secdev / scapy Goto Github PK

Most of IPv6 tests fail on OS X due to this test. The address :: ends up being selected as the source address instead of ::1. As a result, tests fail.

Providing a real fix will take more time and tests than patching this line.

It is typically considered bad for users to install python modules on top of their system python modules without proper package management (e.g. without using things like apt, rpm, etc.). It would be better to recommend virtualenv installs and/or the system method for installing. e.g.

http://www.secdev.org/projects/scapy/doc/installation.html says:

$ cd /tmp
$ wget scapy.net
$ unzip scapy-latest.zip
$ cd scapy-2.*
$ sudo python setup.py install

I want to put all the console history files in one place

In mysql you can do
export MSQL_HISTFILE=~/.history/mysql
and the history file is created and stored

I can so this with bash,python,postgres

How can I do it with scapy in linux using the $HOME/.bashrc

I've tried

export PYTHONSCAPY_HISTORY=/.history/scapy
export PYTHONSCAPY_HIST=/.history/scapy
export SCAPY_HIST=/.history/scapy
export SCAPY_HISTORY=/.history/scapy

None of these work Im told by [email protected] its set by

'>>>' conf.histfile =

is there any way to set it as a environment varible or someone make a patch

Hello, I'm using Scapy to test ICMPv6 covert channels and I got an error with the "unused" field of both Destination Unreachable and Time Exceeded messages.
The error is:
struct.error: ubyte format requires 0 <= number <= 255

In fact I'm inserting 4 bytes of data, as from rfc4443, while it seems that X3BytesField is defined for 1 byte. If I test it with 1 byte all is fine.

Any idea?

Commit 9c7077622dd917457ced680a23b7f175769471d9 in the Linux kernel introduces a check to reject too short packets.

Scapy currently hopes that the underlying driver will add a payload if needed, but that is no longer the case, at least under Linux, so we might have to add the payload if needed.

This bug prevents Scapy from working correctly at least under ArchLinux with an Ethernet connexion.

On most Ethernet drivers, the value for net->hard_header_len seem to be 14, which only prevent Scapy from sending frames smaller than the Ethernet header (which is an uncommon use case), so the bug is hard to trigger.

On some drivers however, the value for net->hard_header_len can be (much) higher.

For example, on RNDIS-based links (when sharing a smartphone's Internet connection via USB), this value is set to 58 (14 + 11 * 4) bytes. In such cases, the bug will be triggered when trying to send an ARP request (len(Ether()/ARP()) == 42 < 58) (this prevents Scapy from updating its ARP cache and hence from sending layer 3 packets) or when trying to send a simple ICMP packet (len(Ether()/IP()/ICMP()) == 42 < 58), making Scapy effectively unusable.

Use scapy 2.3.1 & 2.3.2, I can not unpacket from pcap buffer, the test code and error output are below:

#!/usr/bin/env python

import pcap
import time
from scapy import all as scapy

iface = 'eth0'

def make_listener(iface):
    listener = pcap.pcap(iface)
    listener.setfilter('(tcp and port 22)')
    return listener

listener = make_listener(iface)
time.sleep(3)
listener.setnonblock()
for pkt in listener.readpkts():
    print scapy.Ether(pkt[1]).src

Exception Output:

WARNING: No route found for IPv6 destination :: (no default route?)
Traceback (most recent call last):
  File "test19.py", line 18, in <module>
    print scapy.Ether(pkt[1]).src
  File "/usr/lib/python2.7/site-packages/scapy/base_classes.py", line 196, in __call__
    i.__init__(*args, **kargs)
  File "/usr/lib/python2.7/site-packages/scapy/packet.py", line 85, in __init__
    self.dissect(_pkt)
  File "/usr/lib/python2.7/site-packages/scapy/packet.py", line 618, in dissect
    s = self.do_dissect(s)
  File "/usr/lib/python2.7/site-packages/scapy/packet.py", line 589, in do_dissect
    assert(raw.endswith(s))
AttributeError: 'buffer' object has no attribute 'endswith'

But if I install version 2.2.0-dev or master, test code can output correct result:

WARNING: No route found for IPv6 destination :: (no default route?)
fa:16:3e:73:e9:e7
fa:16:3e:6f:1a:9d
fa:16:3e:73:e9:e7
fa:16:3e:73:e9:e7
fa:16:3e:6f:1a:9d
fa:16:3e:73:e9:e7
fa:16:3e:73:e9:e7
fa:16:3e:6f:1a:9d
fa:16:3e:73:e9:e7

For some reason, even basic automaton test fail. At least:

• under Linux, when run as simple user.
• under OpenBSD, even when run as root (reported by @danieljakots, see #29).

