识别icmpv6类型

Question

In python-scapy, how can i filter based on icmpv6 type. For example, if icmpv6 type is 135(neighbor solicitation), how can i filter using this type of expression:

if(x == 135):  
    do this  

I want to find x in the above expression.There are tags in scapy for TCP, UDP, IPv6 but no tags for ICMPv6. For example, to access a source address parameter in IPv6 header in packet p, i can use p[IPv6].src since the tag IPv6 is there in scapy. But how to access ICMPv6 parameters?

If it cannot be done using scapy or this method, please suggest alternate approach. This problem is bugging me since long time. Thanks.

Answer 1

You should use Packet.haslayer('ICMPv6ND_NS') ...

>>> from scapy.all import rdpcap
>>> paks = rdpcap('ipv6.pcap')
>>> for idx, pak in enumerate(paks):
...     if pak.haslayer('ICMPv6ND_NS'):
...         print "Index %s: %s" % (idx, repr(pak))
...
Index 3: <Ether  dst=00:21:a0:50:ce:00 src=00:02:55:7b:b2:f6 type=0x86dd |
<IPv6  version=6L tc=0L fl=0L plen=32 nh=ICMPv6 hlim=255 
src=fe80::202:55ff:fe7b:b2f6 dst=fe80::221:a0ff:fe50:ce00 |
<ICMPv6ND_NS  type=Neighbor Solicitation code=0 cksum=0x8b54 R=0L S=0L 
O=0L res=0x0L tgt=fe80::221:a0ff:fe50:ce00 |<ICMPv6NDOptSrcLLAddr  type=1 
len=1 lladdr=00:02:55:7b:b2:f6 |>>>>
>>>

FYI, these are the packets in ipv6.pcap...

[mpenning@Bucksnort ~]$ tshark -r ipv6.pcap
  1   0.000000 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
  2   1.007475 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
  3   2.014461 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
  4   4.997348 fe80::202:55ff:fe7b:b2f6 -> fe80::221:a0ff:fe50:ce00 ICMPv6 Neighbor solicitation
  5   4.998613 fe80::221:a0ff:fe50:ce00 -> fe80::202:55ff:fe7b:b2f6 ICMPv6 Neighbor advertisement
[mpenning@Bucksnort ~]$