scapy.layers.l2 module¶

Classes and functions for layer 2 protocols.

class scapy.layers.l2.ARP¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.ARP'>, <class 'scapy.packet.Packet'>]¶

answers(other)¶: DEV: true if self is an answer from other

extract_padding(s)¶

DEV: to be overloaded to extract current layer’s padding.

Parameters:	s (str) – the current layer
Returns:	a couple of strings (actual layer, padding)

fields_desc = [<Field (ARP).hwtype>, <Field (ARP).ptype>, <Field (ARP).hwlen>, <Field (ARP).plen>, <Field (ARP).op>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>]¶

hashret()¶: DEV: returns a string that has the same value for a request and its answer.

mysummary()¶: DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

route()¶

class scapy.layers.l2.ARP_am(**kargs)¶

Bases: scapy.ansmachine.AnsweringMachine

Fake ARP Relay Daemon (farpd)

example: To respond to an ARP request for 192.168.100 replying on the ingress interface:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05')

To respond on a different interface add the interface parameter:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05',iface='eth0')

To respond on ANY arp request on an interface with mac address ARP_addr:

farpd(ARP_addr='00:01:02:03:04:05',iface='eth1')

To respond on ANY arp request with my mac addr on the given interface:

farpd(iface='eth1')

Optional Args:

inter=<n>   Interval in seconds between ARP replies being sent

filter = 'arp'¶

function_name = 'farpd'¶

is_request(req)¶

make_reply(req)¶

parse_options(IP_addr=None, ARP_addr=None)¶

print_reply(req, reply)¶

static send_function(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, verbose=None, realtime=None, return_packets=False, socket=None, *args, **kargs)¶

Send packets at layer 2

Parameters:

x – the packets
inter – time (in s) between two packets (default 0)
loop – send packet indefinetly (default 0)
count – number of packets to send (default None=1)
verbose – verbose mode (default None=conf.verbose)
realtime – check that a packet was sent before sending the next one
return_packets – return the sent packets
socket – the socket to use (default is conf.L3socket(kargs))
iface – the interface to send the packets on
monitor – (not on linux) send in monitor mode

Returns:

None

send_reply(reply)¶

class scapy.layers.l2.ARPingResult(res=None, name='ARPing', stats=None)¶

Bases: scapy.plist.SndRcvList

show()¶: Print the list of discovered MAC addresses.

class scapy.layers.l2.CookedLinux¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.CookedLinux'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (CookedLinux).pkttype>, <Field (CookedLinux).lladdrtype>, <Field (CookedLinux).lladdrlen>, <Field (CookedLinux).src>, <Field (CookedLinux).proto>]¶

payload_guess = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'proto': 1}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 12}, <class 'scapy.layers.can.CAN'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34915}, <class 'scapy.layers.ppp.PPPoED'>), ({'proto': 34916}, <class 'scapy.layers.ppp.PPPoE'>), ({'proto': 23}, <class 'scapy.layers.ir.IrLAPHead'>)]¶

class scapy.layers.l2.DestMACField(name)¶

Bases: scapy.fields.MACField

i2h(pkt, x)¶: Convert internal value to human value

i2m(pkt, x)¶: Convert internal value to machine value

class scapy.layers.l2.Dot1AD¶

Bases: scapy.layers.l2.Dot1Q

aliastypes = [<class 'scapy.layers.l2.Dot1AD'>, <class 'scapy.layers.l2.Dot1Q'>, <class 'scapy.layers.l2.Ether'>]¶

fields_desc = [<Field (Dot1Q,Dot1AD).prio>, <Field (Dot1Q,Dot1AD).id>, <Field (Dot1Q,Dot1AD).vlan>, <Field (Dot1Q,Dot1AD).type>]¶

payload_guess = [({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>), ({'type': 35047}, <class 'scapy.contrib.spbm.SPBM'>)]¶

class scapy.layers.l2.Dot1Q¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.Dot1Q'>, <class 'scapy.layers.l2.Ether'>]¶

answers(other)¶: DEV: true if self is an answer from other

default_payload_class(pay)¶

DEV: Returns the default payload class if nothing has been found by the guess_payload_class() method.

