Scapy: Sniffing for self made layers
Question
Let's say I have created an own layer in scapy like
class MyProtocol(Packet):
name = "MyProtocol"
fields_desc = [ IntField("layerLength", 8), # always the same
ShortField("numberA", 4),
ShortField("numberB", 2),
IntField("numberC", 2) ]
If I had two devices, one sending packets containing this self made layer on top and another one sniffing network traffic - how could the second device detect whether one of the sniffed packets contains this special layer or not? Scapy already recognizes a lot of layers, but how do I make it recognize my own self made layer?
I know that i can simply take the Raw part of every packet, dissect it on byte level and, for example, check if the "layerLength" field really contains the total length of the layer, or add some special unique field, but that seems too complicated, because Scapy already knows some layers. So is there a way to make Scapy recognize a certain layer?
1 answers
solution1
3 ACCPTED 2015-07-20 19:20:25
Scapy uses what is called layer binding to indicate when specific packet dissector shall be applied. You can see in scapy source code examples in each layer module.
Eg If you use your protocol over TCP port 2222, you can add following line to your module:
bind_layers( TCP, MyProtocol, dport=2222)
Scapy will attempt to use MyProtocol to dissect the TCP payload as MyProtocol.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.