0
# Protocol Layers
1
2
Comprehensive implementation of network protocols from Layer 2 to Layer 7, enabling packet crafting and analysis for over 100 different network protocols and their variants.
3
4
## Capabilities
5
6
### Layer 2 Protocols
7
8
Data link layer protocols for local network communication and frame handling.
9
10
```python { .api }
11
class Ether(Packet):
12
"""
13
Ethernet frame for Layer 2 communication.
14
"""
15
def __init__(self, dst: str = "ff:ff:ff:ff:ff:ff", src: str = None, type: int = None):
16
"""
17
Parameters:
18
- dst: Destination MAC address
19
- src: Source MAC address (auto-detected if None)
20
- type: EtherType field value
21
"""
22
23
class Dot1Q(Packet):
24
"""
25
802.1Q VLAN tagging.
26
"""
27
def __init__(self, vlan: int = 1, prio: int = 0, type: int = None):
28
"""
29
Parameters:
30
- vlan: VLAN ID
31
- prio: Priority field
32
- type: EtherType field
33
"""
34
35
class ARP(Packet):
36
"""
37
Address Resolution Protocol.
38
"""
39
def __init__(self, op: int = 1, hwsrc: str = None, psrc: str = None,
40
hwdst: str = "00:00:00:00:00:00", pdst: str = "0.0.0.0"):
41
"""
42
Parameters:
43
- op: Operation (1=request, 2=reply)
44
- hwsrc: Source hardware address
45
- psrc: Source protocol address
46
- hwdst: Destination hardware address
47
- pdst: Destination protocol address
48
"""
49
50
class LLC(Packet):
51
"""
52
Logical Link Control.
53
"""
54
55
class SNAP(Packet):
56
"""
57
SubNetwork Access Protocol.
58
"""
59
60
class STP(Packet):
61
"""
62
Spanning Tree Protocol.
63
"""
64
65
class CookedLinux(Packet):
66
"""
67
Linux cooked capture format.
68
"""
69
```
70
71
### Internet Protocol (IPv4)
72
73
Core IPv4 implementation with options support and utility methods.
74
75
```python { .api }
76
class IP(Packet):
77
"""
78
IPv4 packet with utility methods.
79
"""
80
def __init__(self, dst: str = "127.0.0.1", src: str = None, ttl: int = 64,
81
proto: int = None, **kwargs):
82
"""
83
Parameters:
84
- dst: Destination IP address
85
- src: Source IP address (auto-detected if None)
86
- ttl: Time to live
87
- proto: Protocol number (auto-detected from upper layer)
88
- **kwargs: Other IP header fields
89
"""
90
91
def route(self):
92
"""Get routing information for this packet."""
93
94
def whois(self) -> str:
95
"""Get whois information for destination IP."""
96
97
def hops(self) -> int:
98
"""Calculate number of hops to destination."""
99
100
class IPOption(Packet):
101
"""Base class for IP options."""
102
103
class IPOption_RR(IPOption):
104
"""Record Route option."""
105
106
class IPOption_LSRR(IPOption):
107
"""Loose Source Record Route option."""
108
109
class IPOption_SSRR(IPOption):
110
"""Strict Source Record Route option."""
111
112
class IPOption_Timestamp(IPOption):
113
"""Timestamp option."""
114
```
115
116
### IPv6 Protocol
117
118
IPv6 implementation with extension headers support.
119
120
```python { .api }
121
class IPv6(Packet):
122
"""
123
IPv6 packet.
124
"""
125
def __init__(self, dst: str = "::1", src: str = None, hlim: int = 64, **kwargs):
126
"""
127
Parameters:
128
- dst: Destination IPv6 address
129
- src: Source IPv6 address
130
- hlim: Hop limit
131
- **kwargs: Other IPv6 header fields
132
"""
133
134
class IPv6ExtHdrHopByHop(Packet):
135
"""IPv6 Hop-by-Hop Options Header."""
136
137
class IPv6ExtHdrDestOpt(Packet):
138
"""IPv6 Destination Options Header."""
139
140
class IPv6ExtHdrRouting(Packet):
141
"""IPv6 Routing Header."""
142
143
class IPv6ExtHdrFragment(Packet):
144
"""IPv6 Fragment Header."""
145
```
146
147
### Transport Layer Protocols
148
149
Layer 4 protocols for end-to-end communication.
150
151
```python { .api }
152
class TCP(Packet):
153
"""
154
Transmission Control Protocol.
155
"""
156
def __init__(self, sport: int = 20, dport: int = 80, seq: int = 0,
157
ack: int = 0, flags: int = 2, **kwargs):
158
"""
159
Parameters:
160
- sport: Source port (default 20)
161
- dport: Destination port
162
- seq: Sequence number
163
- ack: Acknowledgment number
164
- flags: TCP flags (SYN=2, ACK=16, FIN=1, RST=4, PSH=8, URG=32)
165
- **kwargs: Other TCP header fields
166
"""
167
168
class UDP(Packet):
169
"""
170
User Datagram Protocol.
