tessl/pypi-scapy
Interactive packet manipulation program and library for network security research and testing
—
Pending
core-packet-system.mddocs/
Core Packet System
The foundation of Scapy's packet manipulation capabilities, providing the Packet base class, field system, and core operations for building, parsing, and manipulating network packets.
Capabilities
Packet Base Class
The core Packet class that represents all network packets in Scapy, providing methods for display, manipulation, serialization, and layer access.
class Packet:
"""
Base class for all network packets in Scapy.
"""
def __init__(self, *args, **kwargs):
"""
Initialize a packet with optional field values.
Parameters:
- *args: Positional arguments for packet construction
- **kwargs: Field values as keyword arguments
"""
def show(self, dump: bool = False, indent: int = 3, lvl: str = "", label_lvl: str = "") -> None:
"""
Display packet contents in a readable format.
Parameters:
- dump: Return string instead of printing (default False)
- indent: Indentation level for nested display
- lvl: Current level string for formatting
- label_lvl: Label level for formatting
"""
def summary(self) -> str:
"""
Return a one-line summary of the packet.
Returns:
str: Packet summary string
"""
def build(self) -> bytes:
"""
Build the binary representation of the packet.
Returns:
bytes: Binary packet data
"""
def dissect(self, s: bytes) -> None:
"""
Parse binary data into packet fields.
Parameters:
- s: Binary data to parse
"""
def copy(self):
"""
Create a deep copy of the packet.
Returns:
Packet: Copy of the packet
"""
def getlayer(self, cls, nb: int = 1):
"""
Get a specific layer from the packet.
Parameters:
- cls: Layer class or index to retrieve
- nb: Layer number (for multiple layers of same type)
Returns:
Packet or None: The requested layer
"""
def haslayer(self, cls) -> bool:
"""
Check if packet contains a specific layer.
Parameters:
- cls: Layer class to check for
Returns:
bool: True if layer is present
"""
def sprintf(self, fmt: str) -> str:
"""
Format packet contents using a format string.
Parameters:
- fmt: Format string with field references
Returns:
str: Formatted string
"""
def __div__(self, other):
"""Stack packets using the / operator."""
def __truediv__(self, other):
"""Stack packets using the / operator (Python 3)."""Raw Data Packet
Represents raw binary data that doesn't correspond to any specific protocol.
class Raw(Packet):
"""
Packet containing raw binary data.
"""
def __init__(self, load: bytes = b""):
"""
Initialize with raw binary data.
Parameters:
- load: Binary data payload
"""Padding Packet
Represents padding data, typically used to fill packets to minimum size requirements.
class Padding(Raw):
"""
Padding packet for filling space in network frames.
"""NoPayload Class
Represents the absence of a payload in a packet.
class NoPayload:
"""
Represents no payload/end of packet layers.
"""Layer Binding
Functions for managing how protocol layers are automatically recognized and bound together.
def bind_layers(lower, upper, **kwargs) -> None:
"""
Bind two protocol layers together.
Parameters:
- lower: Lower layer class
- upper: Upper layer class
- **kwargs: Binding conditions (field values)
"""
def split_layers(lower, upper, **kwargs) -> None:
"""
Remove binding between two protocol layers.
Parameters:
- lower: Lower layer class
- upper: Upper layer class
- **kwargs: Binding conditions to remove
"""Packet Exploration
Interactive packet exploration and analysis functions.
def explore(p: Packet) -> None:
"""
Start interactive exploration of a packet.
Parameters:
- p: Packet to explore
"""Field System
Core Field Classes
Base field types for defining packet structure and data types.
class Field:
"""
Base class for packet fields.
"""
def __init__(self, name: str, default, fmt: str = "H"):
"""
Initialize a field.
Parameters:
- name: Field name
- default: Default value
- fmt: Struct format string
"""
class RawVal:
"""
Wrapper for raw values in fields.
