Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Adding custom PTPv2 layer to scapy

Tags:

python

scapy

I want to add a PTPv2 Layer to scapy (v2.3.3) in python (v2.7). I added the ptpv2 class with the PTP entries to the file /scapy/layers/inet.py (because PTP is at layer 4). I also bound the ptpv2 layer to the upper layer, in my case Ethernet. 

bind_layers(Ethernet,ptpv2)

By typing the scapy command "ls()" the created ptpv2 layer is listed, ok, success. But by accessing the layer through my python script 

from scapy.all import *
from scapy.config import conf

conf.debug_dissector = True

for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
  if packet[ptpv2].sequenceId == '0x0566':  
    # do anything

the following error occurs:

File "/usr/lib/python2.7/dist-packages/scapy/fields.py", line 75, in getfield return s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, s[:self.sz])[0])
struct.error: unpack requires a string argument of length 2

The Wireshark file has the layers Frame -> Ethernet -> PTP, so my binding command has to be right.

Don't know where the error is.

This is the PTP layer in the Wireshark file:

enter image description here

This is the created ptpv2 class in scapy:

class ptpv2(Packet):
name = "Precision Time Protocol"
fields_desc = [
    XBitField('transportSpecific', 0x1, 4),
    XBitField('messageType', 0x0, 4),
    XBitField('versionPTP', 0x2, 4),
    XShortField('messageLength', 0x0036),
    XBitField('subdomainNumber', 0x0, 8),
    XShortField('flags', 0x0208),
    XLongField('correction', 0x0),
    XLongField('ClockIdentity', 0x08028efffe9b97a5),
    XShortField('SourcePortId', 0x0002),
    XShortField('sequenceId', 0x0566),
    XBitField('control', 0x05, 8),
    XBitField('logMessagePeriod', 0x7F, 8),
    XLongField('requestreceiptTimestampSec', 0x00000000057b),
    XLongField('requestreceiptTimestampNanoSec', 0x0d11715c),
    XLongField('requestingSourcePortIdentity', 0x08028efffe9b97a5),
    XShortField('requestingSourcePortId', 0x0002) ]

Pls, help me!

Thx

Chris

like image 829
crappidy Avatar asked Oct 17 '25 15:10

crappidy

1 Answers

You need to find the (first) packet that causes the crash:

conf.debug_dissector = True
from pdb import pm
for packet in PcapReader('/media/sf_SharedFolder/test.pcap'):
    if packet[ptpv2].sequenceId == '0x0566':

When the error occurs:

pm()
pkt

Then we'll see what's going on.

like image 146
Pierre Avatar answered Oct 20 '25 07:10

Pierre
Sign in to Comment

Related questions

Google Colab code change always produces "TabError: Inconsistent use of tab and spaces in indentation"
Writing million digits of pi in an array. Output : "<map object at 0x0000000005748EB8>" [duplicate]
Does SQLAlchemy have bool_and aggregate function?
Python multiprocessing behavior of Pool / starmap
Jupyter Python Markdown: Evaluated Inline code in LaTeX output
parser.add_argument support multiple types [duplicate]
Rewrite a python script, injecting a method in each of the script's classes
System hangs after pip install in docker build
Explanation of the Python itertools.product() implementation?
Conveniently import several classes from modules in a Python package
how to add an item to OrderedDict
How can I achieve a multiline title for a holoviews plot?
Missing instruction `_mm_crc32_u64` when installing clickhouse-cityhash on OSX 10.14.5
TensorFlow 2.0: tf.GradientTape() returns None results
Python: Error in self._sslobj.do_handshake() during opening a link in mechanize
Does Python have an equivalent of Perl's qq?
Get torch pad AssertionError on VITS training (TTS)
How to check whether my image is RGB format or BGR format in python? How do i convert them and viceversa?
Training a RandomForest is slow on a computing cluster
Select a range of dates in Python dictionary

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!