how to know which field is late evaluated thus it should be deleted after assignment?

    @guedou Got it, thanks!
    So, for one new protocol, how to know which field is late evaluated thus it should be deleted after assignment?

    Guillaume Valadon
    @guedou
    ls(IP) for example
    It shows the fields assigned to None
    grandnew
    @grandnew
    But, how about those fields (like StrField) whose default value is assigned to None?
    grandnew
    @grandnew

    But, how about those fields (like StrField) whose default value is assigned to None?

    @guedou The fields assigned to None means the default value is None. But the default value of some StrField fields may also be assigned to None.

    eaglerbits
    @eaglerbits
    Hello, I'm new here.
    I need to track Netflix, HBO streaming sessions, I guess Scapy Sessions will be the best way, right?
    gpotter2
    @gpotter2
    @grandnew Interesting question. As of right now, you need to look through the code to see fields that are changed (in post_build) but it would be nice to see which fields are auto computed... lot of work though
    grandnew
    @grandnew
    @gpotter2 Yeah, it can be lots of manual work. For the reason that, apart from post_build, some fields are change in i2m.
    As for those fields changed in i2m, I went through the fields.py and listed them:
    [LenField, FCSField, PacketLenField, StrFixedLenField, StrLenField, _XStrLenField, FieldLenField, LenField, BitFixedLenField, BitFieldLenField, MultiFlagsField, _IPPrefixFieldBase, _ScalingField]
    Merc
    @mercurial12
    In Scapy Sniff, is it possible to filter on a specific src/dst IP or src/dst port?
    Merc
    @mercurial12
    nvm found it
    just uses bpf style filter: https://biot.com/capstats/bpf.html
    drmlbrt
    @drmlbrt
    Question: trying to build a 'test' QOS script. Using Scapy, works ok for my local address. Howver, when I try a corporate IP, it is giving me a routing issue.... WARNING: No route found (no default route?)
    Nils Weiss
    @polybassa
    Hi, will appveyor be available for unit testing in the near future?
    gpotter2
    @gpotter2
    Yes.. we have no plans of switching off Appveyor.. Why ask? Did they have a policy change or something?
    @eaglerbits Probably not. Scapy will only allow you to see what IPs people connect to, so that's what you'll see (and you'll need to maintain a giant list of all Netflix' IPs...)
    eaglerbits
    @eaglerbits
    Right, But do you have a better idea?
    I need to know when a device starts/ends Netflix streamings
    christianwebster
    @christianwebster:matrix.org
    [m]
    Hi everybody, I'm trying to manipulate a 1.3 TLS session with scapy. My test setup uses 3 containers and the mitm container is sniffing the packets. My goal right now is to create a new verify message which is created in the handshake.py (line 1194).
    How do i handle the TLS Connection in scapy and how can i create a new verify message?
    christianwebster
    @christianwebster:matrix.org
    [m]

    :point_up: Edit: Hi everybody, I'm trying to manipulate a 1.3 TLS session with scapy. My test setup uses 3 containers and the mitm container is sniffing the packets. My goal right now is to create a new verify message which is created in the handshake.py (line 1194).
    How do i handle the TLS Connection in scapy and how can i create a new verify message?

