@eaglerbits Probably not. Scapy will only allow you to see what IPs people connect to, so that's what you'll see (and you'll need to maintain a giant list of all Netflix' IPs...)
I need to know when a device starts/ends Netflix streamings
Hi everybody, I'm trying to manipulate a 1.3 TLS session with scapy. My test setup uses 3 containers and the mitm container is sniffing the packets. My goal right now is to create a new verify message which is created in the handshake.py (line 1194).
How do i handle the TLS Connection in scapy and how can i create a new verify message?
How do i handle the TLS Connection in scapy and how can i create a new verify message?
:point_up: Edit: Hi everybody, I'm trying to manipulate a 1.3 TLS session with scapy. My test setup uses 3 containers and the mitm container is sniffing the packets. My goal right now is to create a new verify message which is created in the handshake.py (line 1194).
How do i handle the TLS Connection in scapy and how can i create a new verify message?
This is some of my code so far: https://pastebin.com/BkD82cXy
Hi everyone, I was not sure if I should open an issue straightaway for this or not, so I'm going to ask it here. I intend to add support for MPTCP v1.0 however I'm not entirely sure what is the best way to do it since we're talking about a TCP option with variable length. Since it's not is individual field, but something inside the options field, I assume I have to parse the bytes content probably to a dictionary, but I do not know the right way to dot it accordingly scapy philosophy. I'm not sure if there is anything similarly already or some type of behavior/functions defined to deal with situations like this. So if someone could give me any hint about the right way to do this I would appreciate. Thank you
@guedou Yes I did. Actually that is where my problem begins, because the MPTCP option can have different sizes/fields depending on the subtype, so I was not sure how to properly fit that in the current way things are done. However I had some ideas so I will see what I come up with. Thanks for the reply
also the size parameter is silently ignored
@AlexandertheG a DNS answer from the server containing the org servers addresses
@guedou description is above, I try to itterate over a pcap file and get metadata and the packets as bytes, but since this commit the itterator of RawPcapReader gives me the packet as class Packet and no metadata smal sample code:
for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
from scapy.all import *
for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"):
pass
`Traceback (most recent call last):
File "sample.py", line 3, in <module>
for (pkt_data, pkt_metadata,) in RawPcapReader("dump.pcap"):
ValueError: too many values to unpack (expected 2)
this code works perfekt fine on 2.4.3-4 (Ubuntu 20.04 Packet)
last = None
counter = 0
while True:
layer = pkt.getlayer(counter)
if layer is None:
break
if isinstance(layer, scapy.contrib.diameter.AVPNV_StrLenField):
if layer.name == 'AVP Public-Identity':
orig = layer.val.decode('us-ascii')
repl = _generate_replacement(orig)
layer.val = repl.encode('us-ascii')
counter = counter + 1pkt to a file.
I don’t know Diameter, but the unit tests using help understanding protocols usages https://github.com/secdev/scapy/blob/master/test/contrib/diameter.uts
I would like to generate 5G GTP-U packets from Trex. I am able to do the same through GTP_U_Header(teid=740294658,gtp_type=255,S=0) in scapy.
I would like to check if there is support in scapy to encode Next extension header type= PDU Session Container also so that QFI (Qos flow identifier) field also can be encoded?
Regards,
Subrata
(RoCE/RoCEv2)
the protocol uses extension headers
which combination of headers are present depends on an opcode in one of the headers
doesn't seem like bind_layers would work here, as that can only bind two layers
but I need to bind up to I think 4 extension headers, plus the payload
for example, a RoCEv2 packet with opcode RD RDMA write only with immediate
would be Eth // IP // UDP // BTH // RDETH // DETH // RETH // ImmDt // payload
so I need to bind RDETH, DETH, RETH, and ImmDt under BTH for that opcode
seems like it is impossible to do that in scapy?
alternatively, maybe these extension headers need to be treated more like TCP options
where they are all "technically" part of BTH
another question: RDMA packet payloads are padded to a multiple of 4 bytes; with the number of padding bytes indicated in the BTH. How should this be handled? Is it possible to use ReversePadField on the FCSField? Or is this going to have to be handled manually somewhere?
What is the difference between the packet arrival time and the timestamp (inside TCP.options)?
When I use this code I met this error in scapy 2.4.5. (It worked fine with 2.4.4)
for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
File ".../.local/lib/python3.6/site-packages/scapy/utils.py", line 1241, in next
return self.read_packet()
File ".../.local/lib/python3.6/site-packages/scapy/utils.py", line 1264, in read_packet
Packet,
NameError: name 'Packet' is not definedAnyone has similar experience?