Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Gabriel
    @gpotter2
    count_* are related to how many objects / fields... are contained. length_of/length_from is the same but with the bytes amount
    *bytes size
    wavelength
    @wave-length
    @guedou - I tested with the master branch and I receive the same error.
    One thing I noticed. If I make the IPv6 interface the lowered number interface, ens192 vs ens224, scapy transmits fine. But if the IPv6 only interface is the higher numbered interface, the send operation fails with that error message.
    Manually changing "conf.iface='ens224'" works. Let me know if I need to send any additional information.
    Jonas
    @JonasWG
    print len(pkts[0])
    pkts[0].From = 'new_from_value'
    print len(pkts[0])
    When I do these operations I can see that the length of the packet changing but this change is not reflected in the Frame Length visible from Wireshark. How can I enforce that the length of the packet is changed for the entire frame so that WireShark can parse the packet properly.
    Currently I can only change a variable to a string of the same length. If I do otherwise and then try to view the packet with Wireshark I get [Packet size limited during capture].
    Jonas
    @JonasWG
    I figured I could do it manually for each packet by calculating the length difference and modifying the IP layer len field accordingly. Is there however a way to have this field automatically updated when I modify any layer above the IP layer?
    Gabriel
    @gpotter2
    Scapy can't guess everything you want to do and to it automatically.
    Jonas
    @JonasWG
    Ok, thank you for your help.
    Guillaume Valadon
    @guedou
    @wave-length could you share the output of conf.route6 ?
    wavelength
    @wave-length
    @guedou Its up at the following pastebin: https://pastebin.com/SYYg5Lfn
    I also dumped the ifconfig and OS route tables here: https://pastebin.com/YQY9dShG
    Let me know if you need anything else.
    Guillaume Valadon
    @guedou
    @wave-length thanks for sharing! I will investigate this further.
    Guillaume Valadon
    @guedou
    @wave-length the issue is that IPv6 is disabled on ens192. Could you try this PR secdev/scapy#2151 ? It still need more tests before being merged
    martind1111
    @martind1111
    I have posted a scapy question on stackoverflow and I am wondering if someone here could help me with this one. https://stackoverflow.com/questions/57046989/scapy-cross-layer-variable-reference
    James Gries
    @jamesgries

    After importing layers from Contrib, I'm unable to build a packet or see the help text for a layer, even though it's getting decoded properly. I get a "name 'layer' is not defined" error. This is on FreeBSD 11.2, python27-2.7.16_1, py27-scapy-2.4.2_2.

    `>>> npd2121=rdpcap('NPD_2_1_2_1_Allow_Public.pcap')

    ospfv3 = npd2121[13]
    ospfv3

    <Ether dst=84:b8:02:76:ab:ab src=00:00:10:10:11:80 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=89 hlim=255 src=3001::200:10ff:fe10:1180 dst=3000::200:10ff:fe10:1080 |<Raw load='\x03\x01\x00$\x00\x00\x00\x00\x00\x00\x00\x00X\xf5\x00\x00\x00\x00\x00\x01\xff\x00\x00\x13\x00\n\x00(\x00\x00\x00\x00\x00\x00\x00\x00' |>>>
    from scapy.contrib import ospf
    npd2121=rdpcap('NPD_2_1_2_1_Allow_Public.pcap')
    ospfv3 = npd2121[13]
    ospfv3

