scapy

问题 I am trying to generate STP packet and to capture it with wireshark.Basically what I do is >>> send(STP()) from Scapy and the result from wireshark is: 53918 2671.938356000 00.00.00 00.00.00 FC 49 [Malformed Packet] My question is how to configure the STP packet, the result from wireshark to be STP packet not FC.Please help :) 回答1: You need to use the sendp() function instead of send(), and you also need to add the Ether() and LLC() layers before STP(). For instance: sendp(Ether(dst="01:80:c2

问题 When I enter this code: print "hhhh" from scapy.all import sniff print "bbbb" this is the output: C:\Python27\python.exe C:/Users/Tamir/PycharmProjects/SIP/main.py hhhh WARNING: No route found for IPv6 destination :: (no default route?) Process finished with exit code 0 Why doesn't the second print (of "bbbb") work? When I put the import line in a comment, or import another library, it works. 回答1: sys.stdout is redirected to readline console. It seems not working well with pycharm in this way

问题 I extended Scapy to support a new protocol for my testing. I see that the sniff() command is able to dissect the packets automatically after I stitched 2 layers together using bind_layers() . I was expecting that should be good enough for dissections. Whenever I use sniff() I see dissections are working. But when I use the sr() or sr1() functions I see that the answered packet is not dissected and Scapy reports it as Raw . I also see that it has some extra packets as part of answered. More

问题 Is it possible to do this? from scapy.all import * def action(packet): print packet[0][1].src + "==>" + packet[0][1].dst print "Rerouting to localhost" packet[0][1].dst = '127.0.0.1' print packet[0][1].src + "==>" + packet[0][1].dst sendp(packet) sniff(filter="dst host 203.105.78.163",prn=action) Something like this but is there a way to send the packet to localhost and drop the packet being sent to 203.105.78.163? (not using iptables) 回答1: There is no way to do this, because Scapy sniffs

问题 I'm trying to switch to using Scapy instead of Wireshark, but am having trouble decoding the data I'm getting. In Wireshark I can easily see the last layer for filtered packets labeled as "Distributed Interactive Simulation", but in Scapy the last layer is "Raw". I'm trying to get the data from this layer in the same human readable format. So far I've gotten: # Capture with Scapy from scapy.all import sniff capture = sniff(filter="dst 10.6.255.255 and port 3000", count=5) packet = capture[0]

问题 I'm trying to do a TCP ACK Spoofing. I sniff one ACK packet from a pcap file and send it in a loop incrementing its ACK number as well as another option field. Sniffing Part: (Prespoofing) from scapy.all import * from struct import unpack, pack pkt = sniff(offline="mptcpdemo.pcap", filter="tcp", count=15) i=6 while True: ack_pkt = pkt[i] if ack_pkt.sprintf('%TCP.flags%') == 'A': break i+=1 del ack_pkt.chksum del ack_pkt[TCP].chksum print ack_pkt.chksum, ack_pkt[TCP].chksum hex2pkt = ack_pkt._

问题 How can I do reverse DNS lookup using scapy in Python? I look for it in Google but I couldn't find related to this topic. 回答1: Reverse DNS is already written into Python's Socket module. Simply use the following: >>> import socket >>> socket.gethostbyaddr("69.59.196.211") ('stackoverflow.com', ['211.196.59.69.in-addr.arpa'], ['69.59.196.211']) Which was originally posted here, Python lookup hostname from IP with 1 second timeout, by https://stackoverflow.com/users/81179/christophed 回答2: Ok. I

问题 I install the module scapy for python 2.6 and when I import this module I get this warning: WARNING: can't import layer ipsec: 'module' object has no attribute 'IPPROTO_AH' I looked in the socket attributes and i didnt find the 'IPPROTO_AH' attribute In addition, i tried to edit the module ipsec.py and find way to replace IPPROTO_AH with something else but then i got WARNING WITH IPPROTO_ESP ! I tried edit lines in ipsec.py such as: overload_fields = { IP: {'proto': IPTest}, IPv6: {'nh':

问题 I am currently working on a program that takes a .pcap file and separates all of the packets out by ip using the scapy package. I want to decompress the payloads that are compressed using the gzip package. I can tell if the payload is gzipped because it contains Content-Encoding: gzip I am trying to use fileStream = StringIO.StringIO(payload) gzipper = gzip.GzipFile(fileobj=fileStream) data = gzipper.read() to decompress the payload, where payload = str(pkt[TCP].payload) When I try to do this

问题 I am trying to identify packets with incorrect checksums while using Scapy as a sniffer. I am able to get the original checksum by accessing packet[TCP].chksum I then remove this using del packet[TCP].chksum I would like to do something like if(originalChecksum == recomputedChecksum): # Checksum is valid I understand that using show2() recomputes the checksum, but is there anyway to access this attribute for comparing back to the original? Calling show2() simply displays what the checksum