Python Scapy - create a new protocol definition within UDP Data
Is it possible to use Scapy's PcapReader to analyze UDP packet data with custom fields? For example, within the UDP packet Data (see attached Wireshark capture), there are the following fields of my_proto:
VER - 2 bytes
FLAGS - 2 bytes
TIMESTAMP - 8 bytes
VAL1 - 4 bytes
VAL2 - 4 bytes, etc
I would like to parse these fields, such that for each packet received I can retrieve [my_proto].VER, [my_proto].FLAGS, etc.
I think what I want is similar to the Disney example in the documentation, however, I am unsure of how to bind (not sure if that is the right word) it to the Data portion of UDP. (https://scapy.readthedocs.io/en/latest/build_dissect.html)
as you said your protocol could like similar to that:
from scapy.all import Packet,LEShortField, LELongField, LEIntField
class GreatProtocol(Packet):
name = "GreatProtocol "
fields_desc=[ LEShortField("VER", 0),
LEShortField("FLAGS",0),
LELongField("TIMESTAMP", 0),
LEIntField("VAL1", 0),
]
now, to bind you need to use the function bind. you could use it 3 different ways:
- All UDP payload are GreatProtocol (not recomended)
- All UDP with dest port = X are GreatProtocol (most logical)
- All UDP with src port = X are GreatProtocol
from scapy.all import bind_layers
from scapy.layers.inet import UDP
# All UDP payload are GreatProtocol (not recomended)
bind_layers(UDP, GreatProtocol)
# All UDP with dest port = X are GreatProtocol (most logical)
bind_layers(UDP, GreatProtocol, dport=55)
# All UDP with src port = X are GreatProtocol
bind_layers(UDP, GreatProtocol, sport=99)
note that I show using the src and dst port, but you can use any field of the layer UDP
there is also the option of doing a one off.
my_packet[UDP].decode_payload_as(GreatProtocol)
docs:
creating layer: https://scapy.readthedocs.io/en/latest/build_dissect.html
binding layer: https://scapy.readthedocs.io/en/latest/build_dissect.html#binding-layers
decode_payload_as: https://scapy.readthedocs.io/en/latest/api/scapy.packet.html#scapy.packet.Packet.decode_payload_as
- How do I get the current IPython / Jupyter Notebook name
- Python - AttributeError: 'NoneType' object has no attribute 'findAll'
- Django Invalid HTTP_HOST header: 'testserver'. You may need to add u'testserver' to ALLOWED_HOSTS
- Geopandas : sort a sample of points like a cycle graph
- _tkinter.TclError: can't use "pyimage1" as iconphoto: not a photo image
- toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading
- How to update imshow() window for Python OpenCV CV2
- What's a fast way to identify all overlapping sets?
- http.client works but requests throws read timeout
- Elegant way to unpack limited dict values into local variables in Python
- How to see if a widget exists in Tkinter?
- ROS1 catkin_make failed: catkin_install_python() called without required DESTINATION argument
- Custom permissions in rests framework
- Python: Sort XML attributes alphabetically within element without sorting elements
- Cplex Python how to avoid printing the output
- How to use the cl command?
- Run the same Python script with different arguments?
- Can't raise an exception with user input
- How can I silence logs of a command in .ipynb file?
- Unable to use Selenium Webdriver. Getting two exceptions
- How do I perform a function A set number of times and countdown each time it is performed?
- g++ linking and swig
- Django CSRF failing with .env file for Docker
- dask map_partitions strange behaviour
- How can I place a line exactly on the Y-axis?
- Python: Convert PDF to DOC
- Import local function from a module housed in another directory with relative imports in Jupyter Notebook using Python 3
- The equivalent of tf.contrib.image.transform in tensorflow 2.0?
- How to use character or string as operator placed in between operands?
- How to access a WhatsApp template on Twilio using Python?