Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Anindya Das
    @hundredmiles
    @guedou conf.iface returns the default gw interface which is eth0 in this case. How can I redirect packets to eth1?
    Guillaume Valadon
    @guedou
    Set it to eth1
    Anindya Das
    @hundredmiles
    Does not work. The packet is still sent out via eth0.
    Also, why do we need the extra step of setting conf.iface to eth1 and then using iface=conf.iface? If the argument iface is supplied in send(), should it automatically force the packet out of the mentioned interface and set the source address to that of the outgoing interface?
    PhilippTakacs
    @PhilippTakacs
    what is the easiest way to tell sr() consider multible segments of a tcp connection as an awnser? currently only the packages with exect matching sequence number are returned, but i know there are more packages
    Brian Wylie
    @brifordwylie
    @guedou secdev/scapy#3385 works great.. thank you so much for the quick turnaround :)
    Haram Park
    @haramel
    I need approval..!! check it please
    secdev/scapy#3250
    Anindya Das
    @hundredmiles
    I am trying to sniff on multiple interfaces in Scapy. As per documentation it is possible. However, I am getting AttributeError
    I am using sniff(filter='icmp', iface=['eth0', 'eth1'], prn=lambda x: x.show())
    Error:
        iface_b = create_string_buffer(network_name(iface).encode("utf8"))
AttributeError: 'list' object has no attribute 'encode'
    infern0d
    @infern0d:matrix.org
    [m]
    Are you using the latest github dev version?
    Arun
    @arunppsg
    Hi everyone, I was wondering whether scapy offers any tools for collecting flow-level details i.e the total number of packets in a flow, the in-out bytes and packets and so on. Maybe have I missed something in the documentation because I see scapy working only in packet level and not flow level?
    I only see scapy being able to decode a Netflow packet but not collect flow statistics itself.
    Anindya Das
    @hundredmiles
    @infern0d:matrix.org yes ,I am using the latest version
    JRSmile
    @jrsmile
    Hi Everyone, I am trying to implement a new layer above tcp for scapy contrib, unfortunately i am having a hard time to implement the tcp_reassemble function. the protocol i try to dissect has a bundle_len field with multiple segments in it and can be (must not be) zlib compressed. i have a nearly working example here: https://gist.github.com/jrsmile/77b036189d609bf1633b5e7b9ab969ee but i can't figure out what to do if a bundle is stretched over multiple tcp packets. so the if else statement only works when the bundle_len is exactly what is expected or more, but if i get less i have to void the packet. (which i don't want). Could someone hint me in the right direction how to concatenate the "to much" case with the "to less" part?
    Michael Bruhn
    @EviLDgL_gitlab
    Hey, im using for quiet a while now to rebuild state machines for different networks protocols. lately im experimenting alot with the scapy automaton and i came across a problem i dont know how to handle properly. Right now im trying to implement a protocol (l2tpv3) which has the options to run multiple "sessions" within one big control flow. Right now i built the automaton for the "control handshake" and wanna implement the multisession handling. Is it possible and if so how: that i split the control and session automatons and let the control-automaton "spawn" new session automatons whenever i need a new session. The main problem that i have here is the coupling of the automatons. How can i feed the packets from the control-automaton to the right session automaton and vice versa? I started to have a look into the Pipes but im not sure if this is suited for this purpose
    KyleJeong
    @KyleJeong

    I have trouble when I use "count_from="

    Let's assume there is a field named "cnt", and external(or global) variable (not part of Packet) "max_val"

    I want this kind of settting. But it's not working. Please help me.

