Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    still trying to figure out if it's possible to enumerate existing bind_layers() mappings. If anyone knows how or if that can be done I'd appreciate any help. Thanks
    Guillaume Valadon
    It is is possible (see the definition of bind_layers()) but there is no function to do that.
    For example [(l, l.payload_guess) for l in conf.layers]
    Thanks @guedou !
    Hi, I m having a problem creating a basic SOME IP service discovery following the example provided https://scapy.readthedocs.io/en/latest/layers/automotive.html?highlight=some%20ip#creating-a-some-ip-sd-message. The SOME IP package is working perfectly, however, the SD packet is not formed correctly thus not recognized as a SD packet by Wireshark and the SOME IP version is not correct. I did a capture with Wireshark reporting those issues http://fuiing.com/share/SD%20prob.png . I will be great if you can support me on this issue, thank you for making Scapy open source, it's really a great tool, have a great day
    Raslan Darawsheh
    Hi, I see this PR: secdev/scapy#2795 which was merged to github master branch are we sure that it fits all the RFC implementation ?
    it's causing several issues currently, would anyone be available for helping with that ?
    Guillaume Valadon
    Could you be more specificic?
    Raslan Darawsheh
    here is an example of it:
    GTPPDUSessionContainer(type=4, qmp=0, QFI=17).show2()
    this will trigger a TypeError: can only concatenate tuple (not "bytes") to tuple exception
    also the alignment of the headers for types like 0 are not properly set
    Guillaume Valadon
    Could you provide a fix?
    Raslan Darawsheh
    I'm trying to do it
    there is also this kind of issue:
    len(GTPPDUSessionContainer(ExtHdrLen=1, type=0, P=1, QFI=0X3F, qmp=1))
    it will report 9 bytes of header len
    meanwhile from the spec for it it should be 4 bytes aligned
    Guillaume Valadon
    Michael Bruhn
    Hey. Is there any (easy) way to pass down parameters to a layer when building it? I am trying to build a packet which contains a mac field. This field can be 32 or 64 bytes long but there is no indication by the layer itself which length to use. Im looking for something like p = Dummy(mac_length=32)
    I tried it with: class Dummy(Packet): name="Dummy", fields_desc = [ StrFixedLenField("mac", "", length_from: lambda pkt: pkt.mac_length) ]
    def __init__(self, _pkt=b"", mac_length=32, **kwargs):
        self.mac_length = mac_length
        Packet.__init__(self, _pkt, **kwargs)
    but this never overides the mac_length of 32. So with p = Dummy(mac_length=64) its still 32 bytes long when building
    I think im missing something very obvious but i cant make it
    Guillaume Valadon
    There is no simple mechanism that will help you do that easily.
    You could have a look at the BGP layer which uses a configuration parameter to specify the length of an attribute https://github.com/secdev/scapy/blob/c38a4782928aaa0e657c41638ce1f469aac2edb1/scapy/contrib/bgp.py#L1158
    Hi is there some tcp-server implementation based on scapy?
    because no one answered I have written one myself, based on Automaton/supersockets. It's not complete but a good start. Are you interested in adding it to the docs or the code?

    Hey! I'm having some trouble building a new protocol. The packets look something like this:

    Packet length Header length Header data data
    00 07 02 AA AA FF FF FF FF

    I think I'm getting close, but I don't know how to tell the packet length field to count the length of multiple fields (Header length + header data + data)

    class TestPacket(Packet):
        name = "Test Packet"
        fields_desc = [
            FieldLenField("len", None, fmt=">H", length_of="XXX"),
            FieldLenField("header_len", None, fmt="B", length_of="header"),
            StrLenField("header", None, length_from=lambda pkt: pkt.header_len),
            StrLenField("data", None, length_from=lambda pkt:pkt.len - pkt.header_len)

    Anybody have any ideas? :)

    @hsand We would typically use a post_build function. This example is taken from GRE_PPTP (layers/l2.py)
    def post_build(self, p, pay):
            # type: (bytes, bytes) -> bytes
            p += pay
            if self.payload_len is None:
                pay_len = len(pay)
                p = p[:4] + chb((pay_len >> 8) & 0xff) + chb(pay_len & 0xff) + p[6:]  # noqa: E501
            return p
    What do I need to do to send IPv4 packet via RFC5549 IPv6 nexthop? my routing table has default via inet6 fe80::1 dev eth0 src
    Please can anyone help me more with scapy learning?
    I was given task to make new parser for protocols. But iam not able to understand how FieldLenField, StrField etc works.. I was reading doc many times and still don´t know how to figure it.
    Please can anyone DM/explain how i shall parse properly data to fields? Like i know that 6e 6e is something but i don´t know how to find it in proper way and extract
    variable length returns 160B for each packet also. And i would like to parse data in "value" really into bigger detail.
    Tristan Idoux
    Hello everyone :)
    I'm facing a problem right now. Here is my config first 'Linux, Python 3.8.5, Scapy 2.4.3'.
    More context, I have a DHCP listener which uses L2 socket, used this way.
    Tristan Idoux
            self._logger.info("Starting DHCP listener")
            self._socket = scapy.conf.L2listen(type=scapy.ETH_P_ALL, iface=self._interface, filter="udp and (port 67 or 68)")
            scapy.sniff(opened_socket=self._socket, prn=self._proc_packet, store=False, stop_filter=lambda bool: self._stop_event.isSet())
            self._logger.info("DHCP listener stopped")

