Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    ThisIsDmOnLive
    @ThisIsDmOnLive
    the other thing what i try its scapy.all as scapy
    KyleJeong
    @KyleJeong

    Are you sure you don't want
    lambda pkt: min(pkt.cnt or 0, max_val)

    I tested more. Root cause of the problem is we can't see global variable "max_val" in the fields_desc, I think.

    Mariano Gómez
    @mrngomez

    Hello everyone! Just a quick question regarding https://github.com/secdev/scapy/blob/dcd54d59c94b83632b74e268e8b14026cbcd67c8/scapy/contrib/http2.py#L2672

    parse_txt_hdrs' type hints clearly state that this metod has a string as input, but the first thing that it does is embed the string in a BytesIO object, which requires bytes as an input, is this a leftover from a previous version of the code or rather a typo? Thanks in advance

    KyleJeong
    @KyleJeong
    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.
    new_packet = b'\x02' + old_packet
    KyleJeong
    @KyleJeong

    Is there a trick to insert one bye in front of Packet?
    Conceptually this kind of operation is needed. I am developing a trick to resolve the 'max_val' thing I mentioned above.

    new_packet = b'\x02' + old_packet

    I tried this way. It seems working

    new_packet = Packet(max_val.to_bytes(1, 'big') + raw(old_packet))
    KyleJeong
    @KyleJeong

    I found a strange thing in packet print.
    It seems there are extra backslashes. I am not sure which one is correct.

    Packet type is

    IP / TCP 47.1.1.1:42219 > 47.1.1.5:ssh PA / Raw

    Raw after TCP in Old Version (Released version, my old log record)

    ###[ Raw ]###
            load      = '\x0f*E\x12\x83^\x86\xfca\xa9....

    Raw after TCP in New Version (GIT version)

    ###[ Raw ]###
            load      = '\x0f*E\x12\\x83^\\x86\\xfca\\xa9....
    davehouser1
    @davehouser1
    Hello is anyone available to answer a question about why Scapy is not respecting Linux kernel ip rules?
    That is the problem btw. I made a post here about it, no responses yet, any one know why this is happening?
    https://unix.stackexchange.com/questions/675178/ip-rule-not-respecting-packet-generation-how-to-fix
    Pierre
    @p-l-
    I have added an answer
    davehouser1
    @davehouser1
    Ok so there is no way to work with ip rules?
    Thank you for the response.
    I actually am using scapy for testing, I am working with some other C++ code, which uses the sendto() library.
    Does scapy use the same thing?
    Pierre
    @p-l-
    Nope, Scapy forges the packets and uses raw sockets to send them.
    You may want to use the socket library
    meow-watermelon
    @meow-watermelon
    Hi, what's the correct and proper way to get the data payload from Raw layer? I'm using packet[Raw] and packet.getlayer(Raw) can get the data payload but Scapy always shows "WARNING: Calling str(pkt) on Python 3 makes no sense!". I understand the output in bytes but what the heck of this warning messages? Shall I ignore? Or any other methods are available? Thanks.
    oh it's packet[Raw].load
    meow-watermelon
    @meow-watermelon
    Hi, when I use sniff(prn=prn..), there will be the prn return value displayed if processed, is there any way to silence this? Thanks.
    shall I use lfilter instead?
    meow-watermelon
    @meow-watermelon
    Hi, when I run scapy -H I see many warnings like /usr/lib/python3.10/site-packages/prompt_toolkit/renderer.py:514: DeprecationWarning: The explicit passing of coroutine objects to asyncio.wait() is deprecated since Python 3.8, and scheduled for removal in Python 3.11., is there any way to suppress those info?
    strayge
    @strayge

    I've got pcap for 30 seconds (91MB, 519k packets) and its dissect takes forever (~100 sec).
    Tried disable most payload_guess for Ether / IP / TCP / UDP but got very minor (~5%) speed up.

    Is there any way to speed up packets dissect, as I actually only need TCP / UDP fields and not underlying layers?

    Found similar issue secdev/scapy#2055 from 2019, but best answer was switch to other libraries.

