scapy.layers.inet

IPv4 (Internet Protocol v4).

class scapy.layers.inet.DestIPField(name, default)

Bases: scapy.fields.IPField, scapy.fields.DestField

bindings = {<class 'scapy.layers.inet.UDP'>: [('224.0.0.251', {'dport': 5353}), ('224.0.0.2', {'dport': 1985})], <class 'scapy.contrib.ospf.OSPF_Hdr'>: [('224.0.0.5', {})]}
i2h(pkt, x)
i2m(pkt, x)
class scapy.layers.inet.ICMP

Bases: scapy.packet.Packet

aliastypes
answers(other)
fields_desc
ICMP fields

type

ByteEnumField

8

code

MultiEnumField (Depends on type)

0

chksum

XShortField

None

id

XShortField (Cond)

0

seq

XShortField (Cond)

0

ts_ori

ICMPTimeStampField (Cond)

67921308

ts_rx

ICMPTimeStampField (Cond)

67921308

ts_tx

ICMPTimeStampField (Cond)

67921308

gw

IPField (Cond)

'0.0.0.0'

ptr

ByteField (Cond)

0

reserved

ByteField (Cond)

0

length

ByteField (Cond)

0

addr_mask

IPField (Cond)

'0.0.0.0'

nexthopmtu

ShortField (Cond)

0

unused

ShortField (Cond)

0

unused

IntField (Cond)

0
guess_payload_class(payload)
hashret()
mysummary()
post_build(p, pay)
class scapy.layers.inet.ICMPTimeStampField(name, default)

Bases: scapy.fields.IntField

any2i(pkt, val)
i2repr(pkt, val)
re_hmsm = re.compile('([0-2]?[0-9])[Hh:](([0-5]?[0-9])([Mm:]([0-5]?[0-9])([sS:.]([0-9]{0,3}))?)?)?$')
class scapy.layers.inet.ICMPerror

Bases: scapy.layers.inet.ICMP

aliastypes
answers(other)
fields_desc
ICMPerror fields

type

ByteEnumField

8

code

MultiEnumField (Depends on type)

0

chksum

XShortField

None

id

XShortField (Cond)

0

seq

XShortField (Cond)

0

ts_ori

ICMPTimeStampField (Cond)

67921308

ts_rx

ICMPTimeStampField (Cond)

67921308

ts_tx

ICMPTimeStampField (Cond)

67921308

gw

IPField (Cond)

'0.0.0.0'

ptr

ByteField (Cond)

0

reserved

ByteField (Cond)

0

length

ByteField (Cond)

0

addr_mask

IPField (Cond)

'0.0.0.0'

nexthopmtu

ShortField (Cond)

0

unused

ShortField (Cond)

0

unused

IntField (Cond)

0
mysummary()
post_dissection(pkt)
class scapy.layers.inet.IP

Bases: scapy.packet.Packet, scapy.layers.inet.IPTools

aliastypes
answers(other)
extract_padding(s)
fields_desc
IP fields

version

BitField (4 bits)

4

ihl

BitField (4 bits)

None

tos

XByteField

0

len

ShortField

None

id

ShortField

1

flags

FlagsField (3 bits)

<Flag 0 ()>

frag

BitField (13 bits)

0

ttl

ByteField

64

proto

ByteEnumField

0

chksum

XShortField

None

src

SourceIPField

None

dst

DestIPField

None

options

PacketListField

[]
fragment(fragsize=1480)

Fragment IP datagrams

hashret()
mysummary()
payload_guess

Possible sublayers: CARP, EIGRP, EtherIP, IGMP, IGMPv3, MPLS, OSPF_Hdr, RSVP, ICMP, IP, TCP, UDP, IPv6, AH, ESP, GRE, SCTP

post_build(p, pay)
route()
scapy.layers.inet.IPID_count(lst, funcID=<function <lambda>>, funcpres=<function <lambda>>)

Identify IP id values classes in a list of packets

lst: a list of packets funcID: a function that returns IP id values funcpres: a function used to summarize packets

class scapy.layers.inet.IPOption

Bases: scapy.packet.Packet

aliastypes
classmethod dispatch_hook(pkt=None, *args, **kargs)
extract_padding(p)
fields_desc
IPOption fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