OS Ubuntu 14.04.3 LTS
Scapy 2.3.2-dev
python-libpcap 0.6.4-1

I am using pylibpcap for sniffing and I notice, that timeout parameter for sniff function doesnt work if there are no recieved packets.

Example:

In [4]: conf.use_pcap
Out[4]: True

In [5]: conf.L2listen
Out[5]: scapy.arch.pcapdnet.L2pcapListenSocket

In [6]: sniff(iface="eth1", filter="vlan 554", timeout=3)

and in freezes forever if there are no packets with vlan 554.

I checked the code and found, that after this line
https://github.com/secdev/scapy/blob/master/scapy/sendrecv.py#L584
sel = select([s],[],[],remain)
scapy has
sel[0] = [<scapy.arch.pcapdnet.L2pcapListenSocket object at 0x7f228072a310>]
in selected list. So function doesnt finish.

If I use scapy.arch.linux.L2ListenSocket everything is ok, selected list is empty.

The following code does not work:

$ cat test.py
from scapy.all import *

in6_getLocalUniquePrefix()

$ python test.py 
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
WARNING: No route found for IPv6 destination :: (no default route?)
Traceback (most recent call last):
  File "test.py", line 3, in <module>
    in6_getLocalUniquePrefix()
  File "/home/guedou/prog/python/scapy/github/scapy-issues.git/scapy/utils6.py", line 393, in in6_getLocalUniquePrefix
    rawmac = get_if_raw_hwaddr(conf.iface6)[1]
NameError: global name 'get_if_raw_hwaddr' is not defined

On Debian stretch, run_scapy outputs the string Python 2.7.11 (aka Python version). It seems that python --version prints the version on stderr =/

Same behavior on OS X.

Importing from scapy.sendrecv fails in Windows:

PS Microsoft.PowerShell.Core\FileSystem::\\vboxsrv\workspace\pysap> ipython
Python 2.7.11 (v2.7.11:6d1b6a68f775, Dec  5 2015, 20:40:30) [MSC v.1500 64 bit (AMD64)]
Type "copyright", "credits" or "license" for more information.

IPython 4.1.1 -- An enhanced Interactive Python.
?         -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help      -> Python's own help system.
object?   -> Details about 'object', use 'object??' for extra details.

In [1]: from scapy.sendrecv import sniff
---------------------------------------------------------------------------
ImportError                               Traceback (most recent call last)
<ipython-input-1-56f9d4ea2ee6> in <module>()
----> 1 from scapy.sendrecv import sniff

C:\tools\python2\lib\site-packages\scapy\sendrecv.py in <module>()
     11 from select import select
     12 from data import *
---> 13 import arch
     14 from config import conf
     15 from packet import Gen

C:\tools\python2\lib\site-packages\scapy\arch\__init__.pyc in <module>()
     78     from solaris import *
     79 elif WINDOWS:
---> 80     from windows import *
     81
     82 if scapy.config.conf.iface is None:

C:\tools\python2\lib\site-packages\scapy\arch\windows\__init__.py in <module>()
     15 from scapy.base_classes import Gen, Net, SetGen
     16 import scapy.plist as plist
---> 17 from scapy.sendrecv import debug, srp1
     18 from scapy.layers.l2 import Ether, ARP
     19 from scapy.data import MTU, ETHER_BROADCAST, ETH_P_ARP

ImportError: cannot import name debug

I think there's some kind of import cycle, as sendrecv is architecture-dependent but the Windows arch requires to import sendrecv module at the same time. In the past we've fixed a similar issue in supersocket, but I'm not sure what's the best approach to fix this case.

Any idea on this?