    count_from = lambda pkt: max_val if pkt.cnt == 0 else pkt.cnt
    infern0d
    @infern0d:matrix.org
    [m]
    Are you sure you don't want
    lambda pkt: min(pkt.cnt or 0, max_val)
    KyleJeong
    @KyleJeong
    I tried, but it seems not working.
    ThisIsDmOnLive
    @ThisIsDmOnLive
    Hey i get a problem with scapy cuz i cant find module scapy.all as scappy when i import .-.
    ThisIsDmOnLive
    @ThisIsDmOnLive

    import scapy.layers.inet as scapy

    def scan(ip):
    scapy.arping(ip)

    scan("xx.x.x.x/24")
    Traceback (most recent call last):
    File "network_scanner.py", line 1, in <module>
    import scapy.layers.inet as scapy
    ImportError: No module named scapy.layers.inet

    ThisIsDmOnLive
    @ThisIsDmOnLive
    the other thing what i try its scapy.all as scapy
    KyleJeong
    @KyleJeong

    Are you sure you don't want
    lambda pkt: min(pkt.cnt or 0, max_val)

    I tested more. Root cause of the problem is we can't see global variable "max_val" in the fields_desc, I think.

    Mariano Gómez
    @mrngomez

    Hello everyone! Just a quick question regarding https://github.com/secdev/scapy/blob/dcd54d59c94b83632b74e268e8b14026cbcd67c8/scapy/contrib/http2.py#L2672

    parse_txt_hdrs' type hints clearly state that this metod has a string as input, but the first thing that it does is embed the string in a BytesIO object, which requires bytes as an input, is this a leftover from a previous version of the code or rather a typo? Thanks in advance

    KyleJeong
    @KyleJeong
    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.
    new_packet = b'\x02' + old_packet
    KyleJeong
    @KyleJeong

    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.

    new_packet = b'\x02' + old_packet

    I tried this way. It seems working

    new_packet = Packet(max_val.to_bytes(1, 'big') + raw(old_packet))
    KyleJeong
    @KyleJeong

    I found a strange thing in packet print.
    It seems there are extra backslashes. I am not sure which one is correct.

    Packet type is

    IP / TCP 47.1.1.1:42219 > 47.1.1.5:ssh PA / Raw

    Raw after TCP in Old Version (Released version, my old log record)

    ###[ Raw ]###
        load      = '\x0f*E\x12\x83^\x86\xfca\xa9....

    Raw after TCP in New Version (GIT version)

    ###[ Raw ]###
        load      = '\x0f*E\x12\\x83^\\x86\\xfca\\xa9....
    davehouser1
    @davehouser1
    Hello is anyone available to answer a question about why Scapy is not respecting Linux kernel ip rules?
    That is the problem btw. I made a post here about it, no responses yet, any one know why this is happening?
    https://unix.stackexchange.com/questions/675178/ip-rule-not-respecting-packet-generation-how-to-fix
    Pierre
    @p-l-
    I have added an answer
    davehouser1
    @davehouser1
    Ok so there is no way to work with ip rules?
    Thank you for the response.
    I actually am using scapy for testing, I am working with some other C++ code, which uses the sendto() library.
    Does scapy use the same thing?
    Pierre
    @p-l-
    Nope, Scapy forges the packets and uses raw sockets to send them.
    You may want to use the socket library
    meow-watermelon
    @meow-watermelon
    Hi, what's the correct and proper way to get the data payload from Raw layer? I'm using packet[Raw] and packet.getlayer(Raw) can get the data payload but Scapy always shows "WARNING: Calling str(pkt) on Python 3 makes no sense!". I understand the output in bytes but what the heck of this warning messages? Shall I ignore? Or any other methods are available? Thanks.
    oh it's packet[Raw].load
    meow-watermelon
    @meow-watermelon
    Hi, when I use sniff(prn=prn..), there will be the prn return value displayed if processed, is there any way to silence this? Thanks.
    shall I use lfilter instead?
    meow-watermelon
    @meow-watermelon
    Hi, when I run scapy -H I see many warnings like /usr/lib/python3.10/site-packages/prompt_toolkit/renderer.py:514: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11., is there any way to suppress those info?
    strayge
    @strayge

    I've got pcap for 30 seconds (91MB, 519k packets) and its dissect takes forever (~100 sec).
    Tried disable most payload_guess for Ether / IP / TCP / UDP but got very minor (~5%) speed up.