    I also have a L2 socket for sending broadcast discover trames. Implementation below.

            result_list, unanswered = self._l2socket.sr(scapy.Ether(dst="ff:ff:ff:ff:ff:ff")/scapy.ARP(pdst=cidr), timeout=20, verbose=True)

    The problem is that when I receive a DHCP request callback & when a network discovery is running at the same time, I get the following error:

      File "app/lib/network_discoverer.py", line 87, in _discover_network_devices
        result_list, unanswered = self._l2socket.sr(scapy.Ether(dst="ff:ff:ff:ff:ff:ff")/scapy.ARP(pdst=cidr), timeout=20, verbose=True)
      File "usr/lib/python3.8/site-packages/scapy/supersocket.py", line 95, in sr
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 261, in sndrcv
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 136, in __init__
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 243, in _sndrcv_rcv
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 925, in _run
      File "usr/lib/python3.8/site-packages/scapy/sessions.py", line 47, in on_packet_received
      File "usr/lib/python3.8/site-packages/scapy/sendrecv.py", line 212, in _process_packet
      File "usr/lib/python3.8/site-packages/scapy/layers/l2.py", line 166, in hashret
    TypeError: can't concat str to bytes

    It occurs only (I'm almost certain) when I'm receiving a DHCP frame while discovering the network.
    Any input on why this is happening ? Please :)

    Thanks for your time.


    Hello everyone,

    Let me start with saying:

    • thanks for the tool, it looks super useful
    • I am fairly new to python and totally new to scapy

    Is there anyway to pass a variable when initializing a layer?

    Here is my use-case:
    Mypacket is a header followed by an encrypted payload.
    A field of the header indicates the certificate fingerprint of the public key used to cipher the payload.
    In post_dissect(), I would like to be able to: match the cert fingerprint and uncipher the payload.

    To avoid hardcoding the fingerprint/cert in my packet description, I was thinking of initializing the layer as follow:

    class Mypacket(Packet):
        name = "Mypacket"
        fields_desc = [
                LenField("mylen", None, fmt="I"),  # 4 bytes
                XNBytesField("fingerprint", 0, 20),
        def post_dissect(self, s):
            for c in self.credentials:
                if c.hash == self.fingerprint:
                    return crypto.uncipher(c.private_key, s)
            return s
    p = Mypacket(bytes, credentials=credentials)

    Is "post_dissect()" the right place for unciphering?
    Is there anyway to pass a variable when initializing a layer? if no is there a work-around (maybe a 0 byte field containing some information?) ?

    Thanks a lot !

    post_dissect is indeed the correct place for this kind of stuff.
    You'll need to change the __init__ function of your packet to store an extra argument. Have a look online. You can copy the signature of __init__ from Packet.py or use __init__(*args, credentials=None, **kwargs). Remember to call super
    1 reply

    Thanks Gabriel that is super useful !

    One additionnal questions here:

    Some of the fields within my packet are meant to be manipulated as "bytes field".
    Is there a better field than XNBytesField/NBytesField to manipulate them? By digging, I realize that NBytesField internal representation is a large int. So comparing c.hash and self.fingerprint needs some sugar syntax to either:

    • convert back self.fingerprint to bytes()
    • or convert c.hash to a NBytesField to make the comparison in the internal format

    Oh, nevermind I was reading the doc and realized that XStrLenField is probably the field that I am looking for.
    I think it would be worth mentioning "raw" or "raw bytes" in XStrLenField to make it more searchable.

    X just means "hexadecimal", it's not literally raw
    hi, maybe someone could help me with packet[Raw].load - how to add new payload? (packet is RTP)
    Mauro M.
    Hello, Ive been having some difficulty extracting some information from a packet, namely one that has the TLS layer. I'm trying to get the extensions_server_name from a Client Hello request, I've been trying to access the extensions class but to no avail, any suggestions?
    Hello, How to remove a Packet from a PCAP file using Scapy ?
    Nils Weiss
    Hi, you can deserialize a pcap file with rdpcap(...). This returns a PacketList. From this PacketList, remove the desired packet. Finally you can serialize this packet list back into a pcap file with wrpcap(...)
    Thank you M. @polybassa for this response, but I'm looking for a Scapy function able to remove complete packet, I found 'remove_payload' which remove only a part of packet.
    Can someone help me?
    I want to use sendpfast as an lab. I want to send 10Mbps, but the link bandwidth is only 1Mbps. I want to measure the packet loss, but the speed seems to drop because of the link bandwidth, and it drops to the link bandwidth.
    @MariMari7 You can use native python functions (e.g. mylist.pop(1) ) on the list of packets returned by rdpcap(...) to remove the packet from the list.
    Hi, I want to create a packet which Contains two DoIP/UDS Messages. So something like this: IP()/TCP()/DoIP(Data1)/UDS(Data1)/DoIP(Data2)/UDS(Data2). But the second part DoIP(Data2)/UDS(Data2) is treated as part of the payload for DoIP(Data1). Is this somehow possible?