Clever Geek Handbook

Understanding the Scapy data structure

Hello I was struggling with the Scapy data structure, I mean how packages are stored and how to get them.

So instead of just using sintax and relying on it, I would like to do a bit of research to better understand and become familiar with what's behind.

I saw that this is a dictionary of dictionaries, but not the one that makes up this dictionary.

I came across the same structure that I think and I want you to correct me if I'm wrong, but I think it makes sense: a dictionary of objects where each object is a TCP / IP layer.

So it all makes sense (except that I don't have a payload on Ether, which would be after IP and an IP payload, which would be after TCP)

Anyway, I think it will help shed some light on the messy structure, although I know it is not 100% accurate:

#Scapy

class Ether:

    def __init__(self,dst='ff:ff:ff:ff:ff:ff',src='00:00:00:00:00:00',type=0):

        self.dst=dst
        self.src=src
        self.type=type



class IP:

    def __init__(self,version=4,ihl=None,tos=0,leng=None,idd=1
                 ,flags=None,frag=0,ttl=64,proto=06,chksum=None,src='127.0.0.1',dst='127.0.0.1'):


        self.version = version
        self.ihl = ihl
        self.tos = tos
        self.leng = leng
        self.idd = idd
        self.flags = flags
        self.frag = frag
        self.ttl = ttl
        self.proto = proto
        self.chksum = chksum
        self.src = src
        self.dst = dst



class TCP:

    def __init__(self,sport=21,dport=80,seq=0,ack=0,dataofs=None,reserved=0
                 ,flags=0,window=8192,chksum=None,urgptr=0,options=0,payload=''):

        self.sport=sport;
        self.dport=dport;
        self.seq=seq
        self.ack=ack
        self.dataofs=dataofs
        self.reserved=reserved
        self.flags=flags
        self.window=window
        self.chksum=chksum
        self.urgptr=urgptr
        self.options=options
        self.payload=payload



pkt1 = {'Ether':Ether(src='ff:aa:bb:aa:dd:aa'),'IP':IP(src='192.168.1.10',dst='192.168.1.1')}

pkt2 = {'IP':IP(dst='8.8.8.8'),'TCP':TCP(dport=80)}

print pkt1['IP'].src

pkts = []

pkts.append(pkt1)

pkts.append(pkt2)

for pkt in pkts:

    print pkt['IP'].dst

print pkts[0]['Ether'].src

Having this conclusion:

GET / HTTP/1.1

192.168.1.1
8.8.8.8
ff:aa:bb:aa:dd:aa

I hope this is instructive and you can correct your mistakes.

+3


source to share


1 answer


Reading from this article :



Scapy uses Python dictionaries as the data structure for packages. each package is a set of nested dictionaries, each of which is a child dictionary of the previous layer, built from the lowest level up. Each field (for example, Ethernet value dst

or ICMP value type

) is equal to a pair : value at the appropriate level. These fields (and nested layers) are all mutable, so we can reassign them in place using the assignment operator.

+2


source






More articles:


All Articles