Parameters:	payload (str) – the layer’s payload
Returns:	the default payload class define inside the configuration file

extract_padding(s)¶

DEV: to be overloaded to extract current layer’s padding.

Parameters:	s (str) – the current layer
Returns:	a couple of strings (actual layer, padding)

fields_desc = [<Field (Dot1Q,Dot1AD).prio>, <Field (Dot1Q,Dot1AD).id>, <Field (Dot1Q,Dot1AD).vlan>, <Field (Dot1Q,Dot1AD).type>]¶

mysummary()¶: DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

payload_guess = [({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 34980}, <class 'scapy.contrib.ethercat.EtherCat'>), ({'type': 35020}, <class 'scapy.contrib.lldp.LLDPDU'>), ({'type': 34824}, <class 'scapy.contrib.mac_control.MACControl'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>), ({'type': 35047}, <class 'scapy.contrib.spbm.SPBM'>)]¶

class scapy.layers.l2.Dot3¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.Dot3'>, <class 'scapy.packet.Packet'>]¶

answers(other)¶: DEV: true if self is an answer from other

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

extract_padding(s)¶

DEV: to be overloaded to extract current layer’s padding.

Parameters:	s (str) – the current layer
Returns:	a couple of strings (actual layer, padding)

fields_desc = [<Field (Dot3).dst>, <Field (Dot3).src>, <Field (Dot3).len>]¶

mysummary()¶: DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

payload_guess = [({}, <class 'scapy.layers.l2.LLC'>)]¶

class scapy.layers.l2.ERSPAN¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.ERSPAN'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (ERSPAN).ver>, <Field (ERSPAN).vlan>, <Field (ERSPAN).cos>, <Field (ERSPAN).en>, <Field (ERSPAN).t>, <Field (ERSPAN).session_id>, <Field (ERSPAN).reserved>, <Field (ERSPAN).index>]¶

payload_guess = [({}, <class 'scapy.layers.l2.Ether'>)]¶

class scapy.layers.l2.Ether¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.Ether'>, <class 'scapy.packet.Packet'>]¶

answers(other)¶: DEV: true if self is an answer from other

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

fields_desc = [<Field (Ether).dst>, <Field (Ether).src>, <Field (Ether).type>]¶

hashret()¶: DEV: returns a string that has the same value for a request and its answer.

mysummary()¶: DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 mysummary() must be called if they are present.

payload_guess = [({'type': 122}, <class 'scapy.layers.l2.LLC'>), ({'type': 34928}, <class 'scapy.layers.l2.LLC'>), ({'type': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 1}, <class 'scapy.layers.l2.Ether'>), ({'type': 2054}, <class 'scapy.layers.l2.ARP'>), ({'type': 34978}, <class 'scapy.contrib.aoe.AOE'>), ({'type': 2048}, <class 'scapy.layers.inet.IP'>), ({'type': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'type': 34980}, <class 'scapy.contrib.ethercat.EtherCat'>), ({'type': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'dst': '01:80:c2:00:00:03', 'type': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'type': 34915}, <class 'scapy.layers.ppp.PPPoED'>), ({'type': 34916}, <class 'scapy.layers.ppp.PPPoE'>), ({'type': 32801}, <class 'scapy.layers.ppp.PPP_IPCP'>), ({'type': 32851}, <class 'scapy.layers.ppp.PPP_ECP'>), ({'type': 35041}, <class 'scapy.contrib.homeplugav.HomePlugAV'>), ({'type': 34887}, <class 'scapy.contrib.mpls.MPLS'>), ({'type': 60734}, <class 'scapy.contrib.ife.IFE'>), ({'type': 34825, 'dst': '01:80:c2:00:00:02'}, <class 'scapy.contrib.lacp.SlowProtocol'>), ({'type': 35020}, <class 'scapy.contrib.lldp.LLDPDU'>), ({'type': 34824}, <class 'scapy.contrib.mac_control.MACControl'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>), ({'type': 35033}, <class 'scapy.layers.lltd.LLTD'>), ({'type': 35151}, <class 'scapy.contrib.nsh.NSH'>), ({'type': 34962}, <class 'scapy.contrib.pnio.ProfinetIO'>), ({'type': 35047}, <class 'scapy.contrib.spbm.SPBM'>)]¶

