vito
Reputation: 323
Adding a new protocol to scapy (Similiar to ARP)
I would like to implement a new secure ARP protocol that is immune to ARP poisoning. The new "SecureArp" will hold a signature field that can be checked against an agreed upon hmac function. The scapy definition is as follows:
class SecureArp(Packet):
name = "SecureARP"
fields_desc = [IPField("srcip", None),
MACField("srcmac", None),
IPField("dstip", None),
MACField("dstmac", "00:00:00:00:00:00"),
IntEnumField("opcode", 1, { 1: "request", 2: "response" }),
StrFixedLenField("challenge", "", length=24),
StrFixedLenField("signature", "", length=20)]
The problem I encounter is that when receiving such SecureArp message scapy doesn't parse it at all and leaves the data as "Raw". I read the SecDev documentation about extending to a new protocol and its very unclear. What steps should i take so a SecureArp packet received would be automatically parsed? Thanks
Upvotes: 4
Views: 1053
Answers (1)
tintin
Reputation: 3356
You'll have to bind your layer to another one in order for scapy to auto dissect it.
Also see scapys ARP implementation.
bind_layers( Ether, ARP, type=2054)
Upvotes: 4
Related Questions
- How to add a new column to an existing DataFrame
- How can I add new keys to a dictionary?
- Adding a method to an existing object instance in Python
- Python Scapy --arp request and response
- Scapy library giving error ARP who has ?? says?
- What is the difference between old style and new style classes in Python?
- Detect ARP poisoning using scapy
- Scapy ARP Poisoning
- Python 2.7 -scapy and ARP