    Profiling shows most time at field access:

    147.559 MainThread  <thread>:12524
    └─ 147.558 <module>  <stdin>:1
       └─ 147.558 <listcomp>  <stdin>:1
          └─ 147.076 __call__  scapy\base_classes.py:370
             └─ 144.964 __init__  scapy\packet.py:129
                ├─ 134.626 dissect  scapy\packet.py:998
                │  ├─ 126.404 do_dissect_payload  scapy\packet.py:972
                │  │  ├─ 115.127 __call__  scapy\base_classes.py:370
                │  │  │  └─ 114.058 __init__  scapy\packet.py:129
                │  │  │     ├─ 101.785 dissect  scapy\packet.py:998
                │  │  │     │  ├─ 65.001 do_dissect_payload  scapy\packet.py:972
                │  │  │     │  │  ├─ 54.295 __call__  scapy\base_classes.py:370
                │  │  │     │  │  │  └─ 53.096 __init__  scapy\packet.py:129
                │  │  │     │  │  │     ├─ 40.858 dissect  scapy\packet.py:998
                │  │  │     │  │  │     │  ├─ 29.573 do_dissect  scapy\packet.py:952
                │  │  │     │  │  │     │  │  ├─ 10.320 getfield  scapy\fields.py:2200
                │  │  │     │  │  │     │  │  │  ├─ 5.328 m2i  scapy\fields.py:2922
                │  │  │     │  │  │     │  │  │  │  └─ 4.508 _fixup_val  scapy\fields.py:2906
                │  │  │     │  │  │     │  │  │  │     └─ 4.073 __init__  scapy\fields.py:2711
                │  │  │     │  │  │     │  │  │  │        └─ 3.156 __setattr__  scapy\fields.py:2825
                │  │  │     │  │  │     │  │  │  │           └─ 3.110 [self]
                │  │  │     │  │  │     │  │  │  └─ 4.221 [self]
                │  │  │     │  │  │     │  │  ├─ 5.086 [self]
                │  │  │     │  │  │     │  │  ├─ 4.822 getfield  scapy\layers\inet.py:367
                │  │  │     │  │  │     │  │  │  └─ 3.282 m2i  scapy\layers\inet.py:376
                │  │  │     │  │  │     │  │  │     └─ 2.178 [self]
                │  │  │     │  │  │     │  │  ├─ 4.564 getfield  scapy\fields.py:245
                │  │  │     │  │  │     │  │  │  └─ 2.903 [self]
                │  │  │     │  │  │     │  │  └─ 3.500 do_copy  scapy\fields.py:258
                │  │  │     │  │  │     │  │     └─ 1.989 copy  scapy\fields.py:2839
                │  │  │     │  │  │     │  │        └─ 1.721 __init__  scapy\fields.py:2711
                │  │  │     │  │  │     │  └─ 10.373 do_dissect_payload  scapy\packet.py:972
                │  │  │     │  │  │     │     ├─ 5.279 __call__  scapy\base_classes.py:370
                │  │  │     │  │  │     │     │  └─ 4.892 __init__  scapy\packet.py:1878
                │  │  │     │  │  │     │     │     └─ 4.563 __init__  scapy\packet.py:129
                │  │  │     │  │  │     │     └─ 4.348 guess_payload_class  scapy\packet.py:1011
                │  │  │     │  │  │     │        └─ 1.795 [self]
                │  │  │     │  │  │     ├─ 4.619 [self]
                │  │  │     │  │  │     ├─ 2.740 __setattr__  scapy\packet.py:456
                │  │  │     │  │  │     ├─ 2.138 __call__  scapy\base_classes.py:370
                │  │  │     │  │  │     │  └─ 1.531 [self]
                │  │  │     │  │  │     └─ 2.020 init_fields  scapy\packet.py:224
                │  │  │     │  │  │        └─ 1.582 do_init_cached_fields  scapy\packet.py:251
    secenhance
    @secenhance:matrix.org
    [m]
    Hi, I am currently trying to extend scapy to support 802.11 Fine Timing Measurement. As there are a lot of optional parameter in each paket I was wondering where I should inspect the data and decide dynamically which parts are included? My current approach is overwriting the pre_dissect call and partially parse header fields indicating the presence of optional data. I am not sure where I can set properties or similar to use the conditional field afterwards. Where can I find similar code in scapy or where should I do the check for optional and variable length/sub fields?
    ``` name = "Optional Fine Timing measurement request frame parts"
    fields_desc = [
        # Measurement Request Header 1
        ByteField("element_id1", 0),
        ByteField("length1", 0),
        ByteField("token1", 0),
        ByteField("request_mode1", 0),
        ByteEnumField("measurement_type1", 0, measurement_type),
        # LCI Request
        ByteEnumField("LCI_Location_Subject", 0, location_subject),
        # Measurement Request Header 2
        ByteField("element_id2", 0),
        ByteField("length2", 0),
        ByteField("token2", 0),
        ByteField("request_mode2", 0),
        ByteEnumField("measurement_type1", 0, measurement_type),
        # Location Civic Request Field
        ByteEnumField("Civic_Location_Subject", 0, location_subject),
        ByteEnumField("Civic_Location_Type", 0, civic_location_type),
        ByteEnumField(
            "Location_Service_Interval_Units", 0, civic_location_interval_units
        ),``` 
    These are all optional and I can deduct which type of measurement request based on the request_mode.
    secenhance
    @secenhance:matrix.org
    [m]
    I found similar code in the dot11/dns/bgp layer and it is now optionally parsing the frame parts.
    partially parsing some values in pre_dissect and setting class attributes for usage in the conditional field worked. https://github.com/tweidinger/scapy/blob/74a8cfd5a54a4813d9737d0d5a3e6e8d0d2a7598/scapy/layers/dot11.py#L2135 it's a work in progress but all feedback is welcome.
    pyharbor
    @pyharbor

