scapy custom packets

I need to do some work in Scapy - so here is my Custom Packet starter code

from scapy.all import *
#Create simple Class
class dumbo(Packet):
    fields_desc = [
        ShortField('n1',0),
        ShortField('n2',0),
        ShortField('n3',0)
    ]
#Inform TCP that ports 9898 are this protocol
bind_layers(TCP,dumbo,sport=9898)
bind_layers(TCP,dumbo,dport=9898)
#Make a Packet

IP()/TCP(sport=9898, dport=9898)/Raw(load=b'\x00\x01\x00\x02\x00\x03')

pack.show2()

#
#Check Values
#

p2=dumbo()
p2.n1=1
p2.n2=2
p2.n3=3

ls(p2)
bytes(p2)

This Produces the following output

###[ IP ]###
  version   = 4
  ihl       = 5
  tos       = 0x0
  len       = 46
  id        = 1
  flags     = 
  frag      = 0
  ttl       = 64
  proto     = tcp
  chksum    = 0x7cc7
  src       = 127.0.0.1
  dst       = 127.0.0.1
  \options   \
###[ TCP ]###
     sport     = monkeycom
     dport     = monkeycom
     seq       = 0
     ack       = 0
     dataofs   = 5
     reserved  = 0
     flags     = S
     window    = 8192
     chksum    = 0x4480
     urgptr    = 0
     options   = []
###[ dumbo ]###
        n1        = 1
        n2        = 2
        n3        = 3

And to check the data

###[ IP ]###
  version   = 4
  ihl       = 5
  tos       = 0x0
  len       = 46
  id        = 1
  flags     = 
  frag      = 0
  ttl       = 64
  proto     = tcp
  chksum    = 0x7cc7
  src       = 127.0.0.1
  dst       = 127.0.0.1
  \options   \
###[ TCP ]###
     sport     = monkeycom
     dport     = monkeycom
     seq       = 0
     ack       = 0
     dataofs   = 5
     reserved  = 0
     flags     = S
     window    = 8192
     chksum    = 0x4480
     urgptr    = 0
     options   = []
###[ dumbo ]###
        n1        = 1
        n2        = 2
        n3        = 3
n1         : ShortField           = 1               (0)
n2         : ShortField           = 2               (0)
n3         : ShortField           = 3               (0)

b'\x00\x01\x00\x02\x00\x03'

Bind Layers

Simple clean and smart....

In this case we want all traffic to and from port 9898 to go to the next layer down - dumbo

bind_layers(TCP,dumbo,sport=9898)
bind_layers(TCP,dumbo,dport=9898)

Fields

  • ShortInt
    • Expects 2 Bytes
  • Int
    • Expects 4 Bytes

The data "payload" needs to be specified as bytes

i.e.

    TCP()/b'\x00\x01\x02\x03'

Displaying the Packet

Try several options

  • ls(packet)
  • packet.show()
  • packet.show2()
    • More Human friendly