Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Scapy - how to check packet type of sniffed packets

Tags:

python

sniffing

scapy

I am sniffing packets and need to know which packets are ICMPv6 Echo Request packets and which are UDP packets.

I know that I can do

P = sniff(filter='ip6 and host fe80::xx:xx:xx:xx',count=0)

IP in P  #will return false (my packets are IPv6)
UDP in P #will return true (when the specific packet is indeed UDP)

but I don't know how to check for ICMPv6 packets, and even more specifically ICMPv6 Echo Request packets... It doesn't seem like I can even check for anything IP version 6:

IPv6, IP6, ipv6, ip6, icmpv6, ICMPv6, icmp6, ICMP6 all return a 

NameError: name 'x' is not defined

Does anyone know of a way to do such a thing?

like image 534
geeoph Avatar asked Nov 04 '13 20:11

geeoph

People also ask

How do you use sniff packets with Scapy?

Sniffing packets using scapy: To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed. To see the summary of packet responses, use summary(). The sniff() function listens for an infinite period of time until the user interrupts.

What is PRN in Scapy sniff?

The prn argument is defined as: prn: function to apply to each packet. If something is returned, it is displayed. For instance you can use prn = lambda x: x.

What is the difference between send and Sendp in Scapy?

The send() function will send packets at layer 3. That is to say, it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.

What is LS in Scapy?

ls() : Displays all the protocols supported by scapy. lsc() : Displays the list of commands and functions supported by scapy. conf : Displays all configuration options. help() : Displays help on a specific command, for example, help(sniff)

1 Answers

If you're using Scapy v1.x, it does not handle IPv6, as it says in various places in the documentation. For example, in Download and Installation:

Scapy v2.x. The current development version adds several features (e.g. IPv6).

If you're using 2.x, it should work just fine with IPv6. For example, on my computer (Scapy 2.1.0, Apple pre-installed Python 2.7.2, OS X 10.8.5):

>>> P = sniff(filter='ip6', count=0)
… make sure to capture an IPv6 UDP packet …
>>> UDP in P
False
>>> IPv6 in P
False
>>> UDP in P[0]
True
>>> IPv6 in P[0]
True
>>> P[0][IPv6]
<IPv6  version=6L tc=0L fl=0L plen=98 nh=UDP …
>>> ICMPv6EchoRequest in P[0]
False
>>> ICMPv6EchoRequest
<class 'scapy.layers.inet6.ICMPv6EchoRequest'>
like image 189
abarnert Avatar answered Sep 17 '22 12:09

abarnert
Sign in to Comment

Related questions

Referencing values using foreign key on flask sql-alchemy
Flask-SQLAlchemy Querying Many-to-Many
Check if this is last line in file
Using Python Queue with a "with" statement
Vectorize eigenvalue calculation in Numpy
How to Mount Django App with uwsgi?
Django Adding Values to ForeignKey
Django Admin edit multiple models at once
Python, Matplotlib, plot multi-lines (array) and animation
Z3py: Convert a Z3 formula to clauses used by picosat
python scapy using incorrect egress interface
three.js to webGL to OpenGL
Where is the variable error_message defined in django tutorial part 4
python '__file__' is not defined [duplicate]
Why use threading data race will occur, but will not use gevent
What is a good way to select random seeds for scientific experiment in Python
Python OpenCV - Trouble detecting tiny "holes" (circles)
How to unit test/mock requests.get(url) & its response
Streaming data with Python and Flask raise RuntimeError: working outside of request context
Using the predict_proba() function of RandomForestClassifier in the safe and right way

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!