    <Ether dst=84:b8:02:76:ab:ab src=00:00:10:10:11:80 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=89 hlim=255 src=3001::200:10ff:fe10:1180 dst=3000::200:10ff:fe10:1080 |<OSPFv3_Hdr version=3 type=Hello len=36 src=0.0.0.0 area=0.0.0.0 chksum=0x58f5 instance=0 reserved=0 |<OSPFv3_Hello intid=1 prio=255 options=V6+E+R hellointerval=10 deadinterval=40 router=0.0.0.0 backup=0.0.0.0 |>>>>
    ls(OSPFv3_Hdr)
    Traceback (most recent call last):
    File "<console>", line 1, in <module>
    NameError: name 'OSPFv3_Hdr' is not defined
    ls()
    << OUTPUT OMITTED >>
    OSPF_BaseLSA : None
    OSPF_DBDesc : OSPF Database Description
    OSPF_External_LSA : OSPF External LSA (ASBR)
    OSPF_Hdr : OSPF Header
    OSPF_Hello : OSPF Hello
    OSPF_LLS_Hdr : OSPF Link-local signaling
    OSPF_LSA_Hdr : OSPF LSA Header
    OSPF_LSAck : OSPF Link State Acknowledgement
    OSPF_LSReq : OSPF Link State Request (container)
    OSPF_LSReq_Item : OSPF Link State Request (item)
    OSPF_LSUpd : OSPF Link State Update
    OSPF_Link : OSPF Link
    OSPF_NSSA_External_LSA : OSPF NSSA External LSA
    OSPF_Network_LSA : OSPF Network LSA
    OSPF_Router_LSA : OSPF Router LSA
    OSPF_SummaryASBR_LSA : OSPF Summary LSA (AS Boundary Router)
    OSPF_SummaryIP_LSA : OSPF Summary LSA (IP Network)
    OSPFv3_AS_External_LSA : OSPFv3 AS External LSA
    OSPFv3_DBDesc : OSPFv3 Database Description
    OSPFv3_Hdr : OSPFv3 Header
    OSPFv3_Hello : OSPFv3 Hello
    OSPFv3_Inter_Area_Prefix_LSA : OSPFv3 Inter Area Prefix LSA
    OSPFv3_Inter_Area_Router_LSA : OSPFv3 Inter Area Router LSA
    OSPFv3_Intra_Area_Prefix_LSA : OSPFv3 Intra Area Prefix LSA
    OSPFv3_LSA_Hdr : OSPFv3 LSA Header
    OSPFv3_LSAck : OSPFv3 Link State Acknowledgement
    OSPFv3_LSReq : OSPFv3 Link State Request (container)
    OSPFv3_LSReq_Item : OSPFv3 Link State Request (item)
    OSPFv3_LSUpd : OSPFv3 Link State Update
    OSPFv3_Link : OSPFv3 Link
    OSPFv3_Link_LSA : OSPFv3 Link LSA
    OSPFv3_Network_LSA : OSPFv3 Network LSA
    OSPFv3_Prefix_Item : OSPFv3 Link Prefix Item
    OSPFv3_Router_LSA : OSPFv3 Router LSA
    OSPFv3_Type_7_LSA : OSPFv3 Type 7 LSA
    << OUTPUT OMITTED >>
    TIP: You may use explore() to navigate through all layers using a clear GUI
    new_ospf = Ether()/IPv6()/OSPFv3_Hdr()/OSPFv3_Hello()
    Traceback (most recent call last):
    File "<console>", line 1, in <module>
    NameError: name 'OSPFv3_Hdr' is not defined`

    Gabriel
    @gpotter2
    Your import is useless: you should make a start import or use load_contrib("ospf")
    James Gries
    @jamesgries
    @gpotter2 Thanks for replying, load_contrib() cleared up my issue! I tried looking through the documentation but it's not detailed anywhere (although it's mentioned in the Automotive Penetration Testing section.) Could this be outlined in the 'Adding New Protocols' Section? I'm new to working with Python so I thought 'from scapy.contrib import <layer>' was proper etiquette. Could you point me to documentation that outlines what you mean by 'start import'?
    Gabriel
    @gpotter2
    My bad, I meant "star import". There are two ways of importing contrib layers:
    • from scapy.contrib.your_layer import *: the best for Python modules (even better if you import the few layers you need)
    • load_contrib('your_layer'): the best for console, but maybe not as great for a python module
    James Gries
    @jamesgries
    @gpotter2 Cool, thanks for the explanation!
    sneak-a-peek
    @sneak-a-peek
    Hi! Could somebody give me an advice? Is scapy an appropriate tool for next purpose: I have a .pcap file (with TCP/MySQL queries inside). May I send this pcap file by scapy into MySQL server like it would be real client generates queries to Database? Or should I find something else?
    pierwill
    @pierwill
    :wave: Hello all!
    pierwill
    @pierwill
    Writer with an academic background in English here. I’m learning a lot playing around with Scapy. The docs are great, especially the Introduction and wealth of examples! I do think they could use some editing and revising. Would the community be open to some docs-only contributions?
    Guillaume Valadon
    @guedou
    @pierwill any kind of help is welcome. I will suggest that you start with a small Pull-Request to show an example of what you wan to do.
    Jan Koscielniak
    @kosciCZ
    Hi! I was trying out the new AsyncSniffer, and I think I may have stumbled upon a bug. I'm not sure if it's my lack of understanding or an actual bug, so I wanted to first ask here. It seems that sniffer fails to indicate when it's actually ready to sniff, be it with started_callback or through self.running. I start the sniffer in my code, send few packets, receive some and then stop the sniffer and save the output to a pcap. I found that I randomly missed first ~25 packets in the capture, but I could see those messages were sent and received response. Only thing that seems to work consistently is sleeping for a second before sending the packets.
    pierwill
    @pierwill
    @guedou Great! I’d like to start with a simple PR or two regularizing linebreaks and paragraphs, cleaning up whitespace, etc.
    wavelength
    @wave-length
    @guedou Sorry, been away for a few days... I will test the code for PR 2151 this evening.
    wavelength
    @wave-length
    @guedou Tested with ipv6_disabled branch code that includes #2151
    conf.iface
    'ens192'
    ip = IPv6(dst = '2001:db8:c100:fff0:19:f268:76aa:ff62')
    req = TCP(dport=80)
    p=(ip/req)
    sr(p)
    Begin emission:
    WARNING: The conf.iface interface (ens192) does not support IPv6! Using ens224 instead for routing!
    .Finished sending 1 packets.
    *
    Received 2 packets, got 1 answers, remaining 0 packets
    (<Results: TCP:0 UDP:0 ICMP:0 Other:1>, <Unanswered: TCP:0 UDP:0 ICMP:0 Other:0>)
    Verified at the target lab host that the packet was received
    Thanks. And please let me know if you need me to test anything else related to this fix.
    Guillaume Valadon
    @guedou
    @wave-length thanks for the test! I still need to do more testing on my side. I wonder if we could implement a better fix
    pierwill
    @pierwill
    regarding docs #2191 : Thanks for the feedback! Instead of 80-character linebreaks, another possibility would be to put each sentence on a new line. This is a good compromise between readability and useful diffs. Would the maintainers be open to this? If not I could move on to other possible revisions. :+1:
    Jonas
    @JonasWG
    Can I call post_build manually after modifying a packet somehow? I changed a variable in a packet and I need the checksum to reflect the change.
    Gabriel
    @gpotter2
    Build the packet: pkt.__class__(bytes(pkt))
    ldp77
    @ldp77
    Any Interest in an OIntField in fields.py similar to XIntField but for octal representation as part of a PR that also contains contrib layers? Or should that be included in the module for the contrib layer that implements it?
    Guillaume Valadon
    @guedou
    @ldp77 you can keep it in the contrib layer for now. We usually move fields to fields.py when they start being used in different protocols.
    eswarthammana
    @eswarthammana
    Hi! I am trying to gather data from pcapng file for analysis. I am able to see src, dst, ether type, raw ... could some one help me to get data from all or others layers. Please look into this link for more information regarding layers and current output. ( https://stackoverflow.com/questions/57325755/how-to-extract-raw-data-from-pcap-file-which-of-6lowpan-or-ieee-802-15-4-using-p ). Thanks
    Jan Koscielniak
    @kosciCZ
    Hey, I'm seeing a lot of TCP dup/retransmissions when capturing with scapy, but not with tcpdump, any idea whats behind this?
    Jonas
    @JonasWG
    Can I easily get the list of all layer types detected for a specific packet?
    Instead of doing if pkts['SomeLayer'] is not None
    Guillaume Valadon
    @guedou
    You can try type(packet.payload) and iterate until packet.payload is None
    KyleJeong
    @KyleJeong

