Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Jonas
    @JonasWG
    Is(TCP) is a scapy function?
    Guillaume Valadon
    @guedou
    Yes. It lists the fields in a packet
    Jonas
    @JonasWG
    It doesnt show up when I call pkt.show()
    Does ls show more fields than show()?
    Pierre Lalet
    @p-l-
    pkt.show() won't show unmodified fields; ls(TCP), on the other hand, will show all the fields in a layer.
    Jonas
    @JonasWG
    Seems that the TCP length is not an actual field like it is represented in wireshark
    Pierre Lalet
    @p-l-
    That's true, and wireshark itself shows the field as a computed field ([TCP Segment Len: X] rather than TCP Segment Len: X)
    Jonas
    @JonasWG
    Do you know what wirehark bases the TCP length on?
    Even though my packets look good when I look at the raw representation, wireshark refuses to parse more than the original length
    Pierre Lalet
    @p-l-
    That's probably a question for wireshark devs rather than me, but I'd say the dataofset value and the length of the IP packet?
    Jonas
    @JonasWG
    Thats what I thought too.. for most protocols its fine when I just change the IP packet len but for this one it does not work
    Kirill Spitsyn
    @x746e
    Hi. What is the best way to use non-continuous bits for a field?
    In particular, in GTPv2 there are two fields, MCC and MNC, each of them consists from three four-bit digits (12 bits per each field, 24 bits / 3 bytes overall), and they are coded in this weird manner: MCC-digit-2 MCC-digit1 MNC-digit-3 MCC-digit-3 MNC-digit-2 MNC-digit-1.
    Notice that MNC-digit-3 is in between MCC digits 1 and 3.
    Here's a table from the spec: MCC/MNC coding
    I believe the way those two fields are currently done in Scapy ( https://github.com/secdev/scapy/blob/d883cdcf9f135fa0b3eff35c3938daa926478801/scapy/contrib/gtp_v2.py#L305-L306 ) isn't correct (and doesn't match how Wireshark is dissecting gtpv2 packets).
    What would be a good way to fix it?
    Andrey Ferriyan
    @codesaber_gitlab
    Hi. What is the difference between TCP.load and TCP.payload?. I read it from here secdev/scapy#707
    Guillaume Valadon
    @guedou
    p.payload is used to access the Packet after the Packet p. p.load is a short version of p[Raw].load that will only work if p contains a Raw layer
    joelgun
    @joelgun-xyz
    Hi all, quick question. I'm currently trying to parse a pcap file for HTTPRequest and HTTPResponse in a python script. I've loaded the pcap with sniff and session=TCPSession, load_layer("http") and trying to filter with haslayer. Unfortunately i don't get any results for HTTPResponse and in HTTPRequests there are just all GET requests visible. If i try it to analyze in the terminal i works perfectly to display the HTTPResponse. Anybody an idea what i'm doing wrong? Thanks and regards
    sry, btw i'm using scapy 2.4.3
    Gabriel
    @gpotter2
    So it works but it doesn't work? Could you make that clearer?
    Andrey Ferriyan
    @codesaber_gitlab
    @guedou Thank you.
    Monika-Parasar
    @Monika-Parasar
    Hi, scapy installation is throwing error "raise ImportError("setuptools is required to install scapy !")", but have installed setuptools in my setup
    image.png
    image.png
    setuptools 40.6.3
    rADikal8e7
    @rADikal8e7
    did anyone have success with scapy running in docker??
    i am using the most basic docker file and resolving the dependencies but i am unable to see a response when i use a srp1 function
    contents of the docker file
    FROM python:3
    #install tcpdump
    RUN apt-get update && \
        apt-get -y install \
        gcc tcpdump libpcap-dev && \
        apt-get clean
    
    #install pip packages
    RUN pip3 install scapy \
                     pexpect \
                     netaddr \
                     pyYaml \
                     ipaddr
    CMD scapy
    rADikal8e7
    @rADikal8e7
    i am using host networking btw so that the container has access to all host interfaces
    rADikal8e7
    @rADikal8e7
    looks to be an env issue rather than a scapy or docker issue...
    Guillaume Valadon
    @guedou
    I have never had any issue with Docker and Scapy. You need to make sure that Scapy runs as root or with CAP_NET_RAW capability
    rADikal8e7
    @rADikal8e7
    @guedou what does scapy use to listen ....sending the packet seems to be fine.. it uses native linux pf_packet socket to listen when i run it on a host ... but how about a container... how would it have access to this socket?? or am i missing something basic
    Guillaume Valadon
    @guedou
    That also works in a container
    rADikal8e7
    @rADikal8e7
    so from the above docker file i wouldnt need to install tcpdump or libpcap-dev then right? since scapy already has access to native
    Guillaume Valadon
    @guedou
    Yes
    tcpdump is only needed if you plan to use BPF filters
    Deepak Kumar
    @kumarde
    hey all! thanks for all your hard work in maintaining scapy, it's a great tool I've used a lot! I've got a question slash issue w/ scapy and Windows. Specifically, I'm trying to grab the IP range of the network I'm currently connected to. The way I've implemented this is by going through conf.route.routes and grabbing the netmasks present there. Unfortunately, scapy seems to get a seemingly incorrect netmask value (thinks I'm on a /16 instead of /24) on Windows, but the same code works fine on OSX and *nix systems. Any ideas?
    works fine on OSX and nix on the same network too
    rADikal8e7
    @rADikal8e7
    @guedou it was a nic driver and nvm driver mismatch...updating the kernel nic driver fixed this...... these drivers are going to be the death of me :)
    Froger David
    @dfroger
    hello, wrpcap("get.pcap", [Ether() / IP() / TCP() / HTTPRequest(User_Agent='foo', Host='bar')]), how can specify the HTTP headers order in the generated pcap?
    (looking at the source code, it seems not possible)
    Maxime Mawait
    @Maxmawt
    Hi, I am a network engineering student and I would like to start contributing to this project. Is there some issue to deal with which might be good for a first contribution?
    Guillaume Valadon
    @guedou
    @Maxmawt some ideas are listed here secdev/scapy#399
    Welcome !
    ZAHEERUDDIN SYED
    @zaheersyed
    Hi
    L3 packet play on Windows return the below error for IPV6 (IPv4 works fine)
    Im using L3WinSocket: a native Layer 3 (IPv4) raw socket under Windows
    Am I missing something in case of IPV6 ?
    ZAHEERUDDIN SYED
    @zaheersyed
    [Errno 11004] getaddrinfo failed
    Exception socket.error: (10022, 'An invalid argument was supplied') in <bound method L3WinSocket.__del__ of <scapy.arch.windows.native.L3WinSocket object at 0x00000000031E2A98>>
    Im using scapy 2.4.3
    Guillaume Valadon
    @guedou
    Did you have a look at the described limitations at https://github.com/secdev/scapy/blob/master/scapy/arch/windows/native.py ?
    Maxime Mawait
    @Maxmawt
    Hi, I would to implement the TCP server. Are there more features to implement than the acknowledgement of packects and the completion of the threeway handshake?
    AnnabellBrocker
    @AnnabellBrocker

    When using PMF, there will be the 4 way handshake authentication in order to connect a client to an access point

    Every of the four messages is a Dot11QoS package, but I am not able to rebuild one of the messages separately from the other ones. When sending an authentication package, the 4 way handshake is automatically generated, but I want to spearately resend message 3. thereofre I need to build my own message 3 package of the 4 way handshake

    Does anyone has any ideas how to create your own message3 package?