scapy.layers.l2¶

Classes and functions for layer 2 protocols.

class scapy.layers.l2.ARP¶

Bases: scapy.packet.Packet

aliastypes¶

answers(other)¶

extract_padding(s)¶

fields_desc¶

ARP fields¶
hwtype	`XShortField`	`1`
ptype	`XShortEnumField`	`2048`
hwlen	`FieldLenField`	`None`
plen	`FieldLenField`	`None`
op	`ShortEnumField`	`1`
hwsrc	`MultipleTypeField`	`None`
psrc	`MultipleTypeField`	`None`
hwdst	`MultipleTypeField`	`None`
pdst	`MultipleTypeField`	`None`

hashret()¶

mysummary()¶

route()¶

class scapy.layers.l2.ARP_am(**kargs)¶

Bases: scapy.ansmachine.AnsweringMachine

Fake ARP Relay Daemon (farpd)

example: To respond to an ARP request for 192.168.100 replying on the ingress interface:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05')

To respond on a different interface add the interface parameter:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05',iface='eth0')

To respond on ANY arp request on an interface with mac address ARP_addr:

farpd(ARP_addr='00:01:02:03:04:05',iface='eth1')

To respond on ANY arp request with my mac addr on the given interface:

farpd(iface='eth1')

Optional Args:

inter=<n>   Interval in seconds between ARP replies being sent

filter = 'arp'¶

function_name = 'farpd'¶

is_request(req)¶

make_reply(req)¶

parse_options(IP_addr=None, ARP_addr=None)¶

print_reply(req, reply)¶

static send_function(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, verbose=None, realtime=None, return_packets=False, socket=None, *args, **kargs)¶

Send packets at layer 2

Parameters

x – the packets
inter – time (in s) between two packets (default 0)
loop – send packet indefinetly (default 0)
count – number of packets to send (default None=1)
verbose – verbose mode (default None=conf.verbose)
realtime – check that a packet was sent before sending the next one
return_packets – return the sent packets
socket – the socket to use (default is conf.L3socket(kargs))
iface – the interface to send the packets on
monitor – (not on linux) send in monitor mode

Returns

None

send_reply(reply)¶

class scapy.layers.l2.ARPingResult(res=None, name='ARPing', stats=None)¶

Bases: scapy.plist.SndRcvList

show()¶: Print the list of discovered MAC addresses.

class scapy.layers.l2.CookedLinux¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

CookedLinux fields¶
pkttype	`ShortEnumField`	`0`
lladdrtype	`XShortField`	`512`
lladdrlen	`ShortField`	`0`
src	`StrFixedLenField`	`b''`
proto	`XShortEnumField`	`2048`

payload_guess¶: Possible sublayers: CAN, EAPOL, IP, IPv6, IrLAPHead, ARP, Dot1AD, Dot1Q, Ether, LLC, PPPoED, PPPoE

class scapy.layers.l2.DestMACField(name)¶

Bases: scapy.fields.MACField

i2h(pkt, x)¶

i2m(pkt, x)¶

class scapy.layers.l2.Dot1AD¶

Bases: scapy.layers.l2.Dot1Q

aliastypes¶

fields_desc¶

Dot1AD fields¶
prio	`BitField` (3 bits)	`0`
id	`BitField` (1 bit)	`0`
vlan	`BitField` (12 bits)	`1`
type	`XShortEnumField`	`0`

payload_guess¶: Possible sublayers: MACsec, SPBM, Dot1AD, Dot1Q

class scapy.layers.l2.Dot1Q¶

Bases: scapy.packet.Packet

aliastypes¶

answers(other)¶

default_payload_class(pay)¶

extract_padding(s)¶

fields_desc¶

Dot1Q fields¶
prio	`BitField` (3 bits)	`0`
id	`BitField` (1 bit)	`0`
vlan	`BitField` (12 bits)	`1`
type	`XShortEnumField`	`0`

mysummary()¶

payload_guess¶: Possible sublayers: EtherCat, LLDPDU, MACControl, MACsec, SPBM, Dot1AD

class scapy.layers.l2.Dot3¶

Bases: scapy.packet.Packet

aliastypes¶

answers(other)¶

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

extract_padding(s)¶

fields_desc¶

Dot3 fields¶
dst	`DestMACField`	`None`
src	`SourceMACField`	`None`
len	`LenField`	`None`

mysummary()¶

payload_guess¶: Possible sublayers: LLC

class scapy.layers.l2.ERSPAN¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

