Scapy the packet 途中01

SCAPY - 2016.10.09

1

SCAPY

2

SCAPY

SCAPY

▸ Python ⭐

▸ 2011 Release

👉

▸ HP secdev.org

👉Python2

▸ Python3

👉

▸ PhilippeBiondi

👉

3

http://secdev.org

https://github.com/phaethon/scapy

SCAPY

SCAPY

4

▸

▸ Scapy Wireshark/pcap

http://www.wiresharktraining.com/sharkfest2013challenge.html

SCAPY

SCAPY

5

Wireshark

hping3

ASIC

openflow

send socket socket 👉

recv sniff 1pkt dissector dissect 👉

Scapy L5 👉 L7 👉 👉

SCAPY

SCAPY

6

▸ Scapy

1. Scapy Field

2. Scapy Packet

3. Scapy bind

‣ Scapy GPLv2

scapy/modules

load_module("<module name>")

scapy/contrib

load_contrib("<proto name>")

SCAPY & PROTOCOL

7

SCAPY

▸ Packet - scapy.packet.Packet

IP TCP

Field

https://github.com/phaethon/scapy/blob/master/scapy/packet.py ▸ Field - scapy.fields.Field

IP

Field

https://github.com/phaethon/scapy/blob/master/scapy/fields.py

8SCAPY

Packet

Field Field

https://github.com/phaethon/scapy/blob/master/scapy/packet.py

https://github.com/phaethon/scapy/blob/master/scapy/fields.py

▸ Transmission Control Protocol [https://www.ietf.org/rfc/rfc793.txt] Scapy Field

Scapy TCP Padding

Scapy TCP data Payload

9SCAPY

SCAPY TCP / RFC TCP

https://www.ietf.org/rfc/rfc793.txt

▸ Packet

MUST

fields_desc :

list Field

Building :

fields_desc Field

Padding CheckSum Build Payload

Dissecting :

Wireshark (Dissector) Dissection Payload

Binding :

Building Dissecting Payload

MAY

Show/Display :

PACKET CLASS

10

※

SCAPY

FIELD CLASS

11SCAPY

▸ Field i2m h2i

m: ( )

b"¥x00¥x01¥x02...." ※Python2 str Python3 bytes

i: ( ) Python

str,bytes,int,long,

h: ( ) Scapy

named flag, enum,...

repr: ++( )

repr()

‣ Field

Field

▸

▸ bytes(pkt) Packet.build()

▸ Field struct.pack

▸ Padding

▸ Binding Payload Building

BUILDING

12SCAPY

▸

▸ Ether(“xxxxxx”)

(L2 RadioTap)

payload

▸ L2 conf.l2types

▸ Binding Payload Dissecting

DISSECTING

13SCAPY

▸ Building Dissecting

▸ bind_layers()

▸ Scapy

▸ Packet.guess_payload_class()

▸

BINDING

14SCAPY

IP

15

BINDING

16

DISSECTING

BUILDING

SCAPY

OK?

17

CHALLENGE!

18

▸

▸

👉 Chap.6 ADDING NEW PROTOCOLS

▸

CHALLENGE!

19SCAPY

http://www.dirk-loss.de/scapy-doc/Scapy.pdf

20SCAPY

CHAP.6 ADDING NEW PROTOCOLS


21SCAPY



22SCAPY



▸ Packet

▸

▸

▸ 1

23SCAPY

SIMPLE EXAMPLE!?

2

▸

▸

▸ OSI 7

▸

▸ Padding 7

▸ 3

24SCAPY

SIMPLE EXAMPLE

▸ RFC

▸

▸ Scapy

26SCAPY

27SCAPY

HTCPCP

28SCAPY

HTCPCP

HYPER TEXT COFFEE POT CONTROL PROTOCOL

29

SCAPY

HTCPCP

▸ REST

▸ IoT

30

▸ py2K

latest: http://github.com/secdev/scapy ▸ (py3K )

latest: https://github.com/phaethon/scapy ▸

http://www.dirk-loss.de/scapy-doc/Scapy.pdf ▸

http://packetlife.net/media/library/36/scapy.pdf

32SCAPY

http://github.com/secdev/scapy

https://github.com/phaethon/scapy


http://packetlife.net/media/library/36/scapy.pdf

ENJOY

33SCAPY

Scapy the packet 途中01

Engineering

Transcript of Scapy the packet 途中01