I have made some modifications to Pyshark to have it include the raw data in it's layers. From there, I can grab the frame_raw.value which looks something like:
'000026002f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2'
I now need to use that data to create a scapy packet, which needs to look something like this:
b'\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x1b-\xb7\xec\x01\x00\x00\x00\x100\x8f\t\xc0\x00\xcb\x00\x00\x00\xc3\x00\xcb\x01\xc4\x00|\x00\x18t.\xb7\xcf\x16\xc3\xca\xbc\xb2'
How do I convert the pyshark data to the required format that scapy needs?
Here is an example of my input and output:
In [264]: d
Out[264]: '000026002f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2'
In [265]: RadioTap(d)
Out[265]: <RadioTap version=48 pad=48 len=12336 present=Flags+FHSS+dBm_AntSignal+dB_TX_Attenuation+dBm_TX_Power+dB_AntSignal+dB_AntNoise+b20+b21+b28+b29 notdecoded='2f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2' |>
Simply passing the binary string to RadioTap() (or Ether() if that is your link layer protocol) works for me:
>>> from scapy.all import *
>>> data="000026002f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2"
>>> RadioTap(hex_bytes(data))
<RadioTap version=0 pad=0 len=38 present=TSFT+Flags+Rate+Channel+dBm_AntSignal+b14+b29+Ext notdecoded=' \x08\x00\xa0 \x08\x00\x00\x1b-\xb7\xec\x01\x00\x00\x00\x100\x8f\t\xc0\x00\xcb\x00\x00\x00\xc3\x00\xcb\x01' |<Dot11 subtype=12L type=Control proto=0L FCfield= ID=31744 addr1=18:74:2e:b7:cf:16 addr2=None addr3=None SC=None addr4=None |<Raw load='\xc3\xca\xbc\xb2' |>>>
Python 3
>>> from scapy.all import *
>>> import codecs
>>> data="000026002f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2"
>>> RadioTap(codecs.decode(data, "hex"))
<RadioTap version=0 pad=0 len=38 present=TSFT+Flags+Rate+Channel+dBm_AntSignal+b14+b29+Ext notdecoded=' \x08\x00\xa0 \x08\x00\x00\x1b-\xb7\xec\x01\x00\x00\x00\x100\x8f\t\xc0\x00\xcb\x00\x00\x00\xc3\x00\xcb\x01' |<Dot11 subtype=12L type=Control proto=0L FCfield= ID=31744 addr1=18:74:2e:b7:cf:16 addr2=None addr3=None SC=None addr4=None |<Raw load='\xc3\xca\xbc\xb2' |>>>
Python 2
>>> from scapy.all import *
>>> data="000026002f4000a0200800a0200800001b2db7ec0100000010308f09c000cb000000c300cb01c4007c0018742eb7cf16c3cabcb2"
>>> RadioTap(data.decode("hex"))
<RadioTap version=0 pad=0 len=38 present=TSFT+Flags+Rate+Channel+dBm_AntSignal+b14+b29+Ext notdecoded=' \x08\x00\xa0 \x08\x00\x00\x1b-\xb7\xec\x01\x00\x00\x00\x100\x8f\t\xc0\x00\xcb\x00\x00\x00\xc3\x00\xcb\x01' |<Dot11 subtype=12L type=Control proto=0L FCfield= ID=31744 addr1=18:74:2e:b7:cf:16 addr2=None addr3=None SC=None addr4=None |<Raw load='\xc3\xca\xbc\xb2' |>>>