171
"""
172
def __init__(self, sport: int = 53, dport: int = 53, **kwargs):
173
"""
174
Parameters:
175
- sport: Source port (default 53)
176
- dport: Destination port (default 53)
177
- **kwargs: Other UDP header fields
178
"""
179
180
class SCTP(Packet):
181
"""
182
Stream Control Transmission Protocol.
183
"""
184
```
185
186
### ICMP Protocols
187
188
Internet Control Message Protocol for IPv4 and IPv6.
189
190
```python { .api }
191
class ICMP(Packet):
192
"""
193
Internet Control Message Protocol.
194
"""
195
def __init__(self, type: int = 8, code: int = 0, **kwargs):
196
"""
197
Parameters:
198
- type: ICMP message type (8=echo request, 0=echo reply)
199
- code: ICMP code
200
- **kwargs: Other ICMP fields
201
"""
202
203
class ICMPv6Unknown(Packet):
204
"""Unknown ICMPv6 message type."""
205
206
class ICMPv6EchoRequest(Packet):
207
"""ICMPv6 Echo Request."""
208
209
class ICMPv6EchoReply(Packet):
210
"""ICMPv6 Echo Reply."""
211
212
class ICMPv6ND_NS(Packet):
213
"""ICMPv6 Neighbor Solicitation."""
214
215
class ICMPv6ND_NA(Packet):
216
"""ICMPv6 Neighbor Advertisement."""
217
```
218
219
### Application Layer Protocols
220
221
Higher-level protocols for specific applications and services.
222
223
```python { .api }
224
class DNS(Packet):
225
"""
226
Domain Name System.
227
"""
228
def __init__(self, id: int = None, qr: int = 0, rd: int = 1,
229
qd: 'DNSQR' = None, **kwargs):
230
"""
231
Parameters:
232
- id: Transaction ID (random if None)
233
- qr: Query/Response flag (0=query, 1=response)
234
- rd: Recursion Desired
235
- qd: Question section
236
- **kwargs: Other DNS header fields
237
"""
238
239
class DNSQR(Packet):
240
"""
241
DNS Question Record.
242
"""
243
def __init__(self, qname: str = ".", qtype: int = 1, qclass: int = 1):
244
"""
245
Parameters:
246
- qname: Query name
247
- qtype: Query type (1=A, 28=AAAA, 15=MX, etc.)
248
- qclass: Query class (1=IN)
249
"""
250
251
class DNSRR(Packet):
252
"""
253
DNS Resource Record.
254
"""
255
256
class DHCP(Packet):
257
"""
258
Dynamic Host Configuration Protocol.
259
"""
260
def __init__(self, op: int = 1, **kwargs):
261
"""
262
Parameters:
263
- op: Operation (1=request, 2=reply)
264
- **kwargs: Other DHCP fields
265
"""
266
267
class HTTP(Packet):
268
"""
269
Hypertext Transfer Protocol.
270
"""
271
272
class HTTPRequest(HTTP):
273
"""HTTP Request."""
274
275
class HTTPResponse(HTTP):
276
"""HTTP Response."""
277
```
278
279
### Wireless Protocols
280
281
Wireless networking protocols including 802.11, Bluetooth, and Zigbee.
282
283
```python { .api }
284
class Dot11(Packet):
285
"""
286
802.11 wireless frame.
287
"""
288
def __init__(self, type: int = 0, subtype: int = 0, **kwargs):
289
"""
290
Parameters:
291
- type: Frame type
292
- subtype: Frame subtype
293
- **kwargs: Other 802.11 fields
294
"""
295
296
class Dot11Beacon(Packet):
297
"""802.11 Beacon frame."""
298
299
class Dot11ProbeReq(Packet):
300
"""802.11 Probe Request."""
301
302
class Dot11ProbeResp(Packet):
303
"""802.11 Probe Response."""
304
305
class Dot11Auth(Packet):
306
"""802.11 Authentication."""
307
308
class Dot11AssoReq(Packet):
309
"""802.11 Association Request."""
310
311
class BTLE(Packet):
312
"""
313
Bluetooth Low Energy.
314
"""
315
316
class BTLE_ADV(Packet):
317
"""BLE Advertisement."""
318
319
class ZigbeeNWK(Packet):
320
"""
321
Zigbee Network Layer.
322
"""
323
```
324
325
### Security Protocols
326
327
Security and encryption protocols.
328
329
```python { .api }
330
class IPSec(Packet):
331
"""IP Security protocol base."""
332
333
class AH(Packet):
334
"""Authentication Header."""
335
336
class ESP(Packet):
337
"""Encapsulating Security Payload."""
338
339
class TLS(Packet):
340
"""Transport Layer Security base."""
341
342
class TLSHandshake(Packet):
343
"""TLS Handshake."""