The problem is that the code below.

for i in range(200):
    socket.append(TCP_client.tcplink(Raw, "www.example.com", 80))

when range(100) this code well work but over 100, not work
i want to connect my web server over 100 session.
below stack-trace

Unhandled exception in thread started by <bound method TCP_client._do_control of <scapy.layers.inet.TCP_client object at 0xb56bc36c>>Unhandled exception in thread started by <bound method TCP_client._do_control of <scapy.layers.inet.TCP_client object at 0xb564288c>> 
Traceback (most recent call last):     
File "/usr/local/lib/python2.7/dist-packages/scapy/automaton.py", line 525, in _do_control        
    self.listen_sock = conf.L2listen(**self.socket_kargs) 
File "/usr/local/lib/python2.7/dist-packages/scapy/arch/linux.py", line 461, in __init__   
    _flush_fd(self.ins) 
File "/usr/local/lib/python2.7/dist-packages/scapy/arch/linux.py", line 301, in _flush_fd 
    r,w,e = select([fd],[],[],0) ValueError: filedescriptor out of range in select()

system: OSX 10.11.4

When i use StreamSocket.sr1 i got this error.

>>> from scapy.all import *
WARNING: No route found for IPv6 destination :: (no default route?)
>>> s=socket.socket()
>>> s.connect(('127.0.0.1',80))
>>> connection = StreamSocket(s, Raw)
>>> connection.sr1(Raw("Get"))
Begin emission:
Finished to send 1 packets.
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "scapy/supersocket.py", line 52, in sr1
    a,b = sendrecv.sndrcv(self, *args, **kargs)
  File "scapy/sendrecv.py", line 129, in sndrcv
    r = pks.nonblock_recv()
AttributeError: 'StreamSocket' object has no attribute 'nonblock_recv'

When I do some with IGMP, I found that Group Record class give me wrong number of source address.
I readed related code and found a bug. like this:

from scapy.contrib.igmpv3 import *
i = IGMPv3gr()
i.srcaddrs=['1.2.3.4']
hexdump(i)

the oupput:

0000   01 00 00 04 00 00 00 00  01 02 03 04               ............

As you noticed that, 04 was given when I just had only one IP.
In RFC3376 Section 4.2 describled, that field represents Number of Group Records
Now I have fixed #141

Hello!
I try to catch DHCPv6 packet by port. I use this filter:
sn = sniff(filter="port 546 or 547")
But what i see every time:

0000 Ether / IPv6 / TCP src_ipv_6:ssh > dest_ipv_6:49553 PA / Raw
0001 Ether / IPv6 / UDP src_ipv_6:dhcpv6_server > dest_ipv_6:dhcpv6_server / DHCP6_RelayReply / DHCP6OptUnknown
0002 Ether / IPv6 / UDP src_ipv_6:dhcpv6_server > dest_ipv_6:dhcpv6_server / DHCP6_RelayReply / DHCP6OptUnknown

There is one tcp-packet with different port.

>>> sn[0].sport
22
>>> sn[0].dport
49553

and i see only replyes.

>>> sn[2].msgtype
13
>>> sn[1].msgtype
13

But if i run tcpdump with same filter i will see that suppose and without the tcp-packet :)

tcpdump -n -i any -w /tmp/git.pcap port '(546 or 547)'

15:37:59.472643 IP6 src_ipv_6.547 > dest_ipv_6.547: dhcp6 relay-fwd
15:37:59.472897 IP6 src_ipv_6.547 > dest_ipv_6.547: dhcp6 relay-reply
15:37:59.830144 IP6 src_ipv_6.547 > dest_ipv_6.547: dhcp6 relay-fwd
15:37:59.830357 IP6 src_ipv_6.547 > dest_ipv_6.547: dhcp6 relay-reply

dpkg -l python-scapy | grep ii
ii  python-scapy                            2.2.0-1                              all          Packet generator/sniffer and network scanner/discovery

python --version
Python 2.7.6

lsb_release -dc
Description:    Ubuntu 14.04.3 LTS
Codename:       trusty

is it not a bug?

Thank you.

-previously, my english skil is very weak. sorry.

is SAckOK work? (in tcp_options)

i tried that, ("SAckOK", None)
but did not work.
(work means show the options in packet dump)

...

