import scapy.all as scapy
pkt = scapy.IP(src='127.0.0.1', dst='127.0.0.1')
pkt.show2()
result:
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 20
id = 1
flags =
frag = 0
ttl = 64
proto = ip
chksum = 0x7ce7
src = 127.0.0.1
dst = 127.0.0.1
\options \
What is chksum in scapy do i need care about it ?
what is ihl = 5 ?
what is len = 20 ?
i have searched on google about checksum but i don't know if it is related to the chksum of scapy i am not sure anyone can help ?
Related
I want to get the value of some fields in my scapy code for receiving packets, but I don't know how to do it exactly. When I print the value, I get the error that the layer is not defined or AttributeError: 'NoneType' object has no attribute 'proto'
class TELEMETRY(IPOption):
name = "TELEMETRY"
option = 31
fields_desc = [ _IPOption_HDR,
ByteField("length", 2),
Emph(SourceIPField("src", "dst")),
Emph(DestIPField("dst", "127.0.0.1")),
ShortEnumField("sport", 20, TCP_SERVICES),
ShortEnumField("dport", 80, TCP_SERVICES),
ByteEnumField("proto", 0, IP_PROTOS),
BitField("timeTaken", 0, 32),
BitField("egress_timestamp", 0, 48),
BitField("enqQdepth", 0, 19),
BitField("deqQdepth", 0, 19),
BitField("padding", 0, 2) ]
I can access the IP packet within the code blow but when I want to access the telemetry fields in my custom fields,
I get error AttributeError: 'NoneType' object has no attribute 'proto'
def handle_pkt(pkt):
ip_src=pkt[IP].src
ip_dst=pkt[IP].dst
ip_ver=pkt[IP].version
ip_id=pkt[IP].id
telemetry = pkt.getlayer(TELEMETRY)
print ip_src,ip_dst,ip_ver,ip_id, telemetry.proto
os.system(" echo %s %s %s %s %s| nc localhost 6666" % (ip_src,ip_dst,ip_ver,ip_id,telemetry.proto))
Here is the result of pkt.show2()
niffing on h4-eth0
got a packet
###[ Ethernet ]###
dst = 08:00:00:00:02:00
src = ff:ff:ff:ff:ff:ff
type = IPv4
###[ IP ]###
version = 4
ihl = 13
tos = 0x0
len = 172
id = 1
flags =
frag = 0
ttl = 63
proto = tcp
chksum = 0x5efb
src = 192.168.1.1
dst = 192.168.3.3
\options \
|###[ TELEMETRY ]###
| copy_flag = 0
| optclass = control
| option = 31
| length = 32
| src = 192.168.1.1
| dst = 192.168.3.3
| sport = 64314
| dport = 1234
| proto = tcp
| timeTaken = 11
| egress_timestamp= 7740314797
| enqQdepth = 0
| deqQdepth = 0
| padding = 0
###[ TCP ]###
sport = 64314
dport = 1234
seq = 0
ack = 0
dataofs = 5
reserved = 0
flags = S
window = 8192
chksum = 0x2d40
urgptr = 0
options = ''
Any idea would be appreciated. :)
getlayer
works when you want to get a sub layer.
In you case, you want to get a layer inside a list.
(IP.options is a list of layers)
the solution is then:
telemetry = pkt[IP].options[0]
now, for the option list might be empty for a variaty of reason, so you might want to:
if len(pkt[IP].options):
telemetry = pkt[IP].options[0]
else:
pass
# deal with it
Carcigenicate Also pointed out that you might have more of those options in your packet, you may want to deal with that too.
I have this ICMP packet and I want to change IP in ICMP field (I've also tried to understand what this inner IP header is), how do I access it?
I've tried things like pack[ICMP].fieldname but nothing works so far.
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 84
id = 2531
flags = DF
frag = 0
ttl = 63
proto = icmp
chksum = 0x1ab3
src = 192.168.100.2
dst = 192.168.100.1
\options \
###[ ICMP ]###
type = dest-unreach
code = fragmentation-needed
chksum = 0xfcfb
reserved = 0
length = 0
nexthopmtu= 0
unused = ''
###[ IP in ICMP ]###
version = 9
ihl = 2
tos = 0x5f
len = 59487
id = 0
flags =
frag = 0
ttl = 231
proto = esp
chksum = 0x800
src = 0.0.0.0
dst = 16.17.18.19
\options \
|###[ IP Option Router Alert ]###
| copy_flag = 0
| optclass = control
| option = router_alert
| length = 21
| alert = 5655
|###[ IP Option ]###
| copy_flag = 0
| optclass = control
| option = upstream_multicast_packet
| length = 25
| value = '\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+'
Nevermind I've found the answer: an ICMP() error incapsulates his original IP header, so it's IP/ICMP/IP
IPerror is the field that permits to change it.
I am trying to fragment 120 bytes IP payload by 100 bytes. However, in output I got two packets one with 138 bytes and other with 50 bytes (Ethernet and IP header size are 14 and 20 bytes respectively). In first packet data offset starts from 0 to 103 and for second packet data offset starts from 104 to 119. Firstly I cannot understand why it works in this way. In order to understand I tried to look to source of defined fragment function in layers/inet.py line 552.
