How extract out the raw load in Scapy?

Question

Is there any way to extract the raw load of Scapy that is being parsed through raw socket? I am able to extract out the TCP and IP header by specifying ip[scapy.IP] and ip[scapy.TCP] but not the raw load.

When I tried to extract the raw load by specifying ip[raw.load], it gives me an error saying layer raw not found.

This is an image of the raw load that I want to extract out

import sys
import socket
from scapy.all import *
#from scapy import all as scapy



s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

while 1:
    packet = s.recvfrom(2000);
    packet = packet[0]
    ip = IP(packet)
    print(ip.show())
    #print(str(ip[IP]))
    #print(ip[scapy.IP].src)
    #print(ip[scapy.Raw].load)

I am able to extract out the source port number in Scapy TCP header with this code.

import sys
import socket
from scapy.all import *
#from scapy import all as scapy



s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

while 1:
    packet = s.recvfrom(2000);
    packet = packet[0]
    ip = IP(packet)
    print(ip[TCP].sport)

Answer 1

Here’s how I do it. The comments represent your code. I’ve also written how it could be done using scapy’s sockets (cross-plateform, as SOCK_RAW doesn’t work on Windows for instance)

from scapy.all import *
# import socket

#s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s = conf.L3Socket(filter=“tcp”)

# The use of `filter=“tcp”` requires libpcap.
# If you want to do it without it, you can also not set it and use `if TCP in packet:`


while True:
    #packet = s.recvfrom(2000);
    #packet = packet[0]
    #packet = IP(packet)
    packet = s.recv()

    # You don’t have a Raw in every received packet !
    if Raw in packet:
        load = packet[Raw].load