Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Seth
    @rifen
    Figured out the above ^^
    Now I am trying to parse/filter/store each hop in the TracerouteResult() but I am having issues with that and per the documentation I am not quite sure what to use. Any suggestions?
    dpsisodia
    @dpsisodia
    I need to group together GTP packets to form session. Any pointer to achieve it.
    Iván
    @Cabbo
    Hello everyone, I'm quite new to Scapy (and Python too). I've been struggling a bit with SMB, I'm able to sniff the packets, decode and see some header fields but no "payload". Under the Header layer I get many SMBNegociate_Protocol_Request_Tail with 2 fields. So I want to get the Create Request/Response layer under the Header and its fields. Should I define a new custom layer or may I be doing something wrong. Thanks in advance!
    cybercsc
    @cybercsc
    I'm wondering if the developers will add more details on teredo in the future? I've been working hard on building a standard teredo packet, but it seems that scapy has no module on teredo authentication indicators, which is an significant header between the UDP header and IPv6 packet.
    Guillaume Valadon
    @guedou
    Sorry I don’t know if the teredo support already worked =\
    cybercsc
    @cybercsc
    @guedou its ok, looking forward to your perfect teredo module
    Iván
    @Cabbo
    If I need to sniff SMB2 and look for the values of some specific Fields in the layer, what would it be the best option?
    Rick-Sanchez-C137
    @noodle-lover
    Hello there. I'm first timer, correct me if I'm wrong. I was planning to create a "channel based man in the middle attack" on WiFi network and I chose scapy as a tool. But in order for it to work I have to be able to send and receive packets on a different frequency/channel. But scapy doesn't seem to let me choose the frequency/channel of packets sent. Is there a way around this or should I look for another tool instead of scapy?
    I'm desperate so any suggestion is appreciated.
    IrinaPopa
    @IrinaPopa
    Hi. Which is the easiest way to remove the last layer from a packet? I know the following method, but I'm not sure it's the best...
    removeLastLayer.jpeg
    Rick-Sanchez-C137
    @noodle-lover
    @IrinaPopa have your tried remove_payload()
    IrinaPopa
    @IrinaPopa
    Yes, I tried pkt[IP].remove_payload()
    IrinaPopa
    @IrinaPopa
    and this command indeed removes the last layer; just that my packets are not always the same and i still need to go the penultimate header
    and I don't know how to obtain this header without using a while
    TL
    @ours-code
    Hello all, I am using scapy to test Bluetooth connection and have a very newbie question. I am facing issue to establish a connection as it must use Bluetooth classic. Is there such packets/class in scapy already ? I didn't came across them in doc/code and assume the devs probably implemented it before LE. I prefer asking before crafting my own packets.
    Jed-Giblin
    @Jed-Giblin
    I'm at my wits end with trying to send this DHCP discover packet. The frame has the right SRC mac, but the DHCP layer looks like the wrong MAC and I never get a request from the DHCP server
    20:54:47.341975 f8:ff:c2:5f:7b:15 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 293: (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 279)
        0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from c3:b8:c3:bf:c3:82, length 251, Flags [none] (0x0000)
          Client-Ethernet-Address c3:b8:c3:bf:c3:82
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Hostname Option 12, length 5: "DUMMY"
            END Option 255, length 0
    Vmc43
    @Vmc43
    Hey all!
    I want to use scapy to analyze a pcap file, where I sniffed some USB-commands. When i analyze the file, it seems that it doesn't recognize the USB frames, because I get only "Raw"-frames. I looked a little bit in the python-lib of scapy and it seems like, that the USB-layer works only for Windows? I use Ubuntu 18.04. Has anybody gathered some experience about this topic? Can somebody confirm/disprove this? Thanks in advance!
    Shane Zhang
    @shane-zhang
    Hi all!
    Annotation 2020-03-07 094137.png
    I am extracting pcapng files with scapy, can scapy extract the interface id and interface name field in the packet?
    Gabriel
    @gpotter2
    @Vmc43 We haven't implemented the linux USB format. Nor send/receive.. Feel free to contribute
    @noodle-lover You should let the OS do that. Search how to switch the channel on your OS. You might need to use monitor=True
    @TL There's support for everything. See https://scapy.readthedocs.io/en/latest/layers/bluetooth.html (first link on google... how did you miss that)
    Tim Sampson
    @sanga
    Hi all. Firstly thank you for the awesome tool you've created! Now to my question... Has there been any moves to create a multithreaded offline pcap sniffer? I have seen reference to this idea earlier in this chat and for example here (secdev/scapy#1999). Is this already possible or has anyone made a start on it if not?
    I'm analysing multi-device streaming pcaps (e.g. several devices streaming youtube for a while) and currently sniff is taking a decent amount of time to chew through all that data (whilst only using a single core)
    Guillaume Valadon
    @guedou
    This PR is merged in master
    Tim Sampson
    @sanga
    sure but that PR doesn't actually include multithreaded offline pcap processing, does it? It just mentions it
    i.e.
    '....it will allow us to enable:
    Sessions in sndrcv*: match a chunked HTTP response to its answer ?
    multi-thread dissection (I have great hopes for this. I plan to use multiprocessing.dummy and try to paralellize packet dissections in pools)'
    (emphasis mine)
    Vmc43
    @Vmc43
    @gpotter2 Ok, thanks!
    chevillotn
    @chevillotn
    Hi all, I'm new to this channel, let me know if i'm in the wrong location. I'm trying to have a class which has a field of type PacketListField and use next_cls_cb callback to have a variable number of another class. This other class is dynamic (called TDYN), meaning that 1st instance has field 'test1', second instance has field 'test2', i.e. they have different content but are of the same kind. In the TDYN constructor i delete the content of self.fields_desc and add my new field depending on the instance index. That works quite fine if is manually disable caching of the fields (class_dont_cache=True) but it doesn't work that well when showing the packet content as the self.fields_desc is common to all instances and is used to show the content of the packet (instance 1 doesn't have 'test2' for example). My question is more like: how can i correctly handle such kind of dynamic content packet? I was able to get the decoding fine with those hacks but displaying doesn't work so i would tend to think i'm not properly using Scapy and there ought to be another way. Thanks for reading and hopefully giving me a solution :)
    dpsisodia
    @dpsisodia
    I need to convert GRE(ERSPAN) packet into GTP or UDP packet. Any pointer will be appriciated?
    Taeer Bar-Yam
    @Radvendii
    Does anyone have experience using IGMPv3 in scapy? I can't tell if I'm putting the packets together wrong, or it's just super broken, and I can't find examples anywhere.
    Taeer Bar-Yam
    @Radvendii
    I made an issue on the github, and I'm working on a pull request for a fix
    Taeer Bar-Yam
    @Radvendii
    okay, i'm writing the test for it and I cannot figure out how to actually run the tests. when i do cd test; ./run_tests it doesn't run the ones in contrib. When I run cd test; ./run_tests -t contrib/igmpv3.uts i get an error about not being able to find IGMPv3 (the necessary things are not being imported)
    (I don't usually use python, so I might be missing something obvious)
    Taeer Bar-Yam
    @Radvendii