    Is there any way to speed up packets dissect, as I actually only need TCP / UDP fields and not underlying layers?

    Found similar issue secdev/scapy#2055 from 2019, but best answer was switch to other libraries.

    Profiling shows most time at field access:

    147.559 MainThread  <thread>:12524
└─ 147.558 <module>  <stdin>:1
   └─ 147.558 <listcomp>  <stdin>:1
      └─ 147.076 __call__  scapy\base_classes.py:370
         └─ 144.964 __init__  scapy\packet.py:129
            ├─ 134.626 dissect  scapy\packet.py:998
            │  ├─ 126.404 do_dissect_payload  scapy\packet.py:972
            │  │  ├─ 115.127 __call__  scapy\base_classes.py:370
            │  │  │  └─ 114.058 __init__  scapy\packet.py:129
            │  │  │     ├─ 101.785 dissect  scapy\packet.py:998
            │  │  │     │  ├─ 65.001 do_dissect_payload  scapy\packet.py:972
            │  │  │     │  │  ├─ 54.295 __call__  scapy\base_classes.py:370
            │  │  │     │  │  │  └─ 53.096 __init__  scapy\packet.py:129
            │  │  │     │  │  │     ├─ 40.858 dissect  scapy\packet.py:998
            │  │  │     │  │  │     │  ├─ 29.573 do_dissect  scapy\packet.py:952
            │  │  │     │  │  │     │  │  ├─ 10.320 getfield  scapy\fields.py:2200
            │  │  │     │  │  │     │  │  │  ├─ 5.328 m2i  scapy\fields.py:2922
            │  │  │     │  │  │     │  │  │  │  └─ 4.508 _fixup_val  scapy\fields.py:2906
            │  │  │     │  │  │     │  │  │  │     └─ 4.073 __init__  scapy\fields.py:2711
            │  │  │     │  │  │     │  │  │  │        └─ 3.156 __setattr__  scapy\fields.py:2825
            │  │  │     │  │  │     │  │  │  │           └─ 3.110 [self]
            │  │  │     │  │  │     │  │  │  └─ 4.221 [self]
            │  │  │     │  │  │     │  │  ├─ 5.086 [self]
            │  │  │     │  │  │     │  │  ├─ 4.822 getfield  scapy\layers\inet.py:367
            │  │  │     │  │  │     │  │  │  └─ 3.282 m2i  scapy\layers\inet.py:376
            │  │  │     │  │  │     │  │  │     └─ 2.178 [self]
            │  │  │     │  │  │     │  │  ├─ 4.564 getfield  scapy\fields.py:245
            │  │  │     │  │  │     │  │  │  └─ 2.903 [self]
            │  │  │     │  │  │     │  │  └─ 3.500 do_copy  scapy\fields.py:258
            │  │  │     │  │  │     │  │     └─ 1.989 copy  scapy\fields.py:2839
            │  │  │     │  │  │     │  │        └─ 1.721 __init__  scapy\fields.py:2711
            │  │  │     │  │  │     │  └─ 10.373 do_dissect_payload  scapy\packet.py:972
            │  │  │     │  │  │     │     ├─ 5.279 __call__  scapy\base_classes.py:370
            │  │  │     │  │  │     │     │  └─ 4.892 __init__  scapy\packet.py:1878
            │  │  │     │  │  │     │     │     └─ 4.563 __init__  scapy\packet.py:129
            │  │  │     │  │  │     │     └─ 4.348 guess_payload_class  scapy\packet.py:1011
            │  │  │     │  │  │     │        └─ 1.795 [self]
            │  │  │     │  │  │     ├─ 4.619 [self]
            │  │  │     │  │  │     ├─ 2.740 __setattr__  scapy\packet.py:456
            │  │  │     │  │  │     ├─ 2.138 __call__  scapy\base_classes.py:370
            │  │  │     │  │  │     │  └─ 1.531 [self]
            │  │  │     │  │  │     └─ 2.020 init_fields  scapy\packet.py:224
            │  │  │     │  │  │        └─ 1.582 do_init_cached_fields  scapy\packet.py:251
    secenhance
    @secenhance:matrix.org
    [m]
    Hi, I am currently trying to extend scapy to support 802.11 Fine Timing Measurement. As there are a lot of optional parameter in each paket I was wondering where I should inspect the data and decide dynamically which parts are included? My current approach is overwriting the pre_dissect call and partially parse header fields indicating the presence of optional data. I am not sure where I can set properties or similar to use the conditional field afterwards. Where can I find similar code in scapy or where should I do the check for optional and variable length/sub fields?
    ``` name = "Optional Fine Timing measurement request frame parts"
    fields_desc = [
        # Measurement Request Header 1
    ByteField("element_id1", 0),
    ByteField("length1", 0),
    ByteField("token1", 0),
    ByteField("request_mode1", 0),
    ByteEnumField("measurement_type1", 0, measurement_type),
    # LCI Request
    ByteEnumField("LCI_Location_Subject", 0, location_subject),
    # Measurement Request Header 2
    ByteField("element_id2", 0),
    ByteField("length2", 0),
    ByteField("token2", 0),
    ByteField("request_mode2", 0),
    ByteEnumField("measurement_type1", 0, measurement_type),
    # Location Civic Request Field
    ByteEnumField("Civic_Location_Subject", 0, location_subject),
    ByteEnumField("Civic_Location_Type", 0, civic_location_type),
    ByteEnumField(
        "Location_Service_Interval_Units", 0, civic_location_interval_units
    ),```
    These are all optional and I can deduct which type of measurement request based on the request_mode.
    secenhance
    @secenhance:matrix.org
    [m]
    I found similar code in the dot11/dns/bgp layer and it is now optionally parsing the frame parts.
    partially parsing some values in pre_dissect and setting class attributes for usage in the conditional field worked. https://github.com/tweidinger/scapy/blob/74a8cfd5a54a4813d9737d0d5a3e6e8d0d2a7598/scapy/layers/dot11.py#L2135 it's a work in progress but all feedback is welcome.
    pyharbor
    @pyharbor

