scapy.contrib.tzsp module

TZSP - TaZmen Sniffer Protocol

author:

Thomas Tannhaeuser, hecke@naberius.de

license:

GPLv2

This module is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This module is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

description:

This module provides Scapy layers for the TZSP protocol.

references:
NOTES:
  • to allow Scapy to dissect this layer automatically, you need to bind the TZSP layer to UDP using # noqa: E501 the default TZSP port (0x9090), e.g.

    bind_layers(UDP, TZSP, sport=TZSP_PORT_DEFAULT) bind_layers(UDP, TZSP, dport=TZSP_PORT_DEFAULT)

  • packet format definition from www.networkchemistry.com is different from the one given by wikipedia # noqa: E501

  • seems Wireshark implements the wikipedia protocol version (didn’t dive into their code) # noqa: E501

  • observed (miss)behavior of Wireshark (2.2.6) - fails to decode RSSI & SNR using short values - only one byte taken - SNR is labeled as silence - WlanRadioHdrSerial is labeled as Sensor MAC - doesn’t know the packet count tag (40 / 0x28)

class scapy.contrib.tzsp.TZSP

Bases: scapy.packet.Packet

ENCAPSULATED_ETHERNET = 1
ENCAPSULATED_IEEE_802_11 = 18
ENCAPSULATED_PRISM_HEADER = 119
ENCAPSULATED_PROTOCOLS = {1: 'ETHERNET', 18: 'IEEE 802.11', 119: 'PRISM HEADER', 127: 'WLAN AVS'}
ENCAPSULATED_PROTOCOL_CLASSES = {1: <class 'scapy.layers.l2.Ether'>, 18: <class 'scapy.layers.dot11.Dot11'>, 119: <class 'scapy.layers.dot11.PrismHeader'>, 127: <class 'scapy.contrib.avs.AVSWLANHeader'>}
ENCAPSULATED_WLAN_AVS = 127
TYPES = {0: 'RX_PACKET', 1: 'TX_PACKET', 3: 'CONFIG', 4: 'KEEPALIVE/NULL', 5: 'PORT'}
TYPE_CONFIG = 3
TYPE_KEEPALIVE = 4
TYPE_NULL = 4
TYPE_PORT = 5
TYPE_RX_PACKET = 0
TYPE_TX_PACKET = 1
aliastypes = [<class 'scapy.contrib.tzsp.TZSP'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSP).version>, <Field (TZSP).type>, <Field (TZSP).encapsulated_protocol>]
get_encapsulated_payload()
get_encapsulated_payload_class()

get the class that holds the encapsulated payload of the TZSP packet :return: class representing the payload, Raw() on error

guess_payload_class(payload)

DEV: Guesses the next payload class from layer bonds. Can be overloaded to use a different mechanism.

Parameters:payload (str) – the layer’s payload
Returns:the payload class
exception scapy.contrib.tzsp.TZSPStructureException

Bases: scapy.error.Scapy_Exception

class scapy.contrib.tzsp.TZSPTagContentionFree

Bases: scapy.contrib.tzsp._TZSPTag

packet received in contention free period

NO = 0
YES = 1
aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagContentionFree'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagContentionFree).type>, <Field (TZSPTagContentionFree).len>, <Field (TZSPTagContentionFree).contention_free>]
class scapy.contrib.tzsp.TZSPTagDataRate

Bases: scapy.contrib.tzsp._TZSPTag

wireless link data rate

DATA_RATES = {0: 'unknown', 2: '1 MB/s', 4: '2 MB/s', 10: '1 MB/s (legacy)', 11: '5.5 MB/s', 12: '6 MB/s', 18: '9 MB/s', 20: '2 MB/s (legacy)', 22: '11 MB/s', 24: '12 MB/s', 36: '18 MB/s', 44: '22 MB/s', 48: '24 MB/s', 55: '5.5 MB/s (legacy)', 66: '33 MB/s', 72: '36 MB/s', 96: '48 MB/s', 108: '54 MB/s', 110: '11 MB/s (legacy)'}
DATA_RATE_1 = 2
DATA_RATE_11 = 22
DATA_RATE_12 = 24
DATA_RATE_18 = 36
DATA_RATE_2 = 4
DATA_RATE_22 = 44
DATA_RATE_24 = 48
DATA_RATE_33 = 66
DATA_RATE_36 = 72
DATA_RATE_48 = 96
DATA_RATE_54 = 108
DATA_RATE_5_5 = 11
DATA_RATE_6 = 12
DATA_RATE_9 = 18
DATA_RATE_LEGACY_1 = 10
DATA_RATE_LEGACY_11 = 110
DATA_RATE_LEGACY_2 = 20
DATA_RATE_LEGACY_5_5 = 55
DATA_RATE_UNKNOWN = 0
aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagDataRate'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagDataRate).type>, <Field (TZSPTagDataRate).len>, <Field (TZSPTagDataRate).data_rate>]
class scapy.contrib.tzsp.TZSPTagDecrypted

