Jake
Reputation: 16837
Using square brackets for packet header in scapy
I have a question related to the data we get when use square brackets in scapy.
Reference code:
#!/usr/bin/python3
from scapy.all import *
def spoof_pkt(pkt):
a = pkt[IP]
pkt = sniff(filter='tcp',prn=spoof_pkt)
The above code tries to sniff tcp packet. My question is that when I use a syntax like pkt[IP] in scapy, do I get just the IP header, or do I get the entire packet starting from the IP header ?
Upvotes: 1
Views: 240
Answers (1)
Cukic0d
Reputation: 5411
You will get the entire packet including and following the IP header:
>>> a = Ether()/IP()/ICMP()
>>> a[IP]
<IP frag=0 proto=icmp |<ICMP |>>
If you wanted only the IP layer, you would have to remove its payload:
>>> c = a.copy()[IP]
>>> c.remove_payload()
>>> c
<IP |>
Note that a packet and all its sub fields are mutable
Upvotes: 1
Related Questions
- Scapy: how do I get the full IP packet header?
- Getting JSON content from a packet using Scapy with Python
- scapy sniff with special characters
- Include IP header in payload of ICMP request using scapy
- Using scapy.packet.raw
- Packet sending with scapy
- Converting hex string to packet in Scapy
- Scapy: How to access RAW of a custom packet
- how to add http headers to a packet sniffed using scapy
- Parse packet bytes using Scapy