344
345
class TLSApplicationData(Packet):
346
"""TLS Application Data."""
347
348
class EAP(Packet):
349
"""
350
Extensible Authentication Protocol.
351
"""
352
```
353
354
### Network Management
355
356
Network management and monitoring protocols.
357
358
```python { .api }
359
class SNMP(Packet):
360
"""
361
Simple Network Management Protocol.
362
"""
363
364
class NTP(Packet):
365
"""
366
Network Time Protocol.
367
"""
368
def __init__(self, version: int = 4, mode: int = 3, **kwargs):
369
"""
370
Parameters:
371
- version: NTP version
372
- mode: NTP mode
373
- **kwargs: Other NTP fields
374
"""
375
376
class NetflowHeader(Packet):
377
"""NetFlow header."""
378
379
class NetflowHeaderV9(Packet):
380
"""NetFlow v9 header."""
381
```
382
383
## Protocol Constants
384
385
### Ethernet Types
386
387
```python { .api }
388
# Ethernet protocol types
389
ETH_P_IP: int = 0x0800 # IPv4
390
ETH_P_IPV6: int = 0x86DD # IPv6
391
ETH_P_ARP: int = 0x0806 # ARP
392
ETH_P_8021Q: int = 0x8100 # 802.1Q VLAN
393
```
394
395
### IP Protocol Numbers
396
397
```python { .api }
398
# IP protocol numbers
399
IP_PROTOS: dict = {
400
1: "icmp",
401
6: "tcp",
402
17: "udp",
403
47: "gre",
404
50: "esp",
405
51: "ah",
406
# ... additional protocols
407
}
408
```
409
410
### TCP/UDP Port Numbers
411
412
```python { .api }
413
# Common TCP service ports
414
TCP_SERVICES: dict = {
415
20: "ftp-data",
416
21: "ftp",
417
22: "ssh",
418
23: "telnet",
419
25: "smtp",
420
53: "domain",
421
80: "http",
422
110: "pop3",
423
143: "imap",
424
443: "https",
425
# ... additional services
426
}
427
428
# Common UDP service ports
429
UDP_SERVICES: dict = {
430
53: "domain",
431
67: "bootps",
432
68: "bootpc",
433
69: "tftp",
434
123: "ntp",
435
161: "snmp",
436
# ... additional services
437
}
438
```
439
440
## Usage Examples
441
442
### Basic Protocol Usage
443
444
```python
445
from scapy.all import *
446
447
# Layer 2: Ethernet + ARP
448
arp_request = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst="192.168.1.1")
449
450
# Layer 3: IP + ICMP
451
ping = IP(dst="8.8.8.8") / ICMP()
452
453
# Layer 4: TCP SYN packet
454
syn = IP(dst="example.com") / TCP(dport=80, flags="S")
455
456
# Application layer: DNS query
457
dns_query = IP(dst="8.8.8.8") / UDP(dport=53) / DNS(rd=1, qd=DNSQR(qname="example.com"))
458
```
459
460
### Protocol Stacking
461
462
```python
463
# Complex multi-layer packet
464
packet = (Ether(dst="aa:bb:cc:dd:ee:ff") /
465
Dot1Q(vlan=100) /
466
IP(dst="192.168.1.1") /
467
TCP(dport=443, flags="PA") /
468
Raw(b"GET / HTTP/1.1\\r\\nHost: example.com\\r\\n\\r\\n"))
469
470
# Show the complete protocol stack
471
packet.show()
472
```
473
474
### Wireless Packet Creation
475
476
```python
477
# 802.11 beacon frame
478
beacon = (RadioTap() /
479
Dot11(type=0, subtype=8) /
480
Dot11Beacon(timestamp=0x123456789abcdef0) /
481
Dot11Elt(ID=0, info="TestNetwork")) # SSID
482
483
# Bluetooth LE advertisement
484
ble_adv = BTLE() / BTLE_ADV() / BTLE_ADV_IND(RxAdd=0, TxAdd=0)
485
```
486
487
### Protocol-Specific Operations
488
489
```python
490
# TCP with specific flags
491
rst_packet = IP(dst="target.com") / TCP(dport=80, flags="R") # RST
492
fin_packet = IP(dst="target.com") / TCP(dport=80, flags="F") # FIN
493
psh_ack = IP(dst="target.com") / TCP(dport=80, flags="PA") # PSH+ACK
494
495
# DNS with multiple question records
496
multi_dns = (IP(dst="8.8.8.8") / UDP(dport=53) /
497
DNS(rd=1, qd=[DNSQR(qname="example.com"),
498
DNSQR(qname="google.com", qtype=28)])) # AAAA record
499
500
# ICMP with specific types
501
ping_reply = IP(dst="source.ip") / ICMP(type=0, code=0) # Echo Reply
502
dest_unreach = IP(dst="source.ip") / ICMP(type=3, code=1) # Host Unreachable
503
```