It seems like this issue was already reported on the bitbucket repository and it seems to mainly be affecting OSX users when they are using virtualbox.

The fix proposed inside of the that ticket, though actually doesn't fully address the core of the issue.

Looking into this a bit more it seems like the problem has to do with a bug inside of netstat and the fact that it truncates the netif column in when running netstat -nr.

In theory netstat -nrW is meant to over come this (the docs say "-W In certain displays, avoid truncating addresses even if this causes some fields to overflow."), though this is a lie and still leads to the netif field being truncated.
For reference these are the bugs reporting this issue on FreeBSD:

• https://lists.freebsd.org/pipermail/freebsd-bugs/2014-April/055732.html
• https://www.mail-archive.com/[email protected]/msg07205.html

It looks like a fix for this was submitted to FreeBSD (https://svnweb.freebsd.org/base?view=revision&revision=290367), though probably most platforms don't yet ship an up to date version of netstat.

I did a bit of research into how this can possibly be solved, but from the looks of it there is no way to extract the correct interface name on platforms where netstat doesn't fully respect the -W option.
I am thinking that since this leads to scapy basically being unusable on platforms where this bug occurs it's perhaps better to wrap calls to scapy.arch.get_if_addr() with a try except and when a OSError: Device not configured error is thrown, hence leading to the truncated interfaces from being ignored when reading the routes.

Thoughts?

Original recommendation came from the scapy3k developer in the original BB issue tracker.

If you are interest, as I too have fallen victim to this like other users here and other projects elsewhere, implement a setup.py check that will throw an explicit error when attempting to install scapy in a Python 3 environment.

I know it is made clear in the documentation file, but I like other somtimes install libraries and utilities from the pip utility before consulting documentation, so maybe this will be helpful, albeit in a very minimal way.

Hi,

I'd like to contribute and help in building a new feature. Is there a roadmap or/and any forum where we can discuss about it?

Thanks,
Christophe

I'm trying to modify the time fields in the NTP layer, and not having any luck. I've tried setting packet.recv to an integer value and a string representation of time, but no matter what I try, when I send the packet, this field is always set to the default 0. Is there any example code that I just missed that would show me how to do this? Thank you in advance.

The command() method is cool, yet it does not work as expected with IPv6: the resulting string is not valid.

>>> p = IPv6(dst="www.kame.net")/ICMPv6EchoRequest()
>>> p.command()
'IPv6(dst=<Net6 www.kame.net>)/ICMPv6EchoRequest()'

>>> p = IP(dst="www.kame.net")/ICMP()
>>> p.command()
"IP(dst=Net('www.kame.net'))/ICMP()"

Should tcpdump be installed in travis.yml? Because this line appears quite a lot:
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
https://travis-ci.org/secdev/scapy/jobs/130214186

If tcpdump is unnecessary maybe a more descriptive warning message would be helpful.

This issue is related to PR #52.

>>> load_contrib("ikev2"); p = IP()/UDP()/IKEv2(init_SPI=RandString(8), exch_type=34)/IKEv2_payload_SA(prop=IKEv2_payload_Proposal())
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "scapy/base_classes.py", line 223, in __call__
    i.__init__(*args, **kargs)
  File "scapy/packet.py", line 78, in __init__
    self.overload_fields = self._overload_fields
  File "scapy/packet.py", line 211, in __setattr__
    return object.__setattr__(self, attr, val)
AttributeError: 'IKEv2' object attribute 'overload_fields' is read-only

This should be added to UT.

Hello, I faced "Cannot find libdnet.so" with python3.5 (probably it doesn't matter). My env is: lindnet1.11 (tried also 1.12) scappy3.0.0, mac os x 10.10.3 (yosemite).