class scapy.layers.l2.GRE¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.GRE'>, <class 'scapy.packet.Packet'>]¶

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

fields_desc = [<Field (GRE).chksum_present>, <Field (GRE).routing_present>, <Field (GRE).key_present>, <Field (GRE).seqnum_present>, <Field (GRE).strict_route_source>, <Field (GRE).recursion_control>, <Field (GRE).flags>, <Field (GRE).version>, <Field (GRE).proto>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]¶

payload_guess = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'proto': 25944}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'proto': 35006, 'seqnum_present': 1}, <class 'scapy.layers.l2.ERSPAN'>), ({'routing_present': 1}, <class 'scapy.layers.l2.GRErouting'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34887}, <class 'scapy.contrib.mpls.MPLS'>), ({'proto': 35151}, <class 'scapy.contrib.nsh.NSH'>)]¶

post_build(p, pay)¶

DEV: called right after the current layer is build.

Parameters:	pkt (str) – the current packet (build by self_buil function) pay (str) – the packet payload (build by do_build_payload function)
Returns:	a string of the packet with the payload

class scapy.layers.l2.GRE_PPTP¶

Bases: scapy.layers.l2.GRE

Enhanced GRE header used with PPTP RFC 2637

aliastypes = [<class 'scapy.layers.l2.GRE_PPTP'>, <class 'scapy.layers.l2.GRE'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (GRE_PPTP).chksum_present>, <Field (GRE_PPTP).routing_present>, <Field (GRE_PPTP).key_present>, <Field (GRE_PPTP).seqnum_present>, <Field (GRE_PPTP).strict_route_source>, <Field (GRE_PPTP).recursion_control>, <Field (GRE_PPTP).acknum_present>, <Field (GRE_PPTP).flags>, <Field (GRE_PPTP).version>, <Field (GRE_PPTP).proto>, <Field (GRE_PPTP).payload_len>, <Field (GRE_PPTP).call_id>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]¶

payload_guess = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'proto': 25944}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'proto': 35006, 'seqnum_present': 1}, <class 'scapy.layers.l2.ERSPAN'>), ({'routing_present': 1}, <class 'scapy.layers.l2.GRErouting'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34827}, <class 'scapy.layers.ppp.PPP'>)]¶

post_build(p, pay)¶

DEV: called right after the current layer is build.

Parameters:	pkt (str) – the current packet (build by self_buil function) pay (str) – the packet payload (build by do_build_payload function)
Returns:	a string of the packet with the payload

class scapy.layers.l2.GRErouting¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.GRErouting'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (GRErouting).address_family>, <Field (GRErouting).SRE_offset>, <Field (GRErouting).SRE_len>, <Field (GRErouting).routing_info>]¶

payload_guess = [({'address_family': 0, 'SRE_len': 0}, <class 'scapy.packet.Raw'>), ({}, <class 'scapy.layers.l2.GRErouting'>)]¶

class scapy.layers.l2.LLC¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.LLC'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (LLC).dsap>, <Field (LLC).ssap>, <Field (LLC).ctrl>]¶

payload_guess = [({'dsap': 66, 'ssap': 66, 'ctrl': 3}, <class 'scapy.layers.l2.STP'>), ({'dsap': 170, 'ssap': 170, 'ctrl': 3}, <class 'scapy.layers.l2.SNAP'>), ({'dsap': 254, 'ssap': 254, 'ctrl': 3}, <function _create_cln_pdu>)]¶