0

length

FieldLenField

None

value

StrLenField

b''
classmethod register_variant()
registered_ip_options = {0: <class 'scapy.layers.inet.IPOption_EOL'>, 1: <class 'scapy.layers.inet.IPOption_NOP'>, 2: <class 'scapy.layers.inet.IPOption_Security'>, 3: <class 'scapy.layers.inet.IPOption_LSRR'>, 7: <class 'scapy.layers.inet.IPOption_RR'>, 8: <class 'scapy.layers.inet.IPOption_Stream_Id'>, 9: <class 'scapy.layers.inet.IPOption_SSRR'>, 11: <class 'scapy.layers.inet.IPOption_MTU_Probe'>, 12: <class 'scapy.layers.inet.IPOption_MTU_Reply'>, 18: <class 'scapy.layers.inet.IPOption_Traceroute'>, 19: <class 'scapy.layers.inet.IPOption_Address_Extension'>, 20: <class 'scapy.layers.inet.IPOption_Router_Alert'>, 21: <class 'scapy.layers.inet.IPOption_SDBM'>}
class scapy.layers.inet.IPOption_Address_Extension

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_Address_Extension fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

19

length

ByteField

10

src_ext

IPField

'0.0.0.0'

dst_ext

IPField

'0.0.0.0'
class scapy.layers.inet.IPOption_EOL

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_EOL fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

0
class scapy.layers.inet.IPOption_LSRR

Bases: scapy.layers.inet.IPOption_RR

aliastypes
fields_desc
IPOption_LSRR fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

3

length

FieldLenField

None

pointer

ByteField

4

routers

FieldListField

[]
class scapy.layers.inet.IPOption_MTU_Probe

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_MTU_Probe fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

11

length

ByteField

4

mtu

ShortField

0
class scapy.layers.inet.IPOption_MTU_Reply

Bases: scapy.layers.inet.IPOption_MTU_Probe

aliastypes
fields_desc
IPOption_MTU_Reply fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

12

length

ByteField

4

mtu

ShortField

0
class scapy.layers.inet.IPOption_NOP

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_NOP fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

1
class scapy.layers.inet.IPOption_RR

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_RR fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

7

length

FieldLenField

None

pointer

ByteField

4

routers

FieldListField

[]
get_current_router()
class scapy.layers.inet.IPOption_Router_Alert

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_Router_Alert fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

20

length

ByteField

4

alert

ShortEnumField

0
class scapy.layers.inet.IPOption_SDBM

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_SDBM fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

21

length

FieldLenField

None

addresses

FieldListField

[]
class scapy.layers.inet.IPOption_SSRR

Bases: scapy.layers.inet.IPOption_RR

aliastypes
fields_desc
IPOption_SSRR fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

9

length

FieldLenField

None

pointer

ByteField

4

routers

FieldListField

[]
class scapy.layers.inet.IPOption_Security

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_Security fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

2

length

ByteField

11

security

ShortField

0

compartment

ShortField

0

handling_restrictions

ShortField

0

transmission_control_code

StrFixedLenField

b'xxx'
class scapy.layers.inet.IPOption_Stream_Id

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_Stream_Id fields

copy_flag

BitField (1 bit)

1

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

8

length

ByteField

4

security

ShortField

0
class scapy.layers.inet.IPOption_Traceroute

Bases: scapy.layers.inet.IPOption

aliastypes
fields_desc
IPOption_Traceroute fields

copy_flag

BitField (1 bit)

0

optclass

BitEnumField (2 bits)

0

option

BitEnumField (5 bits)

18

length

ByteField

12

id

ShortField

0

outbound_hops

ShortField

0

return_hops

ShortField

0

originator_ip

IPField

'0.0.0.0'
class scapy.layers.inet.IPTools

Bases: object

Add more powers to a class with an “src” attribute.

hops()
ottl()
whois()

whois the source and print the output

class scapy.layers.inet.IPerror

Bases: scapy.layers.inet.IP

aliastypes
answers(other)
fields_desc
IPerror fields

version

BitField (4 bits)

4

ihl

BitField (4 bits)

None

tos

XByteField

0

len

ShortField

None

id

ShortField

1

flags

FlagsField (3 bits)

<Flag 0 ()>

frag

BitField (13 bits)

0

ttl

ByteField

64

proto

ByteEnumField

0

chksum

XShortField

None

src

SourceIPField

None

dst

DestIPField

None

options

PacketListField

[]
mysummary()
payload_guess

Possible sublayers: ICMPerror, IPerror, TCPerror, UDPerror

class scapy.layers.inet.RandTCPOptions(size=None)

Bases: scapy.volatile.VolatileValue

class scapy.layers.inet.TCP

Bases: scapy.packet.Packet

aliastypes
answers(other)
fields_desc
TCP fields

sport

ShortEnumField

20

dport

ShortEnumField

80

seq

IntField

0

ack

IntField

0

dataofs

BitField (4 bits)