Code I tried to execute.

from scapy.all import *
sniff(filter="tcp port 110 or tcp port 25 or tcp port 143", prn=callback_func, store=0)

def callback_func(pkt):
pkt.show()

I found that

if WIN:
SOCKET = c_uint
_lib = CDLL('dnet')
else:
SOCKET = c_int
_lib_name = find_library('dnet') # doesn't find dnet library
if not _lib_name:
raise OSError("Cannot find libdnet.so") # and throws an exception
_lib = CDLL(_lib_name)

I checked libdnet installation log and didn't find dnet artifact. What I found are these files:

mint$ ls /usr/local/lib/ | grep libdnet
libdnet
libdnet.1
libdnet.1.0.1
libdnet.a
libdnet.la

Here is my question. Is the line find_library('dnet') correct? When I changed it to __lib_name = find_library('libdnet') _the error disappeared.

I'm working with scapy and I'm interested in enhancing RadioTap packet parsing. In order to do that I feel it is important and convenient to improve FlagsField in order to provide an efficient way of testing if a particular flag is present. I don't know if this is a wanted feature, and in case it is, I'm not sure what's the most efficient way to do it as I'm not yet as familiar with the structure of the project as I would like to.

Any hints?

Thank you very much.

For the native BPF support, I need to call the function scapy.arch.linux.get_if() in Mac OS X (and other BSD derivatives). This function works fine on OS X, however the test at Line 73 prevents the module from loading.

I can imagine several ways to fix this:

1. suppress this test as well as the one at line 120
2. move this test to the Linux specific part of scapy/arch/init.py at line 80
3. create scapy/arch/common.py and move get_if() into it

What solution should I implement ?

I found in Packet.py fucntion show() only print the result and didn't return anything. I think if we can store Packet.show() result to a variable,it will be very useful in create report or something else because Packet.show() is really cool.

system: OSX 10.11.4

When i try to load scapy from OSX, i got this Error.

Python 2.7.11 (default, Apr 21 2016, 16:15:36)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.29)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "scapy/all.py", line 25, in <module>
    from route import *
  File "scapy/route.py", line 162, in <module>
    conf.route=Route()
  File "scapy/route.py", line 22, in __init__
    self.resync()
  File "scapy/route.py", line 31, in resync
    self.routes = read_routes()
  File "scapy/arch/unix.py", line 81, in read_routes
    ifaddr = scapy.arch.get_if_addr(netif)
  File "scapy/arch/__init__.py", line 44, in get_if_addr
    return socket.inet_ntoa(get_if_raw_addr(iff))
  File "scapy/arch/pcapdnet.py", line 519, in get_if_raw_addr
    return i.get(ifname)["addr"].data
  File "dnet.pyx", line 990, in dnet.intf.get
OSError: Device not configured

This may fix that problem.
scapy/arch/unix.py

def read_routes():
    if scapy.arch.SOLARIS:
        f = os.popen("netstat -rvn")  # -f inet
    elif scapy.arch.FREEBSD:
        f = os.popen("netstat -rnW")  # -W to handle long interface names
    elif scapy.arch.DARWIN:
        f = os.popen("netstat -rn | grep -v 'vboxnet \| bridge'")  # Fix OSX problem
    else:
        f = os.popen("netstat -rn")  # -f inet
    ...

On Debian/Ubuntu, the dnet module was renamed dumbnet. This makes Scapy dnet related code unusable ... Their behavior is also slightly different ...

Is there a way to send MPLS over GRE with Scapy ?
if not - can it be pleased added ?

Could not use "N" (Nonce in whireshark") flag in TCP packet. Bit added to the FlagsField in layers/inet.py.

Before:

class TCP(Packet):
    name = "TCP"
    fields_desc = [ ShortEnumField("sport", 20, TCP_SERVICES),
                    ShortEnumField("dport", 80, TCP_SERVICES),
                    IntField("seq", 0),
                    IntField("ack", 0),
                    BitField("dataofs", None, 4),
                    BitField("reserved", 0, 4),
                    FlagsField("flags", 0x2, 8, "FSRPAUEC"),
                    ShortField("window", 8192),
                    XShortField("chksum", None),
                    ShortField("urgptr", 0),
                    TCPOptionsField("options", {}) ]

After:

class TCP(Packet):
    name = "TCP"
    fields_desc = [ ShortEnumField("sport", 20, TCP_SERVICES),
                    ShortEnumField("dport", 80, TCP_SERVICES),
                    IntField("seq", 0),
                    IntField("ack", 0),
                    BitField("dataofs", None, 4),
                    BitField("reserved", 0, 3),
                    FlagsField("flags", 0x2, 9, "FSRPAUECN"),
                    ShortField("window", 8192),
                    XShortField("chksum", None),
                    ShortField("urgptr", 0),
                    TCPOptionsField("options", {}) ]

I guess that I found a silly bug. When count is an integer, sniff does not stop until CTRL-C.