    Hey I'm thinking of using scapy inside of python module's but I'm really put off that I can't import it efficiently

    import scapy.all as scapy

    really just doesn't cut it because there is zero autocompletion within an ide like pycharm. I tried doing something more targeted like.

    from scapy.compat import raw
    from scapy.layers.dns import DNS
    from scapy.layers.inet import UDP, IP, in4_chksum

    But when I do this I get hit with circular import errors. Is there something I'm missing?

    meow-watermelon
    @meow-watermelon
    Hi, anyone knows how to use sniff() call to sniff all interfaces? by default it will only sniff conf.iface interface
    Guillaume Valadon
    @guedou
    @pyharbor which Scapy version?
    cyril.lu
    @cyril.lu:matrix.org
    [m]
    Hello, is there a less verbose way to get a field human readable representation?
    assert 0 == rsp.payload.status # Ok but I would like to compare it the the defined enum value
    assert "STATUS_OK" == rsp.payload.status # Which cannot be done like this
    
    def field2str(pkt, field_name):
        field, val = pkt.getfield_and_val(field_name)
        return field.i2repr(pkt, val)
    
    assert "STATUS_OK" == field2str(rsp.payload, 'status') # Can be done like this, but looks too verbose to me
    Pierre
    @p-l-
    The best way to get what you want would probably be rsp.sprintf("%layer_name.status%") (replace layer_name using the real name)
    pyharbor
    @pyharbor
    @guedou scapy==2.4.5
    Guillaume Valadon
    @guedou
    @pyharbor try the master version on github. This was fixed.
    pyharbor
    @pyharbor
    ooh ok cool
    Mauro Condarelli
    @mcondarelli

    Hi, I just started looking into scapy (I'm using scapy 2.4.5 with CPython 3.8).
    A very stupid program I wrote to extract from long .pcap a small piece I need:

    import datetime
    from scapy.all import PcapWriter, PcapReader, EDecimal
    
    
    class PcapHandler:
        def __init__(self, fn):
            self.fn = fn
    
        @staticmethod
        def _normalize(dt):
            if isinstance(dt, float):
                return EDecimal(dt)
            if isinstance(dt, datetime.datetime):
                return EDecimal(dt.timestamp())
            if isinstance(dt, str):
                return EDecimal(datetime.datetime.fromisoformat(dt).timestamp())
    
        def trim(self, start, end, output):
            s = self._normalize(start)
            e = self._normalize(end)
            with PcapWriter(output) as fo:
                with PcapReader(self.fn) as fi:
                    for n, pkt in enumerate(fi):
                        print(f'{n:6d}', end='\r')
                        if pkt.time > e:
                            break
                        if pkt.time >= s:
                            fo.write(pkt)
                            print()
    
    
    if __name__ == '__main__':
        h = PcapHandler('20211025T114023A.pcap')
        h.trim('2021-10-25T12:01:53', '2021-10-25T12:01:55', 'tt.pcap')

    ... actually works, but outputs also a stream of : WARNING: Calling str(pkt) on Python 3 makes no sense!
    What am I doing wrong?

