Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check for presence of a layer in a scapy packet?

Tags:

python

scapy

How do I check for the presence of a particular layer in a scapy packet? For example, I need to check the src/dst fields of an IP header, how do I know that a particular packet actually has an IP header (as opposed to IPv6 for instance).

My problem is that when I go to check for an IP header field, I get an error saying that the IP layer doesn't exist. Instead of an IP header, this particular packet had IPv6.

pkt = Ether(packet_string)
if pkt[IP].dst == something:
  # do this

My error occurs when I try to reference the IP layer. How do I check for that layers existence before attempting to manipulate it?

Thanks!

like image 229
Mr. Shickadance Avatar asked Apr 04 '11 15:04

Mr. Shickadance

People also ask

How do you sniff packets with Scapy?

Sniffing packets using scapy: To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed. To see the summary of packet responses, use summary(). The sniff() function listens for an infinite period of time until the user interrupts.

What is Sprintf in Scapy?

sprintf is a function to format a packet's data in a human readable form.

What is sr1 in Scapy?

Send and receive packets (sr) The function sr1() is a variant that only returns one packet that answered the packet (or the packet set) sent. The packets must be layer 3 packets (IP, ARP, etc.). The function srp() do the same for layer 2 packets (Ethernet, 802.3, etc.).

How do I read pcap in Scapy?

Reading a pcap file with Scapy, is commonly done by using rdpcap() . This function reads the whole file and load it up in memory, depending on the size of the file you're trying to read can take quite some memory.

2 Answers

For completion I thought I would also mention the haslayer method.

>>> pkts=rdpcap("rogue_ospf_hello.pcap") 
>>> p=pkts[0]
>>> p.haslayer(UDP)
0
>>> p.haslayer(IP)
1

Hope that helps as well.

like image 174
dc5553 Avatar answered Oct 03 '22 16:10

dc5553

You should try the in operator. It returns True or False depending if the layer is present or not in the Packet.

root@u1010:~/scapy# scapy
Welcome to Scapy (2.2.0-dev)
>>> load_contrib("ospf")
>>> pkts=rdpcap("rogue_ospf_hello.pcap")
>>> p=pkts[0]
>>> IP in p
True
>>> UDP in p
False
>>>
root@u1010:~/scapy#
like image 31
jliendo Avatar answered Sep 29 '22 16:09

jliendo
Sign in to Comment

Related questions

AttributeError: __enter__ from "with tf.Session as sess:"
How to run Azure CLI commands using python?
pandas get unique values from column of lists
Faster way to sum a list of numbers than with a for-loop?
Perl equivalent of (Python-) list comprehension
Pythonic way to ignore for loop control variable
getting Ceil() of Decimal in python?
Sane way to define default variable values from within a jinja template?
Exit while loop by user hitting ENTER key
Creating Charts & Graphs with Python [closed]
Multiplication of 1d arrays in numpy
Regular expression: Match everything after a particular word
Convert binary string to bytearray in Python 3
Color matplotlib bar chart based on value
How can I get current base URI in flask? [duplicate]
Fastest way to store a numpy array in redis
converting from .py to .ipynb
Python multiple threads accessing same file
How should I write very long lines of code?
python copy files to a network location on Windows without mapping a drive

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!