>>> sniff(count=1)
<Sniffed: TCP:0 UDP:0 ICMP:0 Other:1>
>>> sniff(count="1")
^C<Sniffed: TCP:0 UDP:4 ICMP:0 Other:7>

TracerouteResult.world_trace() is broken since 2008, according to git blame.

>>> tr, _ = traceroute(["github.com"], minttl=4, maxttl=6)
[..] 
>>> tr.world_trace()
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "scapy/layers/inet.py", line 1078, in world_trace
    from modules.geo import locate_ip
ImportError: No module named modules.geo

Fixing the import won't make it work, yet you will open the gate of tricky & historical Scapy internals:

• this code uses specific databases for geographic and IP addresses locations that are either impossible/difficult to build today
• a function is missing in geoip.py. It is likely that it was never imported from Scapy 1
• gnuplot uses a file called world.dat to draw the world map. This file is also hard to retrieve today
• ...

The best solution seems to rewrite it using the geoip module from maxmind, and the matplotlib map extension. However, it introduces two new modules dependencies.

Some time i use scapy to fuzz, but by default RandInt or RandShort didn't have the seed.If i got a crash after fuzz, some time i can't recurrence it again,i think it's not good for fuzz...
so I tried to add random seed support to volatile.py, cause i didn’t know scapy verymach, there might be some better way to do this .
volatile.py.txt

conf.L2socket (at least on Linux) has no option to set the promiscuous

This prevents srp() from getting answers when a sent packet has a source MAC address set to a value different from the device MAC address.

Hello,

I have yet to be able to achieve any results from the p0f functionality of scapy.

For starters, I installed scapy with sudo apt-get install scapy.

Scapy is version 2.2.0, and p0f is version 2.0.8, which to my knowledge should be compatible.

Upon installation, I first attempted to use the functionality in a python script, however now I am using the interactive scapy terminal, just for quicker results testing.

My procedure goes as follows:

sudo scapy

which returns

INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>> 

followed by:
load_module("p0f")

which executes fine, then:

>>> p = sniff(iface="wlan0", count=5, filter="tcp")

functions properly, checked by running "p" which shows :

>>> p
<Sniffed: TCP:5 UDP:0 ICMP:0 Other:0>

so from there, is where i get an error:

>>> p0f(p[1])
WARNING: Can't open base /etc/p0f/p0fo.fp
WARNING: p0f base empty.
[]

Upon inspection of the /etc/p0f/ directory, i have
p0f.fp, p0fa.fp, and p0fr.fp

I have tried reinstalling scapy, to the same results, I have also tried installing scapy and installing p0f independently and still, i lack the p0fo.fp file that it is requesting. Is this an error of mine, or is the file genuinely missing? Possibly, the p0f.fp file is supposed to be the p0f.fp but due to an update or some such reason it wasnt modified properly? Hope to hearing how i can fix the issue.

Thanks for your time!

I ran into two different sniff() related bugs today. I am not confident in my fixes, so I prefer to open this issue to discuss them.

The first one occurs when pressing CTRL+C during sniff():

>>> sniff()
^CTraceback (most recent call last):
  File "<console>", line 1, in <module>
  File "scapy/sendrecv.py", line 621, in sniff
    s.close()
UnboundLocalError: local variable 's' referenced before assignment

The following patch fixes the issue:

--- a/scapy/sendrecv.py
+++ b/scapy/sendrecv.py
@@ -618,7 +618,7 @@ interfaces)
     except KeyboardInterrupt:
         pass
     if opened_socket is None:
-        s.close()
+        [s.close() for s in sniff_sockets]
     return plist.PacketList(lst,"Sniffed")

After applying this patch, the second issue occurs during sniff():

>>> sniff()
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "scapy/sendrecv.py", line 599, in sniff
    p = s.recv()
  File "scapy/arch/linux.py", line 539, in recv
    pkt.direction = sa_ll[2]
  File "scapy/packet.py", line 217, in __setattr__
    return object.__setattr__(self, attr, val)
AttributeError: 'Ether' object has no attribute 'direction'

Adding the direction variable to slots fixes the issue. However, I wonder if this is the best way to fix this second issue.

