I saw this code in github. I dont uderstand why packet.payload.proto == 17 is UDP and packet.payload.proto ==6 TCP.
packets = scapy.all.rdpcap('data/dns.cap')
for packet in packets: print('----------') print('src_mac: {0}'.format(packet.src)) print('dst_mac: {0}'.format(packet.dst))
ip = packet.payload print('src_ip: {0}'.format(ip.src)) print('dst_ip: {0}'.format(ip.dst)) if ip.proto == 17: udp = ip.payload print('udp_sport: {0}'.format(udp.sport)) print('udp_dport: {0}'.format(udp.dport)) if ip.proto == 6: tcp = ip.payload print('tcp_sport: {0}'.format(tcp.sport)) print('tcp_dport: {0}'.format(tcp.dport)) print('----------\n')
Because the IANA says so.
... 6 TCP Transmission Control [RFC793] ... 17 UDP User Datagram [RFC768][Jon_Postel] ...
The answer provided by Ignacio is correct. The RFCs and IANA designate those values.
As for what a payload is, that is relative to what packet (PDU more specifically) layer you are talking about.
Take the following example:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | IP | TCP | HTTP | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
HTTP is the payload of TCP, and (TCP + HTTP) is the payload of IP.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | IP | TCP | Payload | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
and
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | IP | Payload | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://en.wikipedia.org/wiki/IPv4#Header Shows the layout of an IP header. Protocol is one of those fields. When the protocol (ip.proto) is 6, per RFC the payload of the IP traffic is TCP. When it is 17, the payload is UDP.
Some protocols (like IP) have a field that enumerates what type their child payload is. Others don't.
