Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Brian Wylie
    @brifordwylie

    pip install git+https://github.com/secdev/scapy.git
    Successfully installed scapy-2.4.5rc1.dev115

    Same issue as described above

    Guillaume Valadon
    @guedou
    Can you rename your file to test.pcap ?
    I cannot reproduce this issue
    I will need more info to do so (Linux distribution, kernel…)
    Brian Wylie
    @brifordwylie
    I'm on a Mac Laptop: Big Sur version 11.6... running tcpdump against the pcap directly works fine
    tcpdump output
    /usr/local/bin/tcpdump -r apr_02_test_1.pcapng ip6
    reading from file apr_02_test_1.pcapng, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144
    15:47:04.863880 IP6 fe80::6c47:112:824f:3dfe > ff02::1:ff4f:3dfe: HBH ICMP6, multicast listener reportmax resp delay: 0 addr: ff02::1:ff4f:3dfe, length 24
    Let me recap:
    • sniff (without filter on link-type LINUX_SLL) work fine
    • sniff (with filter on link-type Ethernet) works fine
    • sniff (with filter on link-type LINUX_SLL) gives this error
      scapy/utils.py", line 2138, in tcpdump
        linktype = rd.linktype
      'PcapNgReader' object has no attribute 'linktype'
    Guillaume Valadon
    @guedou
    is that a pcapng or a pcap file ?
    Brian Wylie
    @brifordwylie
    file apr_02_test_1.pcapng
    apr_02_test_1.pcapng: pcapng capture file - version 1.0
    Guillaume Valadon
    @guedou
    do you have the same issue with Scapy running on Linux?
    Brian Wylie
    @brifordwylie
    I'll have to try it out.. I'll spin up a EC2 instance and let you know... (probably an hour till I get a chance to do that)...
    Guillaume Valadon
    @guedou
    No problem. Thanks for investigating!
    Anindya Das
    @hundredmiles

    Hello, I am on a Ubuntu 18.04.5 LTS (source) and I using scapy to send ICMP packets with a custom payload to a destination IP (also an Ubuntu system).
    The source has two interfaces: eth0 and eth1.
    I want to send layer 3 packets from both the interfaces eth0 and eth1. Likewise I use send() function.

    I am also using tcpdump to check whether the packets are sent to the interface (iface parameter) mentioned in the function.

    • When I use send(IP(dst='dst_ip')/ICMP(), iface='eth0') I see that the packet leave via the eth0 interface and I get a icmp echo reply.
    • But, when I use send(IP(dst='dst_ip')/ICMP(), iface='eth1'), I see that the packet leave via eth0 again and not eth1. At the destination I receive the packet with source IP of eth0 and the icmp reply is sent for eth0 IP.
    • But, when I use ping -I eth1 'dst_ip' I see packets going out of eth1 interface, and the destination receives packets with source ip of eth1 and send echo replies to eth1.
    • is it possible to get the same functionality in scapy using the send() function and mentioning the iface parameter?
    I am using scapy 2.4.5
    Guillaume Valadon
    @guedou
    @brifordwylie this secdev/scapy#3385 fixes the issue. Can you try it?
    @hundredmiles you needs to use conf.iface instead
    Anindya Das
    @hundredmiles
    @guedou conf.iface returns the default gw interface which is eth0 in this case. How can I redirect packets to eth1?
    Guillaume Valadon
    @guedou
    Set it to eth1
    Anindya Das
    @hundredmiles
    Does not work. The packet is still sent out via eth0.
    Also, why do we need the extra step of setting conf.iface to eth1 and then using iface=conf.iface? If the argument iface is supplied in send(), should it automatically force the packet out of the mentioned interface and set the source address to that of the outgoing interface?
    PhilippTakacs
    @PhilippTakacs
    what is the easiest way to tell sr() consider multible segments of a tcp connection as an awnser? currently only the packages with exect matching sequence number are returned, but i know there are more packages
    Brian Wylie
    @brifordwylie
    @guedou secdev/scapy#3385 works great.. thank you so much for the quick turnaround :)
    Haram Park
    @haramel
    I need approval..!! check it please
    secdev/scapy#3250
    Anindya Das
    @hundredmiles
    I am trying to sniff on multiple interfaces in Scapy. As per documentation it is possible. However, I am getting AttributeError
    I am using sniff(filter='icmp', iface=['eth0', 'eth1'], prn=lambda x: x.show())
    Error:
        iface_b = create_string_buffer(network_name(iface).encode("utf8"))
    AttributeError: 'list' object has no attribute 'encode'
    infern0d
    @infern0d:matrix.org
    [m]
    Are you using the latest github dev version?
    Arun
    @arunppsg
    Hi everyone, I was wondering whether scapy offers any tools for collecting flow-level details i.e the total number of packets in a flow, the in-out bytes and packets and so on. Maybe have I missed something in the documentation because I see scapy working only in packet level and not flow level?
    I only see scapy being able to decode a Netflow packet but not collect flow statistics itself.
    Anindya Das
    @hundredmiles
    @infern0d:matrix.org yes ,I am using the latest version
    JRSmile
    @jrsmile
    Hi Everyone, I am trying to implement a new layer above tcp for scapy contrib, unfortunately i am having a hard time to implement the tcp_reassemble function. the protocol i try to dissect has a bundle_len field with multiple segments in it and can be (must not be) zlib compressed. i have a nearly working example here: https://gist.github.com/jrsmile/77b036189d609bf1633b5e7b9ab969ee but i can't figure out what to do if a bundle is stretched over multiple tcp packets. so the if else statement only works when the bundle_len is exactly what is expected or more, but if i get less i have to void the packet. (which i don't want). Could someone hint me in the right direction how to concatenate the "to much" case with the "to less" part?
    Michael Bruhn
    @EviLDgL_gitlab
    Hey, im using for quiet a while now to rebuild state machines for different networks protocols. lately im experimenting alot with the scapy automaton and i came across a problem i dont know how to handle properly. Right now im trying to implement a protocol (l2tpv3) which has the options to run multiple "sessions" within one big control flow. Right now i built the automaton for the "control handshake" and wanna implement the multisession handling. Is it possible and if so how: that i split the control and session automatons and let the control-automaton "spawn" new session automatons whenever i need a new session. The main problem that i have here is the coupling of the automatons. How can i feed the packets from the control-automaton to the right session automaton and vice versa? I started to have a look into the Pipes but im not sure if this is suited for this purpose
    KyleJeong
    @KyleJeong