ERSPAN fields¶
ver	`BitField` (4 bits)	`0`
vlan	`BitField` (12 bits)	`0`
cos	`BitField` (3 bits)	`0`
en	`BitField` (2 bits)	`0`
t	`BitField` (1 bit)	`0`
session_id	`BitField` (10 bits)	`0`
reserved	`BitField` (12 bits)	`0`
index	`BitField` (20 bits)	`0`

payload_guess¶: Possible sublayers: Ether

class scapy.layers.l2.Ether¶

Bases: scapy.packet.Packet

aliastypes¶

answers(other)¶

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

fields_desc¶

Ether fields¶
dst	`DestMACField`	`None`
src	`SourceMACField`	`None`
type	`XShortEnumField`	`36864`

hashret()¶

mysummary()¶

payload_guess¶: Possible sublayers: AOE, EtherCat, HomePlugAV, IFE, SlowProtocol, LLDPDU, MACControl, MACsec, MPLS, NSH, ProfinetIO, SPBM, EAPOL, IP, IPv6, ARP, Dot1AD, Dot1Q, Ether, LLC, LLTD, PPP_ECP, PPP_IPCP, PPPoED, PPPoE

class scapy.layers.l2.GRE¶

Bases: scapy.packet.Packet

aliastypes¶

classmethod dispatch_hook(_pkt=None, *args, **kargs)¶

fields_desc¶

GRE fields¶
chksum_present	`BitField` (1 bit)	`0`
routing_present	`BitField` (1 bit)	`0`
key_present	`BitField` (1 bit)	`0`
seqnum_present	`BitField` (1 bit)	`0`
strict_route_source	`BitField` (1 bit)	`0`
recursion_control	`BitField` (3 bits)	`0`
flags	`BitField` (5 bits)	`0`
version	`BitField` (3 bits)	`0`
proto	`XShortEnumField`	`0`
chksum	`XShortField` (Cond)	`None`
offset	`XShortField` (Cond)	`None`
key	`XIntField` (Cond)	`None`
seqence_number	`XIntField` (Cond)	`None`

payload_guess¶: Possible sublayers: MPLS, NSH, EAPOL, IP, IPv6, ARP, Dot1AD, Dot1Q, ERSPAN, Ether, GRErouting, LLC

post_build(p, pay)¶

class scapy.layers.l2.GRE_PPTP¶

Bases: scapy.layers.l2.GRE

Enhanced GRE header used with PPTP RFC 2637

aliastypes¶

fields_desc¶

GRE_PPTP fields¶
chksum_present	`BitField` (1 bit)	`0`
routing_present	`BitField` (1 bit)	`0`
key_present	`BitField` (1 bit)	`1`
seqnum_present	`BitField` (1 bit)	`0`
strict_route_source	`BitField` (1 bit)	`0`
recursion_control	`BitField` (3 bits)	`0`
acknum_present	`BitField` (1 bit)	`0`
flags	`BitField` (4 bits)	`0`
version	`BitField` (3 bits)	`1`
proto	`XShortEnumField`	`34827`
payload_len	`ShortField`	`None`
call_id	`ShortField`	`None`
seqence_number	`XIntField` (Cond)	`None`
ack_number	`XIntField` (Cond)	`None`

payload_guess¶: Possible sublayers: EAPOL, IP, IPv6, ARP, Dot1AD, Dot1Q, ERSPAN, Ether, GRErouting, LLC, PPP

post_build(p, pay)¶

class scapy.layers.l2.GRErouting¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