--- a/scapy/layers/l2.py
+++ b/scapy/layers/l2.py
@@ -141,6 +141,7 @@ class ARPSourceMACField(MACField):

 class Ether(Packet):
     name = "Ethernet"
+    __slots__ = ["direction"]
     fields_desc = [ DestMACField("dst"),
                     SourceMACField("src"),
                     XShortEnumField("type", 0x9000, ETHER_TYPES) ]

The following error occured in OpenSuse 13.2. It seems there are some umlauts in /etc/services that caused the error. Changing line 110 in scapy/data.py in load_services(filename) from

f=open(filename)

into

f=open(filename, encoding='latin1')

solved the problem for me.

Here is the error message:

Traceback (most recent call last):
File "/home/marco/tmp/tmp.py", line 1, in
from scapy.all import sniff
File "/usr/lib/python3.4/site-packages/scapy/all.py", line 10, in
from .config import *
File "/usr/lib/python3.4/site-packages/scapy/config.py", line 11, in
from .data import *
File "/usr/lib/python3.4/site-packages/scapy/data.py", line 185, in
TCP_SERVICES,UDP_SERVICES=load_services("/etc/services")
File "/usr/lib/python3.4/site-packages/scapy/data.py", line 111, in load_services
for l in f:
File "/usr/lib64/python3.4/codecs.py", line 313, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 3269: invalid continuation byte

Hello,
I was trying to use Scapy's sniffing, and it was not functioning.
In pcapnet, there is a variable that is Null that the program assumes is Non-Null.
`>>> sniff(iface="en0")
WARNING: fileno: pcapy API does not permit to get capure file descriptor. Bugs ahead! Press Enter to trigger packet reading
WARNING: fileno: pcapy API does not permit to get capure file descriptor. Bugs ahead! Press Enter to trigger packet reading

WARNING: more fileno: pcapy API does not permit to get capure file descriptor. Bugs ahead! Press Enter to trigger packet reading
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/site-packages/scapy/sendrecv.py", line 586, in sniff
p = s.recv(MTU)
File "/usr/local/lib/python2.7/site-packages/scapy/arch/pcapdnet.py", line 145, in recv
pkt = self.ins.next()
File "/usr/local/lib/python2.7/site-packages/scapy/arch/pcapdnet.py", line 92, in next
s,us = h.getts()
AttributeError: 'NoneType' object has no attribute 'gets'`
Thanks in advance!

I am making good progress to port the BPF mode to Scapy 2

So far, it works fine on OS X 10.9.5 but I need to write better unit tests to ensure that the patch will also work on other *BSD flavors.

Here is the teasing:

>>> sys.platform

'darwin'

>>> conf.L3socket

<L3bpfSocket: read/write packets using BPF>

>>> srp1(Ether()/IP(dst="8.8.8.8")/ICMP(), filter="host 8.8.8.8")

Begin emission:

..Finished to send 1 packets.

.*

Received 4 packets, got 1 answers, remaining 0 packets

<Ether  dst=b8:e8:56:45:8c:e6 src=3a:71:de:90:0b:64 type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=28 id=0 flags= frag=0L ttl=41 proto=icmp chksum=0xcbbb src=8.8.8.8 dst=172.20.10.2 options=[] |<ICMP  type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |>>>

Scapy ver.2.3.2 -command sr1(IP(dst="94.180.250.119")/TCP(dport=80,flags="S")) on Windows XP

Hi,

I have created a tool to generate doc(html format) for layers. For me, i think it is useful when i want to create packets.

here is code:
[layer doc generator

](https://github.com/rainmanwy/robotframework-ScapyLibrary/blob/master/src/ScapyLibrary/layerDoc.py)

I am not sure whether there is such kind of tool of doc for layers already. And also not sure whether my understanding about layers and fields is correct.