None

reserved

BitField (3 bits)

0

flags

FlagsField (9 bits)

<Flag 2 (S)>

window

ShortField

8192

chksum

XShortField

None

urgptr

ShortField

0

options

TCPOptionsField

b''
hashret()
mysummary()
payload_guess

Possible sublayers: ENET, SOMEIP, BGP, DiamG, ENIPTCP, LDP, ModbusADURequest, ModbusADUResponse, MQTT, OpenFlow, RTR, Skinny, SOCKS, TacacsHeader, DNS, HTTP, UDP, NBTSession, PPTP, Skinny

post_build(p, pay)
class scapy.layers.inet.TCPOptionsField(name, default, fmt='H', remain=0)

Bases: scapy.fields.StrField

getfield(pkt, s)
i2h(pkt, x)
i2m(pkt, x)
islist = 1
m2i(pkt, x)
randval()
class scapy.layers.inet.TCP_client(*args, **kargs)

Bases: scapy.automaton.Automaton

Creates a TCP Client Automaton. This automaton will handle TCP 3-way handshake.

Usage: the easiest usage is to use it as a SuperSocket.
>>> a = TCP_client.tcplink(HTTP, "www.google.com", 80)
>>> a.send(HTTPRequest())
>>> a.recv()
CLOSED(*args, **kargs)
ESTABLISHED(*args, **kargs)
LAST_ACK(*args, **kargs)
START(*args, **kargs)
SYN_SENT(*args, **kargs)
ack_of_fin_received(pkt)
actions = {'ack_of_fin_received': [], 'connect': [<function TCP_client.send_syn>], 'fin_received': [<function TCP_client.send_finack>], 'incoming_data_received': [<function TCP_client.receive_data>], 'outgoing_data_received': [<function TCP_client.send_data>], 'reset_received': [], 'synack_received': [<function TCP_client.send_ack_of_synack>]}
conditions = {'CLOSED': [], 'ESTABLISHED': [], 'LAST_ACK': [], 'START': [<function TCP_client.connect>], 'SYN_SENT': []}
connect()
fin_received(pkt)
incoming_data_received(pkt)
initial_states = [<function ATMT.state.<locals>.deco.<locals>.state_wrapper>]
ioevents = {'CLOSED': [], 'ESTABLISHED': [<function TCP_client.outgoing_data_received>], 'LAST_ACK': [], 'START': [], 'SYN_SENT': []}
ionames = ['tcp']
iosupersockets = [<function TCP_client.outgoing_data_received>]
master_filter(pkt)
outgoing_data_received(fd)
parse_args(ip, port, *args, **kargs)
receive_data(pkt)
recv_conditions = {'CLOSED': [], 'ESTABLISHED': [<function TCP_client.incoming_data_received>, <function TCP_client.reset_received>, <function TCP_client.fin_received>], 'LAST_ACK': [<function TCP_client.ack_of_fin_received>], 'START': [], 'SYN_SENT': [<function TCP_client.synack_received>]}
reset_received(pkt)
send_ack_of_synack(pkt)
send_data(d)
send_finack(pkt)
send_syn()
state = None
states = {'CLOSED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'ESTABLISHED': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'LAST_ACK': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'START': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>, 'SYN_SENT': <function ATMT.state.<locals>.deco.<locals>.state_wrapper>}
synack_received(pkt)
timeout = {'CLOSED': [(None, None)], 'ESTABLISHED': [(None, None)], 'LAST_ACK': [(None, None)], 'START': [(None, None)], 'SYN_SENT': [(None, None)]}
class scapy.layers.inet.TCPerror

Bases: scapy.layers.inet.TCP

aliastypes
answers(other)
fields_desc
TCPerror fields

sport

ShortEnumField

20

dport

ShortEnumField

80

seq

IntField

0

ack

IntField

0

dataofs

BitField (4 bits)

None

reserved

BitField (3 bits)

0

flags

FlagsField (9 bits)

<Flag 2 (S)>

window

ShortField

8192

chksum

XShortField

None

urgptr

ShortField

0

options

TCPOptionsField

b''
mysummary()
post_dissection(pkt)
class scapy.layers.inet.TracerouteResult(res=None, name='Traceroute', stats=None)