    Leonard Crestez
    @cdleonard
    what is the right way to "wait for specific packets received"?
    the sendrecv interface of scapy seems to have very specific ideas about "who replies to what"
    I end up writing waiting.wait(pred) where pred goes and digs around inside sniffer.session.toPacketList
    luwangli
    @luwangli
    I have a pcap file which can be open by Wireshark, so I know it's Link type is Cisco HDLC. However, when I use scapy to read this pcap file, the error is "WARNING: PcapReader: unknown LL type [104]/[0x68]. Using Raw packets". what should I do?
    from scapy.all import * pcap = PcapReader("200test.pcap")
    meow-watermelon
    @meow-watermelon
    @cdleonard you want to stop sniffing once received a specific packet and do something?
    If in that case, check stop_filter parameter in sniff function, it allows you to write a callback function to decide when to stop sniffing then using lfilter parameter function to define what to do about the received packet.
    meow-watermelon
    @meow-watermelon
    @mcondarelli just my guess, that fo.write(pkt) is trying to convert the pkt into string
    from the python io doc: f.write(string) writes the contents of string to the file, returning the number of characters written.
    Leonard Crestez
    @cdleonard
    @meow-watermelon no I want to wait for a specific packet and continue testing
    scanning the whole packet list is potentially slow and waiting.wait relies on polling but scapy doesn't appear to have a nicer way to do this.
    meow-watermelon
    @meow-watermelon
    Hi, want to share something that I implemented for ARP stuffing protocol by using Scapy: https://github.com/meow-watermelon/arp-stuffing - I also wrote a doc about the usage.
    cyril.lu
    @cyril.lu:matrix.org
    [m]
    Hello, is there a way to display both value and description with show(), without actually specifiying the value in the enum names? Something like
    ###[ UciControlPacket ]### 
      messageType= 0b001 (Control Command)
      packetBoundaryFlag= 0b0: Complete
      groupIdentifier= 0b0001 (UWB Session)
      reserved0 = 0
      opcodeIdentifier= 0b000001 (SESSION_DEINIT_CMD)
      reserved1 = 0
      payloadLength= 4
    ###[ SessionDeinitCmd ]### 
       sessionId = 1
    rtborg
    @rtborg
    Hi, is there a way to customize the message that is sent by scapy.tools.automotive.isotpscanner? Currently the message is [10 64 00 00 00 00 00 00]
    Nils Weiss
    @polybassa
    Hi, we didn't implemented a way to change the message of istopscanner. What's your usecase for this change?
    rtborg
    @rtborg
    I have an ECU which uses extended addressing plus data length like this [0xADDR 0xLEN 0xDATA0 ... 0xDATA5]
    And it will not respond to [0xADDR 0x10 0x64 ....]
    Nathan
    @nth0rpe_twitter

    Hi,

    I am trying to use the PacketField class to implement a custom packet type.
    The code detects the packets properly if I put the fields from CommandPacket directly into CustomPacket, but not when I use the PacketField class.
    It just detects the entire data as Raw rather than CustomPacket.

    Do you know why it does not like to use the PacketField in the fields?

    bind_layers(UDP, CustomPacketHolder)
    
    class CustomPacketHolder(Packet):
        fields_desc = [
            ShortField("header", 0),
            PacketListField("data", [], CustomPacket)
        ]
    
    class CustomPacket(Packet):
        fields_desc = [
            BitField("letter", 0, 4),
            BitField("checkBits", 0, 12),
            PacketField("command", None, CommandPacket)
        ]
    
        def extract_padding(self, p):
            return "", p
    
    class CommandPacket(Packet):
        fields_desc = [
            BitField("field1", 0, 3),
            BitField("field2", 0, 5),
            BitField("field3", 0, 1),
            BitField("field4", 0, 5),
            BitField("field5", 0, 5),
            BitField("field5", 0, 1)
        ]
    
        def extract_padding(self, p):
            return "", p
    Leonard Crestez
    @cdleonard
    Gentle ping for secdev/scapy#3427 ?