GRErouting fields¶
address_family	`ShortField`	`0`
SRE_offset	`ByteField`	`0`
SRE_len	`FieldLenField`	`None`
routing_info	`StrLenField`	`b''`

payload_guess¶: Possible sublayers: GRErouting, Raw

class scapy.layers.l2.LLC¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

LLC fields¶
dsap	`XByteField`	`0`
ssap	`XByteField`	`0`
ctrl	`ByteField`	`0`

payload_guess¶: Possible sublayers: _create_cln_pdu, SNAP, STP

class scapy.layers.l2.LoIntEnumField(name, default, enum)¶

Bases: scapy.fields.IntEnumField

i2m(pkt, x)¶

m2i(pkt, x)¶

class scapy.layers.l2.Loopback¶

Bases: scapy.packet.Packet

*BSD loopback layer

aliastypes¶

fields_desc¶

Loopback fields¶
type	`LoIntEnumField`	`2`

payload_guess¶: Possible sublayers: IP, IPv6

class scapy.layers.l2.Neighbor¶

Bases: object

register_l3(l2, l3, resolve_method)¶

resolve(l2inst, l3inst)¶

class scapy.layers.l2.SNAP¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

SNAP fields¶
OUI	`X3BytesField`	`0`
code	`XShortEnumField`	`0`

payload_guess¶: Possible sublayers: CDPv2_HDR, DTP, VTP, EAPOL, IP, IPv6, ARP, Dot1AD, Dot1Q, Ether, STP

class scapy.layers.l2.STP¶

Bases: scapy.packet.Packet

aliastypes¶

fields_desc¶

STP fields¶
proto	`ShortField`	`0`
version	`ByteField`	`0`
bpdutype	`ByteField`	`0`
bpduflags	`ByteField`	`0`
rootid	`ShortField`	`0`
rootmac	`MACField`	`'00:00:00:00:00:00'`
pathcost	`IntField`	`0`
bridgeid	`ShortField`	`0`
bridgemac	`MACField`	`'00:00:00:00:00:00'`
portid	`ShortField`	`0`
age	`BCDFloatField`	`1`
maxage	`BCDFloatField`	`20`
hellotime	`BCDFloatField`	`2`
fwddelay	`BCDFloatField`	`15`

class scapy.layers.l2.SourceMACField(name, getif=None)¶

Bases: scapy.fields.MACField

getif¶

i2h(pkt, x)¶

i2m(pkt, x)¶

scapy.layers.l2.arpcachepoison(target, victim, interval=60)¶: Poison target’s cache with (your MAC,victim’s IP) couple arpcachepoison(target, victim, [interval=60]) -> None

scapy.layers.l2.arping(net, timeout=2, cache=0, verbose=None, **kargs)¶: Send ARP who-has requests to determine which hosts are up arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None Set cache=True if you want arping to modify internal ARP-Cache

scapy.layers.l2.arpleak(target, plen=255, hwlen=255, **kargs)¶

Exploit ARP leak flaws, like NetBSD-SA2017-002.

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

scapy.layers.l2.etherleak(target, **kargs)¶: Exploit Etherleak flaw

scapy.layers.l2.getmacbyip(ip, chainCC=0)¶: Return MAC address corresponding to a given IP address

scapy.layers.l2.is_promisc(ip, fake_bcast='ff:ff:00:00:00:00', **kargs)¶: Try to guess if target is in Promisc mode. The target is provided by its ip.

scapy.layers.l2.l2_register_l3(l2, l3)¶

scapy.layers.l2.l2_register_l3_arp(l2, l3)¶

scapy.layers.l2.promiscping(net, timeout=2, fake_bcast='ff:ff:ff:ff:ff:fe', **kargs)¶: Send ARP who-has requests to determine which hosts are in promiscuous mode promiscping(net, iface=conf.iface)