Could you help to check this? I have attached the generated doc.

Thank you very much!
scapy_layer.zip

This demonstrates the issue (typed by hand, so sorry if there are typos):

virtualenv ve
source ve/bin/activate
pip install scapy
pip install jupyter # IPython and notebooks
ipython
from scapy.all import *
# error about missing pcapy
# exit ipython
pip install pcapy
ipython
from scapy.all import *
# error about dnet
ipython
In [1]: from scapy.all import *
WARNING: No route found for IPv6 destination :: (no default route?)
In [2]:

scapy needs pcapy and dnet in it's requirements so that pip install scapy makes sure that pcapy and dnet are installed if they are not already there.

I wanted to get involved with various FLOSS projects, and I started to review scapy after being introduced to it in a study group.

You mention in the legacy contribution guidelines there is a lot of legacy code not conforming to preferred PEP8 and other style constraints. Is there any object to me submitting pull requests in this regard?

Scapy does not parse fragmented answers correctly. A minimal working example is attached.
scapy.fragmented.responses.github.txt

hey, I need help !!
everytime I run python script with from scapy.all import *
it crashes!!! Can someone help me fix it ?
I have large work to do with scapy for tommrow and now it's not working!!

Hi,

There is no "user-friendly" function to compute tcp checksums in scapy/utils.py, the only way I could find to do it was with the same method than in scapy/layers/inet.py (i.e. packing the pseudo header and calling checksum(pshdr+p)). I think it would be useful to have one as I seem not to be the only one to want it (several questions have been asked on SO) and TCP checksum computation is not familiar to everyone. Something like tcp_checksum(ip_src, ip_dst, proto, pkt). What do you think?

Python 2.6.9 (unknown, Feb 15 2016, 02:22:40) 
[GCC 4.6.3] on linux3
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
WARNING: No route found for IPv6 destination :: (no default route?)
>>> load_contrib('gtp')
>>> GTPPDUNotificationRequest()
Exception RuntimeError: 'maximum recursion depth exceeded in __subclasscheck__' in <type 'exceptions.RuntimeError'> ignored
Exception RuntimeError: 'maximum recursion depth exceeded in __subclasscheck__' in <type 'exceptions.RuntimeError'> ignored
Exception RuntimeError: 'maximum recursion depth exceeded in __subclasscheck__' in <type 'exceptions.RuntimeError'> ignored
Exception RuntimeError: 'maximum recursion depth exceeded in __subclasscheck__' in <type 'exceptions.RuntimeError'> ignored
Exception RuntimeError: 'maximum recursion depth exceeded in __subclasscheck__' in <type 'exceptions.RuntimeError'> ignored
<GTPPDUNotificationRequest  |>
>>>

class GTPPDUNotificationRequest(Packet):
    # 3GPP TS 29.060 V9.1.0 (2009-12)
    name = "GTP PDU Notification Request"
    fields_desc = [ XBitField("seq", 0, 16),
                    ByteField("npdu", 0),
                    ByteField("next_ex", 0),
                    PacketListField("IE_list", [ IE_IMSI(),
                        IE_TEICP(TEICI=RandInt()),
                        IE_EndUserAddress(PDPTypeNumber=0x21),
                        IE_AccessPointName(),
                        IE_GSNAddress(address="127.0.0.1"),
                        ], IE_Dispatcher) ]

Providing PacketListFields with a non-empty list of packets as default value seems to make Python 2.6 signal that it came upon recursion loops. Some context as to the printed message : [http://bugs.python.org/issue5508]

There are few PacketListFields defined in Scapy with non-trivial default value but GTPPDUNotificationRequest contains one of them, with 5 Packets inside the list (as the number of warnings printed). The issue actually does not come from PacketListField per se, but from defining a list of Packets as default with any type of Field.

I haven't investigated it fully but the warnings seem to be printed by the test hasattr(y, '__setstate__') in _reconstruct function of Lib/copy.py.
_reconstruct is called by deepcopy while initializing defaultfields in Packet.do_init_fields().

Testing with commits old enough does not show the warnings above. I don't know which exact commit brought this, though.

Hi all,

Is Python 3 support at hand?