Scapy recalculates fragmentation size as follows:
def fragment(self, fragsize=1480):
"""Fragment IP datagrams"""
fragsize = (fragsize + 7) // 8 * 8 # <- RECALCULATION OF FRAGMENT SIZE
lst = []
fnb = 0
fl = self
while fl.underlayer is not None:
fnb += 1
fl = fl.underlayer
for p in fl:
s = raw(p[fnb].payload)
nb = (len(s) + fragsize - 1) // fragsize
for i in range(nb):
q = p.copy()
del(q[fnb].payload)
del(q[fnb].chksum)
del(q[fnb].len)
if i != nb - 1:
q[fnb].flags |= 1
q[fnb].frag += i * fragsize // 8
r = conf.raw_layer(load=s[i * fragsize:(i + 1) * fragsize])
r.overload_fields = p[fnb].payload.overload_fields.copy()
q.add_payload(r)
lst.append(q)
return lst
Can somebody explain why it is doing so?
N.B:
Ethernet header size 14 byte
IPv4 header size 20 byte
See https://github.com/secdev/scapy/issues/2424#issuecomment-576879663
From https://www.rfc-editor.org/rfc/rfc791#section-3.2 (page 25, top):
If an internet datagram is fragmented, its data portion must be broken on 8 octet boundaries.
To answer your question, fragment size must be a multiple of 8.
104 is a multiple of 8, not 100
How do you interpret hrPrinterDetectedErrorState (http://cric.grenoble.cnrs.fr/Administrateurs/Outils/MIBS/?oid=1.3.6.1.2.1.25.3.5.1.2) or something like it using Sharp Snmp lib? Is there some kind of bit string type? It's kind of a bitmask, but you may only receive one byte instead of two (or I've seen four bytes).
Did it on my own in powershell.
[flags()] Enum hrPrinterDetectedErrorState
{
lowPaper = 0x8000
noPaper = 0x4000
lowToner = 0x2000
noToner = 0x1000
doorOpen = 0x0800
jammed = 0x0400
Offline = 0x0200
serviceRequested = 0x0100
inputTrayMissing = 0x0080
outputTrayMissing = 0x0040
markerSupplyMissing = 0x0020
outputNearFull = 0x0010
outputFull = 0x0008
inputTrayEmpty = 0x0004
overduePreventMaint = 0x0002
notUsed = 0x0001
}
function snmpmessage($data) {
$bytes = [byte[]][char[]]$data
# pack up to two bytes into an int left to right
$code = [int]$bytes[0]
$code = $code -shl 8
if ($bytes[1]) { $code = $code + $bytes[1] }
[hrPrinterDetectedErrorState]$code
}
PS C:\> snmpmessage -join [char[]](0x91,0x04)
inputTrayEmpty, serviceRequested, noToner, lowPaper
Here is my sphinx search configuration (sphinxsearch_0.9.9-6_amd64):
index FULL
{
charset_type = utf-8
source = FULL
path = /var/sphinx/data/Full
docinfo = extern
mlock = 0
min_stemming_len = 1
min_prefix_len = 1
min_word_len = 1
html_strip = 1
index_exact_words = 1
}
searchd
{
listen = 192.168.2.3
log = /var/log/sphinxsearch/searchd.log
query_log = /var/log/sphinxsearch/query.log
read_timeout = 3
client_timeout = 60
max_children = 30
pid_file = /var/run/searchd.pid
max_matches = 1000
seamless_rotate = 1
preopen_indexes = 0
unlink_old = 1
mva_updates_pool = 1M
max_packet_size = 8M
max_filters = 256
max_filter_values = 4096
}
I use php as client
$sphinx_client->SetServer('localhost', 9312);
$sphinx_client->SetConnectTimeout(1);
$sphinx_client->SetArrayResult(true);
$sphinx_client->setRankingMode(SPH_RANK_WORDCOUNT);
$sphinx_client->SetMatchMode(SPH_MATCH_EXTENDED2);
if ($mode == 'all') {
$sphinx_client->SetSortMode(SPH_SORT_RELEVANCE, 'category');
} else {
$sphinx_client->setFilter('category', array($this->_filter_category), FALSE);
}
$sphinx_client->SetLimits(0, $this->_limit);
$results = $sphinx_client->Query('"^'.$query.'$"', 'FULL');
for example i have those names in index :
1. Alex
2. Alen
3. George
4. A
5. G
::: When i try to search for simple 1 char string "A" i get Alen / Alex / A and so on.
How can i search based on string length so i can display them in right order like :
A / Alen / Alex ...
I also get "WARNING: index 'FULL': no morphology, index_exact_words=1 has no effect, ignoring"
Best Regards
use an ordinal field ( str2ordinal ) , do your normal search , but modify sort mode : switch to extended mode and use a combination like $sphinx_client->SetSortMode(SPH_SORT_EXTENDED, '#weight desc , myordinal asc');