0 votes
in Education by (1.7m points)
i want to create a new layer using scapy,i created a new layer but when i sent it to another computer it got lost, wireshark also cant recognize it. how can i slove this problem?

class OMER(Packet):

    name = "OMER"

    fields_desc = [StrLenField("Omer", "", None)]

JavaScript questions and answers, JavaScript questions pdf, JavaScript question bank, JavaScript questions and answers pdf, mcq on JavaScript pdf, JavaScript questions and solutions, JavaScript mcq Test , Interview JavaScript questions, JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)

1 Answer

0 votes
by (1.7m points)
When you create a new protocol or a new layer with scapy, other network tools like wireshark (and others) since they are not aware of your protocol's specifics will not be able to automatically parse it correctly.

If you want to experiment with a new protocol you will have to create your own local decoder. The following example even its minimal, it demonstrates all of the above:

#!/usr/bin/env python

from scapy.all import *

# create a simple protocol

# (example similar with the one in the scapy docs...)

class Exmpl(Packet):

    name = "myprotocol"

    fields_desc=[ ShortField("fld1",5),

                  XByteField("fld2",3) ]

from scapy.utils import PcapWriter

# write data in a pcap file to examine later with

# 1 -> scapy

# 2 -> wireshark

print '\n[+] Writing net.pcap file...'

cap = PcapWriter("net.pcap", append=True, sync=True)

for i in range(10):

    packet = Exmpl(fld1=i)

    cap.write(packet)

# read the data and examine them with scapy

# scapy is aware of the "Exmpl" protocol (e.g. its fields etc...)

# and how to decode it, while wireshark is not

print '[+] Examining net.pcap file...\n'

packets = rdpcap('net.pcap')

for p in packets:

    Exmpl(str(p)).show()

The output of the above script will be like:

[+] Writing net.pcap file...

[+] Examining net.pcap file...

###[ myprotocol ]###

  fld1      = 0

  fld2      = 0x3

###[ myprotocol ]###

  fld1      = 1

  fld2      = 0x3

###[ myprotocol ]###

  fld1      = 2

  fld2      = 0x3

...skip...

As you can see scapy is aware of the protocol and thus can parse the data correctly. Now if you try to examine the "net.pcap" file with wireshark you will see the following:

wireshark is not aware of your protocol and as a result it can't parse it correctly.

Notice: As you can understand, even if you send those packets in another device (to actually do that you'll have to implement some other stuff also) then that device must also be aware of your protocol, otherwise it won't be able to parse it correctly. That is why when you tried to send the packets from one computer to another, the receiver couldn't successfully decode them.
...