Bases: scapy.contrib.tzsp._TZSPTag

packet was decrypted

NO = 1
YES = 0
aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagDecrypted'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagDecrypted).type>, <Field (TZSPTagDecrypted).len>, <Field (TZSPTagDecrypted).decrypted>]
class scapy.contrib.tzsp.TZSPTagEnd

Bases: scapy.packet.Packet

last tag

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagEnd'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagEnd).type>]
guess_payload_class(payload)

the type of the payload encapsulation is given be the outer TZSP layers attribute encapsulation_protocol # noqa: E501

class scapy.contrib.tzsp.TZSPTagError

Bases: scapy.contrib.tzsp._TZSPTag

frame checksum error

NO = 0
YES = 1
aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagError'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagError).type>, <Field (TZSPTagError).len>, <Field (TZSPTagError).fcs_error>]
class scapy.contrib.tzsp.TZSPTagPacketCount

Bases: scapy.contrib.tzsp._TZSPTag

packet counter

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagPacketCount'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagPacketCount).type>, <Field (TZSPTagPacketCount).len>, <Field (TZSPTagPacketCount).packet_count>]
class scapy.contrib.tzsp.TZSPTagPadding

Bases: scapy.contrib.tzsp._TZSPTag

padding tag (should be ignored)

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagPadding'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagPadding).type>]
class scapy.contrib.tzsp.TZSPTagRXChannel

Bases: scapy.contrib.tzsp._TZSPTag

channel the sensor was on while receiving the frame

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagRXChannel'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagRXChannel).type>, <Field (TZSPTagRXChannel).len>, <Field (TZSPTagRXChannel).rx_channel>]
class scapy.contrib.tzsp.TZSPTagRXFrameLength

Bases: scapy.contrib.tzsp._TZSPTag

received packet length

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagRXFrameLength'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagRXFrameLength).type>, <Field (TZSPTagRXFrameLength).len>, <Field (TZSPTagRXFrameLength).rx_frame_length>]
class scapy.contrib.tzsp.TZSPTagRawRSSIByte

Bases: scapy.contrib.tzsp._TZSPTag

relative received signal strength - signed byte value

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagRawRSSIByte'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagRawRSSIByte).type>, <Field (TZSPTagRawRSSIByte).len>, <Field (TZSPTagRawRSSIByte).raw_rssi>]
class scapy.contrib.tzsp.TZSPTagRawRSSIShort

Bases: scapy.contrib.tzsp._TZSPTag

relative received signal strength - signed short value

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagRawRSSIShort'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagRawRSSIShort).type>, <Field (TZSPTagRawRSSIShort).len>, <Field (TZSPTagRawRSSIShort).raw_rssi>]
class scapy.contrib.tzsp.TZSPTagSNRByte

Bases: scapy.contrib.tzsp._TZSPTag

signal noise ratio - signed byte value

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagSNRByte'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagSNRByte).type>, <Field (TZSPTagSNRByte).len>, <Field (TZSPTagSNRByte).snr>]
class scapy.contrib.tzsp.TZSPTagSNRShort

Bases: scapy.contrib.tzsp._TZSPTag

signal noise ratio - signed short value

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagSNRShort'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagSNRShort).type>, <Field (TZSPTagSNRShort).len>, <Field (TZSPTagSNRShort).snr>]
class scapy.contrib.tzsp.TZSPTagTimestamp

Bases: scapy.contrib.tzsp._TZSPTag

MAC receive timestamp

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagTimestamp'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagTimestamp).type>, <Field (TZSPTagTimestamp).len>, <Field (TZSPTagTimestamp).timestamp>]
class scapy.contrib.tzsp.TZSPTagUnknown

Bases: scapy.contrib.tzsp._TZSPTag

unknown tag type dummy

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagUnknown'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagUnknown).type>, <Field (TZSPTagUnknown).len>, <Field (TZSPTagUnknown).data>]
class scapy.contrib.tzsp.TZSPTagWlanRadioHdrSerial

Bases: scapy.contrib.tzsp._TZSPTag

(vendor specific) unique capture device (sensor/AP) identifier

aliastypes = [<class 'scapy.contrib.tzsp.TZSPTagWlanRadioHdrSerial'>, <class 'scapy.contrib.tzsp._TZSPTag'>, <class 'scapy.packet.Packet'>]
fields_desc = [<Field (TZSPTagWlanRadioHdrSerial).type>, <Field (TZSPTagWlanRadioHdrSerial).len>, <Field (TZSPTagWlanRadioHdrSerial).sensor_id>]