"""Network Address Fields
Fields for handling network addresses like IP addresses and MAC addresses.
class IPField(Field):
"""IPv4 address field."""
def __init__(self, name: str, default: str):
"""
Parameters:
- name: Field name
- default: Default IP address
"""
class IP6Field(Field):
"""IPv6 address field."""
class MACField(Field):
"""MAC address field."""
def __init__(self, name: str, default: str):
"""
Parameters:
- name: Field name
- default: Default MAC address
"""Numeric Fields
Fields for various integer sizes and formats.
class ByteField(Field):
"""8-bit unsigned integer field."""
class ShortField(Field):
"""16-bit unsigned integer field."""
class IntField(Field):
"""32-bit unsigned integer field."""
class LongField(Field):
"""64-bit unsigned integer field."""
class XByteField(Field):
"""8-bit integer displayed in hexadecimal."""
class XShortField(Field):
"""16-bit integer displayed in hexadecimal."""
class XIntField(Field):
"""32-bit integer displayed in hexadecimal."""String Fields
Fields for handling string and binary data.
class StrField(Field):
"""Variable-length string field."""
def __init__(self, name: str, default: str, fmt: str = "H"):
"""
Parameters:
- name: Field name
- default: Default string value
- fmt: Length format
"""
class StrFixedLenField(Field):
"""Fixed-length string field."""
def __init__(self, name: str, default: str, length: int):
"""
Parameters:
- name: Field name
- default: Default string value
- length: Fixed string length
"""
class StrLenField(Field):
"""Length-prefixed string field."""
class StrNullField(Field):
"""Null-terminated string field."""Enumeration Fields
Fields that map numeric values to symbolic names.
class EnumField(Field):
"""Enumeration field mapping numbers to names."""
def __init__(self, name: str, default, enum: dict, fmt: str = "H"):
"""
Parameters:
- name: Field name
- default: Default value
- enum: Dictionary mapping values to names
- fmt: Struct format
"""
class ByteEnumField(EnumField):
"""8-bit enumeration field."""
class ShortEnumField(EnumField):
"""16-bit enumeration field."""
class IntEnumField(EnumField):
"""32-bit enumeration field."""Bit Fields
Fields for handling individual bits and bit flags.
class BitField(Field):
"""Individual bit field."""
def __init__(self, name: str, default: int, size: int):
"""
Parameters:
- name: Field name
- default: Default value
- size: Number of bits
"""
class FlagsField(BitField):
"""Bit flags field with named flags."""
def __init__(self, name: str, default: int, size: int, names: list):
"""
Parameters:
- name: Field name
- default: Default value
- size: Number of bits
- names: List of flag names
"""Conditional Fields
Fields that are conditionally present based on other field values.
class ConditionalField(Field):
"""Field that is conditionally present."""
def __init__(self, fld: Field, cond):
"""
Parameters:
- fld: The actual field
- cond: Condition function
"""
class PadField(Field):
"""Padding field."""
class ActionField(Field):
"""Field that performs actions during packet processing."""Usage Examples
Basic Packet Creation
from scapy.all import *
# Create a simple packet
pkt = IP(dst="192.168.1.1") / TCP(dport=80)
# Show packet structure
pkt.show()
# Get packet summary
print(pkt.summary())
# Build binary representation
binary = pkt.build()
print(f"Packet size: {len(binary)} bytes")Layer Manipulation
# Create layered packet
pkt = Ether() / IP(dst="8.8.8.8") / UDP(dport=53) / DNS(qd=DNSQR(qname="example.com"))
# Access specific layers
ip_layer = pkt.getlayer(IP)
dns_layer = pkt[DNS]
# Check for layer presence
if pkt.haslayer(TCP):
print("Has TCP layer")
# Modify layer fields
pkt[IP].ttl = 64
pkt[UDP].dport = 5353Custom Field Usage
# Working with raw data
raw_pkt = Raw(b"\\x48\\x65\\x6c\\x6c\\x6f") # "Hello"
raw_pkt.show()
# Layer binding example
bind_layers(TCP, HTTP, dport=80)
bind_layers(TCP, HTTP, sport=80)
# Now TCP packets to/from port 80 will auto-decode as HTTPInstall with Tessl CLI
npx tessl i tessl/pypi-scapy