    I am making eCPRI (new protocol for network infrastructure) parsing program using Scapy.
    It's really nice have my own Protocol. I like bind_layers and getlayer.
    but I found some problem like this protocol structure.

    • fields_A
    • fields_B (it has repetition counter called "numPrbu")
    • fields_C
    • fields_C
      ...
    • fields_C (repeated "numPrbu" times)
    • fields_B again.
    • fields_C
    • fields_C
      ...
    • fields_C (repeated "numPrbu" times)

    I used
    bind_layers(field_A, field_B)
    bind_layers(field_B, field_C)
    bind_layers(field_C, field_C)
    bind_layers(field_C, field_B)

    But it was not worked well, because bind_layers does not now when next layer is field_C or field_B.
    Is there any solution in this case?

    Sergiu Tălmăcel
    @Sergiu154
    Hello , guys! I am trying to use the sniff function in order to save some MQTT packets but it seems that setting filter ='mqtt' does not work. Does scapy support this type of filter ?
    Pierre Lalet
    @p-l-
    The ‘filter’ parameter accepts BPF filters, just like tcpdump for example, it is not specific to Scapy. The best option is often to use the protocol and port values, e.g. ’filter="tcp port 80"’ for web traffic. You won't get HTTP traffic using a non-standard port, and you will get non-HTTP traffic using port TCP/80, but it is still often the best solution.
    If BPF filters are not enough, consider combining then with an ’lfilter’, as in ’filter="udp port 53", lfilter=lambda p: DNS in p’.
    KyleJeong
    @KyleJeong

    I solved repetition like this way
    class xRAN_UPLANE_IQ(Packet):
    ...
    fields_desc = [
    BitField("reserved", 0, 4),
    BitField('exponent', 0, 4),
    BitField("iSample0", 0, 14),
    BitField("qSample0", 0, 14),
    ...]
    def extract_padding(self, p):
    return "", p

    class xRAN_U_XXX(Packet):
    ...
    fields_desc = [
    .....
    BitFieldLenField("numPrbu", 0, 8, count_of="RB"),
    ....
    PacketListField("RB", None, xRAN_UPLANE_IQ, count_from=lambda pkt:pkt.numPrbu)
    ]

    Jan Koscielniak
    @kosciCZ
    Hi guys! Could someone please help me, or point me in the right direction concerning capturing on loopback interface? I would like to emulate tcpdump's behavior, which is able to ignore duplicate packets that appear to be both incoming and outcoming at the same time