CODEWITHSUNDEEP
pythonnetwork-programmingdata-structuresscapy
aDoN
aDoN

Reputation: 1961

Understanding Scapy data structure

Hello I have been struggling with the Scapy data structure, I mean, with the way the packets are stored and the way to access them.

So instead of just using the sintax and rely on that I wanted to do a bit of research in order to know better and get familiar with what's behind it.

I have seen it is a dictionary of dictionaries, but not what this dictionary is made of.

I have come across the structure I think its behind and I would like you to correct me if I'm wrong but I think that make sense: a dictionary of objects, where each object is a TCP/IP layer.

This way everything makes sense (except I don't have payload in Ether which would be all after IP and payload in IP, which would be everything after TCP)

Anyways I think that would help throw some light about the scapy structure, although I am aware its not 100% accurate:

#Scapy

class Ether:

    def __init__(self,dst='ff:ff:ff:ff:ff:ff',src='00:00:00:00:00:00',type=0):

        self.dst=dst
        self.src=src
        self.type=type



class IP:

    def __init__(self,version=4,ihl=None,tos=0,leng=None,idd=1
                 ,flags=None,frag=0,ttl=64,proto=06,chksum=None,src='127.0.0.1',dst='127.0.0.1'):


        self.version = version
        self.ihl = ihl
        self.tos = tos
        self.leng = leng
        self.idd = idd
        self.flags = flags
        self.frag = frag
        self.ttl = ttl
        self.proto = proto
        self.chksum = chksum
        self.src = src
        self.dst = dst



class TCP:

    def __init__(self,sport=21,dport=80,seq=0,ack=0,dataofs=None,reserved=0
                 ,flags=0,window=8192,chksum=None,urgptr=0,options=0,payload=''):

        self.sport=sport;
        self.dport=dport;
        self.seq=seq
        self.ack=ack
        self.dataofs=dataofs
        self.reserved=reserved
        self.flags=flags
        self.window=window
        self.chksum=chksum
        self.urgptr=urgptr
        self.options=options
        self.payload=payload



pkt1 = {'Ether':Ether(src='ff:aa:bb:aa:dd:aa'),'IP':IP(src='192.168.1.10',dst='192.168.1.1')}

pkt2 = {'IP':IP(dst='8.8.8.8'),'TCP':TCP(dport=80)}

print pkt1['IP'].src

pkts = []

pkts.append(pkt1)

pkts.append(pkt2)

for pkt in pkts:

    print pkt['IP'].dst

print pkts[0]['Ether'].src

Having this output:

GET / HTTP/1.1

192.168.1.1
8.8.8.8
ff:aa:bb:aa:dd:aa

Hope this is instructive and you can correct my mistakes.

Upvotes: 4

Views: 3221

Answers (1)

doru
doru

Reputation: 9110

Reading from this article:

Scapy uses Python dictionaries as the data structure for packets. Each packet is a collection of nested dictionaries with each layer being a child dictionary of the previous layer, built from the lowest layer up. Each field (such as the Ethernet dst value or ICMP type value) is a key:value pair in the appropriate layer. These fields (and nested layers) are all mutable so we can reassign them in place using the assignment operator.

Upvotes: 2

Related Questions