    Hey I'm thinking of using scapy inside of python module's but I'm really put off that I can't import it efficiently

    import scapy.all as scapy

    really just doesn't cut it because there is zero autocompletion within an ide like pycharm. I tried doing something more targeted like.

    from scapy.compat import raw
    from scapy.layers.dns import DNS
    from scapy.layers.inet import UDP, IP, in4_chksum

    But when I do this I get hit with circular import errors. Is there something I'm missing?

    meow-watermelon
    @meow-watermelon
    Hi, anyone knows how to use sniff() call to sniff all interfaces? by default it will only sniff conf.iface interface
    Guillaume Valadon
    @guedou
    @pyharbor which Scapy version?
    cyril.lu
    @cyril.lu:matrix.org
    [m]
    Hello, is there a less verbose way to get a field human readable representation?
    assert 0 == rsp.payload.status # Ok but I would like to compare it the the defined enum value
assert "STATUS_OK" == rsp.payload.status # Which cannot be done like this

def field2str(pkt, field_name):
    field, val = pkt.getfield_and_val(field_name)
    return field.i2repr(pkt, val)

assert "STATUS_OK" == field2str(rsp.payload, 'status') # Can be done like this, but looks too verbose to me
    Pierre
    @p-l-
    The best way to get what you want would probably be rsp.sprintf("%layer_name.status%") (replace layer_name using the real name)
    pyharbor
    @pyharbor
    @guedou scapy==2.4.5
    Guillaume Valadon
    @guedou
    @pyharbor try the master version on github. This was fixed.
    pyharbor
    @pyharbor
    ooh ok cool