Bases: scapy.plist.SndRcvList

get_trace()
graph(ASres=<scapy.as_resolvers.AS_resolver_multi object>, padding=0, **kargs)

x.graph(ASres=conf.AS_resolver, other args): ASres=None : no AS resolver => no clustering ASres=AS_resolver() : default whois AS resolver (riswhois.ripe.net) ASres=AS_resolver_cymru(): use whois.cymru.com whois database ASres=AS_resolver(server=”whois.ra.net”) type: output type (svg, ps, gif, jpg, etc.), passed to dot’s “-T” option # noqa: E501 target: filename or redirect. Defaults pipe to Imagemagick’s display program # noqa: E501 prog: which graphviz program to use

graphASres
graphdef
graphpadding
hloc
make_graph(ASres=None, padding=0)
nloc
padding
show()
trace3D(join=True)

Give a 3D representation of the traceroute. right button: rotate the scene middle button: zoom shift-left button: move the scene left button on a ball: toggle IP displaying double-click button on a ball: scan ports 21,22,23,25,80 and 443 and display the result

trace3D_notebook()

Same than trace3D, used when ran from Jupyther notebooks

world_trace()

Display traceroute results on a world map.

class scapy.layers.inet.UDP

Bases: scapy.packet.Packet

aliastypes
answers(other)
extract_padding(s)
fields_desc
UDP fields

sport

ShortEnumField

53

dport

ShortEnumField

53

len

ShortField

None

chksum

XShortField

None
hashret()
mysummary()
payload_guess

Possible sublayers: SOMEIP, BIFT, CoAP, GENEVE, GTPHeader, GTP_U_Header, IKEv2, LDP, LTP, MPLS, MQTTSN, ProfinetIO, RIPng, SebekHead, SOCKS5UDP, VQP, Wireguard, BOOTP, _dhcp6_dispatcher, DNS, HSRP, ESP, L2TP, _LLMNR, MGCP, MobileIP, NBNSNodeStatusResponse, NBNSQueryRequest, NBNSQueryResponseNegative, NBNSQueryResponse, NBNSRequest, NBNSWackResponse, NBTDatagram, NetflowHeader, NTP, Radius, RIP, SNMP, TFTP, VXLAN, ZEP2

post_build(p, pay)
class scapy.layers.inet.UDPerror

Bases: scapy.layers.inet.UDP

aliastypes
answers(other)
fields_desc
UDPerror fields

sport

ShortEnumField

53

dport

ShortEnumField

53

len

ShortField

None

chksum

XShortField

None
mysummary()
post_dissection(pkt)
scapy.layers.inet.defrag(plist) → ([not fragmented], [defragmented],

[ [bad fragments], [bad fragments], … ])

scapy.layers.inet.defragment(plist) → plist defragmented as much as possible
scapy.layers.inet.fragleak(target, sport=123, dport=123, timeout=0.2, onlyasc=0, count=None)
scapy.layers.inet.fragleak2(target, timeout=0.4, onlyasc=0, count=None)
scapy.layers.inet.fragment(pkt, fragsize=1480)

Fragment a big IP datagram

scapy.layers.inet.in4_chksum(proto, u, p)

As Specified in RFC 2460 - 8.1 Upper-Layer Checksums

Performs IPv4 Upper Layer checksum computation. Provided parameters are: - ‘proto’ : value of upper layer protocol - ‘u’ : IP upper layer instance - ‘p’ : the payload of the upper layer provided as a string

scapy.layers.inet.inet_register_l3(l2, l3)
scapy.layers.inet.overlap_frag(p, overlap, fragsize=8, overlap_fragsize=None)

Build overlapping fragments to bypass NIPS

p: the original packet overlap: the overlapping data fragsize: the fragment size of the packet overlap_fragsize: the fragment size of the overlapping packet

scapy.layers.inet.report_ports(target, ports)

portscan a target and output a LaTeX table report_ports(target, ports) -> string

scapy.layers.inet.traceroute(target, dport=80, minttl=1, maxttl=30, sport=<RandShort>, l4=None, filter=None, timeout=2, verbose=None, **kargs)

Instant TCP traceroute

Parameters

  • target – hostnames or IP addresses

  • dport – TCP destination port (default is 80)

  • minttl – minimum TTL (default is 1)

  • maxttl – maximum TTL (default is 30)

  • sport – TCP source port (default is random)

  • l4 – use a Scapy packet instead of TCP

  • filter – BPF filter applied to received packets

  • timeout – time to wait for answers (default is 2s)

  • verbose – detailed output

Returns

an TracerouteResult, and a list of unanswered packets

scapy.layers.inet.traceroute_map(ips, **kargs)

Util function to call traceroute on multiple targets, then show the different paths on a map.

Parameters

  • ips – a list of IPs on which traceroute will be called

  • kargs – (optional) kwargs, passed to traceroute