vito
vito

Reputation: 323

Adding a new protocol to scapy (Similiar to ARP)

I would like to implement a new secure ARP protocol that is immune to ARP poisoning. The new "SecureArp" will hold a signature field that can be checked against an agreed upon hmac function. The scapy definition is as follows:

  class SecureArp(Packet):
  name = "SecureARP"
  fields_desc = [IPField("srcip", None),
               MACField("srcmac", None),
               IPField("dstip", None),
               MACField("dstmac", "00:00:00:00:00:00"),
               IntEnumField("opcode", 1, { 1: "request", 2: "response" }),
               StrFixedLenField("challenge", "", length=24),
               StrFixedLenField("signature", "", length=20)]

The problem I encounter is that when receiving such SecureArp message scapy doesn't parse it at all and leaves the data as "Raw". I read the SecDev documentation about extending to a new protocol and its very unclear. What steps should i take so a SecureArp packet received would be automatically parsed? Thanks

Upvotes: 4

Views: 1052

Answers (1)

tintin
tintin

Reputation: 3356

You'll have to bind your layer to another one in order for scapy to auto dissect it.

Also see scapys ARP implementation.

bind_layers( Ether,         ARP,           type=2054)

Upvotes: 4

Related Questions