scapy command for defining the data part of udp packet

Question

I had used the following command to generate a GTP packet using sendp

>>>sendp(Ether()/IP(dst="1.1.1.1", proto=17,  
len=124)/UDP(sport=2152,dport=2152,len=104)/Raw(load=('32 ff 00 58 00 00 00 01 '
'28 db 00 00 45 00 00 54 00 00 40 00 40 00 5e a5 ca 0b 28 9e c0 a8 28 b2 08 00 '
'be e7 00 00 28 7b 04 11 20 4b f4 3d 0d 00 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 '
'14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d '
'2e 2f 30 31 32 33 34 35 36 37')), iface="eth1", loop=1, inter=1.0002)

In Wireshark,

Click on the following link for wireshark view : https://i.sstatic.net/Ag1xP.jpg

Expecting the Data of UDP packet as -

32 ff 00 58 00 00 00 01 28 db 00 00 45 00 00 54 00 00 40 00 40 00 5e a5 ca 0b 28
9e c0 a8 28 b2 08 00 be e7 00 00 28 7b 04 11 20 4b f4 3d 0d 00 08 09 0a 0b 0c 0d
0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28
29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37

But I found this data at "right most side of the packet description", instead of "Middle portion of the packet description".

Could you please let me know the command to be used to correct this.

Answer 1

I assume you want the above hex values to be the data in the UDP packet.

What you provided to Raw was a string of characters, spaces included, not hex code in Python. We will first convert your string of characters into a valid hex string in Python, then provide that to Scapy so the data will go on the wire as you want it.

I'll also show you some nice functions to preview what you will see in Wireshark.

First we'll put your data into its own variable.

>>> data = ('32 ff 00 58 00 00 00 01 '
...     '28 db 00 00 45 00 00 54 00 00 40 00 40 00 5e a5 ca 0b 28 9e c0 a8 28 b2 08 00 '
...     'be e7 00 00 28 7b 04 11 20 4b f4 3d 0d 00 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 '
...     '14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d '
...     '2e 2f 30 31 32 33 34 35 36 37')

Then split that up into a nice list.

>>> data_list = data.split(" ")
>>> data_list
['32', 'ff', '00', '58', '00', '00', '00', '01', '28', 'db', '00', '00', '45',
 '00', '00', '54', '00', '00', '40', '00', '40', '00', '5e', 'a5', 'ca', '0b',
 '28', '9e', 'c0', 'a8', '28', 'b2', '08', '00', 'be', 'e7', '00', '00', '28', 
 '7b', '04', '11', '20', '4b', 'f4', '3d', '0d', '00', '08', '09', '0a', '0b',
 '0c', '0d', '0e', '0f', '10', '11', '12', '13', '14', '15', '16', '17', '18',
 '19', '1a', '1b', '1c', '1d', '1e', '1f', '20', '21', '22', '23', '24', '25', 
 '26', '27', '28', '29', '2a', '2b', '2c', '2d', '2e', '2f', '30', '31', '32', 
 '33', '34', '35', '36', '37']

Generate the string which can be passed to Raw as the binary data you want to appear in the packet.

>>>data_s = ''.join(data_list).decode('hex')
>>>data_s
'2\xff\x00X\x00\x00\x00\x01(\xdb\x00\x00E\x00\x00T\x00\x00@\x00@\x00^\xa5\xca
\x0b(\x9e\xc0\xa8(\xb2\x08\x00\xbe\xe7\x00\x00({\x04\x11K\xf4=\r\x00\x08\t\n\x0b
\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f
!"#$%&\'()*+,-./01234567'

Use this string for your UDP Payload and build your packet!

>>> packet = IP(dst="1.1.1.1", proto=17,  
... len=124)/UDP(sport=2152,dport=2152,len=104)/Raw(load=data_s)
>>> packet.show()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= 124
  id= 1
  flags= 
  frag= 0
  ttl= 64
  proto= udp
  chksum= None
  src= 0.0.0.0
  dst= 1.1.1.1
  \options\
###[ UDP ]###
     sport= gtp_user
     dport= gtp_user
     len= 104
     chksum= None
###[ Raw ]###
        load= '2\xff\x00X\x00\x00\x00\x01(\xdb\x00\x00E\x00\x00T\x00\x00@\x00@
               \x00^\xa5\xca\x0b(\x9e\xc0\xa8(\xb2\x08\x00\xbe\xe7\x00\x00({\x04
               \x11K\xf4=\r\x00\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14
               \x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./0
               1234567'

This should produce the expected data in Wireshark. Here is a hexdump of what you should see. I excluded the Ethernet layer, was giving Scapy on my machine some trouble for an unknown reason.

>>> hexdump(p)
0000   45 00 00 7C 00 01 00 00  40 11 78 6F 00 00 00 00   E..|....@.xo....
0010   01 01 01 01 08 68 08 68  00 68 90 1A 32 FF 00 58   .....h.h.h..2..X
0020   00 00 00 01 28 DB 00 00  45 00 00 54 00 00 40 00   ....(...E..T..@.
0030   40 00 5E A5 CA 0B 28 9E  C0 A8 28 B2 08 00 BE E7   @.^...(...(.....
0040   00 00 28 7B 04 11 20 4B  F4 3D 0D 00 08 09 0A 0B   ..({.. K.=......
0050   0C 0D 0E 0F 10 11 12 13  14 15 16 17 18 19 1A 1B   ................
0060   1C 1D 1E 1F 20 21 22 23  24 25 26 27 28 29 2A 2B   .... !"#$%&'()*+
0070   2C 2D 2E 2F 30 31 32 33  34 35 36 37               ,-./01234567