Search code examples
scapy

How to use import_hexcap() in scapy

I want to modify some values in ICMP. However, after multiple tests in wireshark, that value(unused) just stuck with 0. So I want to directly modify the bytes in the packet associate with that value. I found that hexdump() may be helpful. I want to get the dump and change from there. Then turn the changed bytes back to a packet. From spec, I should use import_hexcap(). But the description of the function is not clear enough. It doesn't have input. When I used it in a py file, the program just stuck there.

packet1 = scapy.Ether(scapy.import_hexcap())

>>>hexdump(pkt)
0000   00 50 56 FC CE 50 00 0C  29 2B 53 19 08 00 45 00   .PV..P..)+S...E.
0010   00 54 00 00 40 00 40 01  5A 7C C0 A8 19 82 04 02   .T..@[email protected]|......
0020   02 01 08 00 9C 90 5A 61  00 01 E6 DA 70 49 B6 E5   ......Za....pI..
0030   08 00 08 09 0A 0B 0C 0D  0E 0F 10 11 12 13 14 15   ................
0040   16 17 18 19 1A 1B 1C 1D  1E 1F 20 21 22 23 24 25   .......... !"#$%
0050   26 27 28 29 2A 2B 2C 2D  2E 2F 30 31 32 33 34 35   &'()*+,-./012345
0060   36 37 


>>>pkt_hex = Ether(import_hexcap())
0000   00 50 56 FC CE 50 00 0C  29 2B 53 19 08 00 45 00   .PV..P..)+S...E.
0010   00 54 00 00 40 00 40 01  5A 7C C0 A8 19 82 04 02   .T..@[email protected]|......
0020   02 01 08 00 9C 90 5A 61  00 01 E6 DA 70 49 B6 E5   ......Za....pI..
0030   08 00 08 09 0A 0B 0C 0D  0E 0F 10 11 12 13 14 15   ................
0040   16 17 18 19 1A 1B 1C 1D  1E 1F 20 21 22 23 24 25   .......... !"#$%
0050   26 27 28 29 2A 2B 2C 2D  2E 2F 30 31 32 33 34 35   &'()*+,-./012345
0060   36 37                                              67
Solution

  • After some time I figure out that import_hexcap is expecting me to paste the string. I need to paste the output from hexdump into the terminal and the packet turns out fine.

    0000  08 00 27 78 FE 4B 52 54 00 12 35 00 08 00 45 00  ..'x.KRT..5...E.
0010  00 38 00 01 00 00 40 01 31 6D C0 A8 64 01 C0 A8  [email protected]...
0020  64 05 03 04 41 5E 00 00 05 14 45 00 00 1C 00 01  d...A^....E.....
0030  00 00 40 11 31 74 C0 A8 64 05 C0 A8 64 06 FC F1  [email protected]...
0040  00 35 00 08 B9 5A                                .5...Z
0000  08 00 27 78 FE 4B 52 54 00 12 35 00 08 00 45 00  ..'x.KRT..5...E.
0010  00 38 00 01 00 00 40 01 31 6D C0 A8 64 01 C0 A8  [email protected]...
0020  64 05 03 04 41 5E 00 00 05 14 45 00 00 1C 00 01  d...A^....E.....
0030  00 00 40 11 31 74 C0 A8 64 05 C0 A8 64 06 FC F1  [email protected]...
0040  00 35 00 08 B9 5A                                .5...Z

###[ Ethernet ]### 
  dst       = 08:00:27:78:fe:4b
  src       = 52:54:00:12:35:00
  type      = IPv4
###[ IP ]### 
     version   = 4
     ihl       = 5
     tos       = 0x0
     len       = 56
     id        = 1
     flags     = 
     frag      = 0
     ttl       = 64
     proto     = icmp
     chksum    = 0x316d
     src       = 192.168.100.1
     dst       = 192.168.100.5
     \options   \
###[ ICMP ]### 
        type      = dest-unreach
        code      = fragmentation-needed
        chksum    = 0x415e
        reserved  = 0
        length    = 0
        nexthopmtu= 1300
###[ IP in ICMP ]### 
           version   = 4
           ihl       = 5
           tos       = 0x0
           len       = 28
           id        = 1
           flags     = 
           frag      = 0
           ttl       = 64
           proto     = udp
           chksum    = 0x3174
           src       = 192.168.100.5
           dst       = 192.168.100.6
           \options   \
###[ UDP in ICMP ]### 
              sport     = 64753
              dport     = domain
              len       = 8
              chksum    = 0xb95a