    This is some of my code so far: https://pastebin.com/BkD82cXy

    AlexandertheG
    @AlexandertheG
    Hello. How do I make a DNS request in scapy similar to dig NS org. @l.root-servers.net?
    Thanks
    Rui Cunha
    @RuiCunhaM
    Hi everyone, I was not sure if I should open an issue straightaway for this or not, so I'm going to ask it here. I intend to add support for MPTCP v1.0 however I'm not entirely sure what is the best way to do it since we're talking about a TCP option with variable length. Since it's not is individual field, but something inside the options field, I assume I have to parse the bytes content probably to a dictionary, but I do not know the right way to dot it accordingly scapy philosophy. I'm not sure if there is anything similarly already or some type of behavior/functions defined to deal with situations like this. So if someone could give me any hint about the right way to do this I would appreciate. Thank you
    Guillaume Valadon
    @guedou
    @RuiCunhaM did you have a look a the TCPOptionsField object? I don't know MPTCTP but that is a nice place to start experimenting.
    Guillaume Valadon
    @guedou
    @AlexandertheG what did you try?
    Rui Cunha
    @RuiCunhaM
    @guedou Yes I did. Actually that is where my problem begins, because the MPTCP option can have different sizes/fields depending on the subtype, so I was not sure how to properly fit that in the current way things are done. However I had some ideas so I will see what I come up with. Thanks for the reply
    AlexandertheG
    @AlexandertheG
    @guedou , I included a small piece of code in the "How to reproduce" section of secdev/scapy#3285
    PhilippTakacs
    @PhilippTakacs
    Is there a way to open issues without using github (i dislike the UI)? I found a regression in RawPcapReader. Since 6c3092043742ef6cdb0bb83a5cdc735c2ffbf28f the metadata isn't returned by read_packet(). This affects iterator and dispatch.
    also the size parameter is silently ignored
    Guillaume Valadon
    @guedou
    @AlexandertheG the command works fine. Scapy receives an answer from the server.
    AlexandertheG
    @AlexandertheG
    @guedou , what answer do you receive?
    Guillaume Valadon
    @guedou
    @PhilippTakacs You could start by describing your issue here, but github is the best way to make sure that we won't work get.
    @AlexandertheG a DNS answer from the server containing the org servers addresses
    Guillaume Valadon
    @guedou
    Screenshot 2021-07-13 at 16.59.20.png
    PhilippTakacs
    @PhilippTakacs
    @guedou description is above, I try to itterate over a pcap file and get metadata and the packets as bytes, but since this commit the itterator of RawPcapReader gives me the packet as class Packet and no metadata smal sample code: for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
    AlexandertheG
    @AlexandertheG
    @guedou Thanks!
    Guillaume Valadon
    @guedou
    Can you share a small reproducer? Do any pcap exhibit this behavior?
    PhilippTakacs
    @PhilippTakacs
    from scapy.all import *
    
    for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"):
        pass
    `
    gives:
    Traceback (most recent call last):
      File "sample.py", line 3, in <module>
        for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"):
    ValueError: too many values to unpack (expected 2)
    this code works perfekt fine on 2.4.3-4 (Ubuntu 20.04 Packet)
    Guillaume Valadon
    @guedou
    Thanks. I can reproduce.
    Ghost
    @ghost~60f233696da037398481443b
    Does anyone know how to craft diameter AVPs?
            last = None
            counter = 0
            while True:
                layer = pkt.getlayer(counter)
                if layer is None:
                    break
    
                if isinstance(layer, scapy.contrib.diameter.AVPNV_StrLenField):
                    if layer.name == 'AVP Public-Identity':
                        orig = layer.val.decode('us-ascii')
                        repl = _generate_replacement(orig)
                        layer.val = repl.encode('us-ascii')
    
                counter = counter + 1
    This is how I loop now, but the change doesn't reflect when I write that pkt to a file.
    Guillaume Valadon
    @guedou
    I don’t know Diameter, but the unit tests using help understanding protocols usages https://github.com/secdev/scapy/blob/master/test/contrib/diameter.uts
    Ghost
    @ghost~60f233696da037398481443b
    Thank you, will give it a try.
    subrnath
    @subrnath

    I would like to generate 5G GTP-U packets from Trex. I am able to do the same through GTP_U_Header(teid=740294658,gtp_type=255,S=0) in scapy.

    I would like to check if there is support in scapy to encode Next extension header type= PDU Session Container also so that QFI (Qos flow identifier) field also can be encoded?

    Regards,
    Subrata

    Alex Forencich
    @alexforencich
    I have a question about how to "properly" implement a particular protocol in scapy
    (RoCE/RoCEv2)
    the protocol uses extension headers
    which combination of headers are present depends on an opcode in one of the headers
    doesn't seem like bind_layers would work here, as that can only bind two layers
    but I need to bind up to I think 4 extension headers, plus the payload
    for example, a RoCEv2 packet with opcode RD RDMA write only with immediate