I'm currently trying to extract the payload of a TCP packet (which is just a single letter) with Scapy, but it keeps giving me a NoneType exception after going through the first two packets.
from scapy.all import *
import base64
capture = rdpcap('Data.pcapng') # pcap file
output = open('output.bin','wb') # save dumped data to output.bin
for packet in capture:
# if packet is ICMP and type is 8 (echo request)
if packet[TCP].src == '172.16.139.128':
output.write(packet[TCP].payload) # write packet data to output.bin
The exception:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 372, in __getattr__
fld, v = self.getfield_and_val(attr)
TypeError: cannot unpack non-iterable NoneType object
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "exploit.py", line 10, in <module>
if packet[TCP].src == '172.16.139.128':
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 374, in __getattr__
return self.payload.__getattr__(attr)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 372, in __getattr__
fld, v = self.getfield_and_val(attr)
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 1600, in getfield_and_val
raise AttributeError(attr)
AttributeError: src
Does anyone know what's causing this? It should be outputting more.
The IP source address is in the IP header, not in TCP's. Hence, the error. So if you want to check whether the packet comes from 172.16.139.128 and has a TCP payload, the appropriate test would be:
if IP in packet and packet[IP].src == '172.16.139.128' and TCP in packet:
output.write(packet[TCP].payload)