Reputation: 51
Unreadable encoding of a SMB/Browser packet in Scapy
I'm trying to parse a pcap file with scapy (in python), and getting raw data at the layer above TCP.
on wireshark, all the layers are shown correctly:
but on scapy all i'm seeing is just a Raw layer...
i'm thinking maybe it didn't parsed the packet well? maybe the NetBIOS moduled did not load? or maybe i didn't import the module right? (i tryied: import scapy.all, import scapy, import scapy.layers.smb ) how do i make scapy load the layers of the packet correctly?
thanks!
Upvotes: 2
Views: 1827
Answers (1)
Reputation: 41
If someone has a similar problem…
You need something like
packet[TCP].decode_payload_as(NBTSession)
And then you Will get the decoded layers by scapy:
packet[TCP].show()
[ TCP ]
sport = microsoft_ds
…
options = []
[ NBT Session Packet ]###
TYPE = Session Message
RESERVED = 0
LENGTH = 4873
[ SMBNegociate Protocol Request Header ]###
Start = '\xfeSMB'
Command = 64
Error_Class= 0
Reserved = 1
Error_code= 0
Flags = 0
Flags2 = 0
PIDHigh = 5
Signature = 0
Unused = 0
TID = 183
PID = 0
UID = 0
MID = 0
WordCount = 0
ByteCount = 0
[ SMB Negotiate Protocol Request Tail ]###
BufferFormat= 0
BufferData= '\x03'
Also you can try after that to decode the packet with the different clases:
packet.decode_payload_as(SMBNegociate Protocol Request Header)
Upvotes: 0
Related Questions
- Sending a UDP with scapy shows malformed in wireshark
- Undrstanding simple bytes output from scapy
- scapy sniff with special characters
- Change encoding to convert Pyshark raw data to scapy raw data
- How to "decode" python scapy packet "RAW load"
- Converting hex string to packet in Scapy
- Converting a scapy packet to string produces an E?
- scapy SMB/CIFS decoding
- Converting hex to ascii while reading packets in scapy -- Python
- Parse packet bytes using Scapy