class scapy.layers.l2.LoIntEnumField(name, default, enum)¶

Bases: scapy.fields.IntEnumField

i2m(pkt, x)¶: Convert internal value to machine value

m2i(pkt, x)¶: Convert machine value to internal value

class scapy.layers.l2.Loopback¶

Bases: scapy.packet.Packet

*BSD loopback layer

aliastypes = [<class 'scapy.layers.l2.Loopback'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (Loopback).type>]¶

payload_guess = [({'type': 0}, <class 'scapy.layers.inet.IP'>), ({'type': <AddressFamily.AF_INET: 2>}, <class 'scapy.layers.inet.IP'>), ({'type': <AddressFamily.AF_INET6: 10>}, <class 'scapy.layers.inet6.IPv6'>)]¶

class scapy.layers.l2.Neighbor¶

Bases: object

register_l3(l2, l3, resolve_method)¶

resolve(l2inst, l3inst)¶

class scapy.layers.l2.SNAP¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.SNAP'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (SNAP).OUI>, <Field (SNAP).code>]¶

payload_guess = [({'code': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'code': 1}, <class 'scapy.layers.l2.Ether'>), ({'code': 2054}, <class 'scapy.layers.l2.ARP'>), ({'code': 267}, <class 'scapy.layers.l2.STP'>), ({'code': 2048}, <class 'scapy.layers.inet.IP'>), ({'code': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'code': 8192, 'OUI': 12}, <class 'scapy.contrib.cdp.CDPv2_HDR'>), ({'code': 8196, 'OUI': 12}, <class 'scapy.contrib.dtp.DTP'>), ({'code': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'code': 8195}, <class 'scapy.contrib.vtp.VTP'>)]¶

class scapy.layers.l2.STP¶

Bases: scapy.packet.Packet

aliastypes = [<class 'scapy.layers.l2.STP'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (STP).proto>, <Field (STP).version>, <Field (STP).bpdutype>, <Field (STP).bpduflags>, <Field (STP).rootid>, <Field (STP).rootmac>, <Field (STP).pathcost>, <Field (STP).bridgeid>, <Field (STP).bridgemac>, <Field (STP).portid>, <Field (STP).age>, <Field (STP).maxage>, <Field (STP).hellotime>, <Field (STP).fwddelay>]¶

class scapy.layers.l2.SourceMACField(name, getif=None)¶

Bases: scapy.fields.MACField

getif¶

i2h(pkt, x)¶: Convert internal value to human value

i2m(pkt, x)¶: Convert internal value to machine value

scapy.layers.l2.arpcachepoison(target, victim, interval=60)¶: Poison target’s cache with (your MAC,victim’s IP) couple arpcachepoison(target, victim, [interval=60]) -> None

scapy.layers.l2.arping(net, timeout=2, cache=0, verbose=None, **kargs)¶: Send ARP who-has requests to determine which hosts are up arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None Set cache=True if you want arping to modify internal ARP-Cache

scapy.layers.l2.arpleak(target, plen=255, hwlen=255, **kargs)¶

Exploit ARP leak flaws, like NetBSD-SA2017-002.

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

scapy.layers.l2.etherleak(target, **kargs)¶: Exploit Etherleak flaw

scapy.layers.l2.getmacbyip(ip, chainCC=0)¶: Return MAC address corresponding to a given IP address

scapy.layers.l2.is_promisc(ip, fake_bcast='ff:ff:00:00:00:00', **kargs)¶: Try to guess if target is in Promisc mode. The target is provided by its ip.

scapy.layers.l2.l2_register_l3(l2, l3)¶

scapy.layers.l2.l2_register_l3_arp(l2, l3)¶

scapy.layers.l2.promiscping(net, timeout=2, fake_bcast='ff:ff:ff:ff:ff:fe', **kargs)¶: Send ARP who-has requests to determine which hosts are in promiscuous mode promiscping(net, iface=conf.iface)