    I have trouble when I use "count_from="

    Let's assume there is a field named "cnt", and external(or global) variable (not part of Packet) "max_val"

    I want this kind of settting. But it's not working. Please help me.

    count_from = lambda pkt: max_val if pkt.cnt == 0 else pkt.cnt
    infern0d
    @infern0d:matrix.org
    [m]
    Are you sure you don't want
    lambda pkt: min(pkt.cnt or 0, max_val)
    KyleJeong
    @KyleJeong
    I tried, but it seems not working.
    ThisIsDmOnLive
    @ThisIsDmOnLive
    Hey i get a problem with scapy cuz i cant find module scapy.all as scappy when i import .-.
    ThisIsDmOnLive
    @ThisIsDmOnLive

    import scapy.layers.inet as scapy

    def scan(ip):
    scapy.arping(ip)

    scan("xx.x.x.x/24")
    Traceback (most recent call last):
    File "network_scanner.py", line 1, in <module>
    import scapy.layers.inet as scapy
    ImportError: No module named scapy.layers.inet

    ThisIsDmOnLive
    @ThisIsDmOnLive
    the other thing what i try its scapy.all as scapy
    KyleJeong
    @KyleJeong

    Are you sure you don't want
    lambda pkt: min(pkt.cnt or 0, max_val)

    I tested more. Root cause of the problem is we can't see global variable "max_val" in the fields_desc, I think.

    Mariano Gómez
    @mrngomez

    Hello everyone! Just a quick question regarding https://github.com/secdev/scapy/blob/dcd54d59c94b83632b74e268e8b14026cbcd67c8/scapy/contrib/http2.py#L2672

    parse_txt_hdrs' type hints clearly state that this metod has a string as input, but the first thing that it does is embed the string in a BytesIO object, which requires bytes as an input, is this a leftover from a previous version of the code or rather a typo? Thanks in advance

    KyleJeong
    @KyleJeong
    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.
    new_packet = b'\x02' + old_packet
    KyleJeong
    @KyleJeong

    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.

    new_packet = b'\x02' + old_packet

    I tried this way. It seems working

    new_packet = Packet(max_val.to_bytes(1, 'big') + raw(old_packet))
    KyleJeong
    @KyleJeong

    I found a strange thing in packet print.
    It seems there are extra backslashes. I am not sure which one is correct.

    Packet type is

    IP / TCP 47.1.1.1:42219 > 47.1.1.5:ssh PA / Raw

    Raw after TCP in Old Version (Released version, my old log record)

    ###[ Raw ]###
            load      = '\x0f*E\x12\x83^\x86\xfca\xa9....

    Raw after TCP in New Version (GIT version)

    ###[ Raw ]###
            load      = '\x0f*E\x12\\x83^\\x86\\xfca\\xa9....
    davehouser1
    @davehouser1
    Hello is anyone available to answer a question about why Scapy is not respecting Linux kernel ip rules?
    That is the problem btw. I made a post here about it, no responses yet, any one know why this is happening?
    https://unix.stackexchange.com/questions/675178/ip-rule-not-respecting-packet-generation-how-to-fix
    Pierre
    @p-l-
    I have added an answer
    davehouser1
    @davehouser1
    Ok so there is no way to work with ip rules?
    Thank you for the response.
    I actually am using scapy for testing, I am working with some other C++ code, which uses the sendto() library.
    Does scapy use the same thing?
    Pierre
    @p-l-
    Nope, Scapy forges the packets and uses raw sockets to send them.
    You may want to use the socket library
    meow-watermelon
    @meow-watermelon
    Hi, what's the correct and proper way to get the data payload from Raw layer? I'm using packet[Raw] and packet.getlayer(Raw) can get the data payload but Scapy always shows "WARNING: Calling str(pkt) on Python 3 makes no sense!". I understand the output in bytes but what the heck of this warning messages? Shall I ignore? Or any other methods are available? Thanks.
    oh it's packet[Raw].load
    meow-watermelon
    @meow-watermelon
    Hi, when I use sniff(prn=prn..), there will be the prn return value displayed if processed, is there any way to silence this? Thanks.
    shall I use lfilter instead?