    I submitted this issue: secdev/scapy#2536
    and this pull request: secdev/scapy#2537

    pull request is still a draft because i don't know how to check whether my test works. any help on that would be appreciated

    KyleJeong
    @KyleJeong
    I have a pcap file, which format is "Nokia tcpdump - pcap".
    I tried to read the pcap file using RawPcapReader.
    But it seems it does not work correctly. (Wireshark is working well with this format.)
    Is there anyone who experienced similar thing?
    Pierre Lalet
    @p-l-
    Could you share a sample?
    KyleJeong
    @KyleJeong

    I can't upload my pcap because of my company policy.

    So I share this method.

    visit https://www.cloudshark.org/captures/fe65ed807bc3
    click Export
    Select Download
    Select Original File

    It works well with RawPcapReader.

    Then try this command to make Nokia tcpdump file.
    tshark.exe -r .\icmp.pcap -F nokiapcap -w icmp_nokia.pcap

    then try with icmp_nokia.pcap.

    KyleJeong
    @KyleJeong

    from scapy.utils import
    from scapy.config import conf
    from scapy.layers.l2 import Ether
    from scapy.layers.inet import IP, TCP, UDP
    from scapy.layers import

    from scapy.packet import Packet, bind_layers
    from scapy.all import *

    .... main routine is.....

    for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
    ether_pkt = Ether(pkt_data)
    print(ether_pkt.summary())

    icmp.pcap result is

    Ether / IP / ICMP 192.168.158.139 > 174.137.42.77 echo-request 0 / Raw
    Ether / IP / ICMP 174.137.42.77 > 192.168.158.139 echo-reply 0 / Raw
    Ether / IP / ICMP 192.168.158.139 > 174.137.42.77 echo-request 0 / Raw
    Ether / IP / ICMP 174.137.42.77 > 192.168.158.139 echo-reply 0 / Raw
    Ether / IP / ICMP 192.168.158.139 > 174.137.42.77 echo-request 0 / Raw
    Ether / IP / ICMP 174.137.42.77 > 192.168.158.139 echo-reply 0 / Raw
    Ether / IP / ICMP 192.168.158.139 > 174.137.42.77 echo-request 0 / Raw
    Ether / IP / ICMP 174.137.42.77 > 192.168.158.139 echo-reply 0 / Raw

    icmp_nokia.pcap result is

    56:e0:14:49:00:0c > 00:00:00:00:00:50 (0x2934) / Raw
    00:00:00:0c:29:34 > 4a:00:00:00:00:00 (0xbde) / Raw

    2*yo
    @2xyo_twitter
    Hi Scapy folks, could you please take a look at the PR secdev/scapy#2476 ?
    JackKuo
    @JackKuo-tw
    Hi, Does anyone know how to get the whole HTTP data with built-in function when the packets were segmented.
I know the sessions() can gather all related packets, but how to merge them?
ex: There is a POST request which was segmented into 2 packet, how to get the HTTP data by call built-in function?
    gilkzxc
    @gilkzxc
    hi the installation of scapy fails on my windows 10 python 3.8
    "warning: install_lib: 'build\lib' does not exist -- no Python modules to install "
    "error: can't copy 'doc\scapy.1': doesn't exist or not a regular file"
    Gabriel
    @gpotter2
    @JackKuo-tw There are merged automatically when using sniff(session=TCPSession())
    JackKuo
    @JackKuo-tw
    @gpotter2 But what I need is to handle with .pcap file 🤔
    Gabriel
    @gpotter2
    @JackKuo-tw Then sniff(session=TCPSession(), offline="a.pcap")