scapy.layers.l2

Classes and functions for layer 2 protocols.

class scapy.layers.l2.ARP(_pkt, /, *, hwtype=1, ptype=2048, hwlen=None, plen=None, op=1, hwsrc=None, psrc=None, hwdst=None, pdst=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.ARP'>, <class 'scapy.packet.Packet'>]
answers(other: Packet) int[source]
extract_padding(s: bytes) Tuple[bytes, bytes][source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<XShortEnumField (ARP).hwtype>, <XShortEnumField (ARP).ptype>, <FieldLenField (ARP).hwlen>, <FieldLenField (ARP).plen>, <ShortEnumField (ARP).op>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>]
hashret() bytes[source]
mysummary() str[source]
route() Tuple[str | None, str | None, str | None][source]
class scapy.layers.l2.ARP_am(self, IP_addr=None, ARP_addr=None, from_ip=None)[source]

Bases: AnsweringMachine[Packet]

Fake ARP Relay Daemon (farpd)

example: To respond to an ARP request for 192.168.100 replying on the ingress interface:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05')

To respond on a different interface add the interface parameter:

farpd(IP_addr='192.168.1.100',ARP_addr='00:01:02:03:04:05',iface='eth0')

To respond on ANY arp request on an interface with mac address ARP_addr:

farpd(ARP_addr='00:01:02:03:04:05',iface='eth1')

To respond on ANY arp request with my mac addr on the given interface:

farpd(iface='eth1')

Optional Args:

inter=<n>   Interval in seconds between ARP replies being sent
filter: str | None = 'arp'
function_name = 'farpd'
is_request(req: Packet) bool[source]
make_reply(req: Packet) Packet[source]
parse_options(IP_addr: str | None = None, ARP_addr: str | None = None, from_ip: str | None = None) None[source]
print_reply(req: Packet, reply: Packet) None[source]
static send_function(x: Sequence[Packet] | Packet | SetGen[Packet] | _PacketList[Packet], iface: NetworkInterface | str | None = None, iface_hint: str | None = None, socket: SuperSocket | None = None, **kargs: Any) PacketList | None[source]

Send packets at layer 2

Parameters:

  • x – the packets

  • inter – time (in s) between two packets (default 0)

  • loop – send packet indefinitely (default 0)

  • count – number of packets to send (default None=1)

  • verbose – verbose mode (default None=conf.verb)

  • realtime – check that a packet was sent before sending the next one

  • return_packets – return the sent packets

  • socket – the socket to use (default is conf.L3socket(kargs))

  • iface – the interface to send the packets on

  • monitor – (not on linux) send in monitor mode

Returns:

None

send_reply(reply: Packet, send_function: Any = None) None[source]
class scapy.layers.l2.ARPingResult(res=None, name='ARPing', stats=None)[source]

Bases: SndRcvList

show(*args: Any, **kwargs: Any) None[source]

Print the list of discovered MAC addresses.

class scapy.layers.l2.CookedLinux(_pkt, /, *, pkttype=0, lladdrtype=512, lladdrlen=0, src=b'', proto=2048)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.CookedLinux'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortEnumField (CookedLinux).pkttype>, <XShortField (CookedLinux).lladdrtype>, <ShortField (CookedLinux).lladdrlen>, <StrFixedLenField (CookedLinux).src>, <XShortEnumField (CookedLinux).proto>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'proto': 1}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 12}, <class 'scapy.layers.can.CAN'>), ({'proto': 13}, <class 'scapy.layers.can.CANFD'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34915}, <class 'scapy.layers.ppp.PPPoED'>), ({'proto': 34916}, <class 'scapy.layers.ppp.PPPoE'>), ({'proto': 23}, <class 'scapy.layers.ir.IrLAPHead'>)]
class scapy.layers.l2.CookedLinuxV2(_pkt, /, *, proto=2048, reserved=0, ifindex=0, lladdrtype=512, pkttype=0, lladdrlen=0, src=b'')[source]

Bases: CookedLinux

aliastypes = [<class 'scapy.layers.l2.CookedLinuxV2'>, <class 'scapy.layers.l2.CookedLinux'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<XShortEnumField (CookedLinuxV2).proto>, <ShortField (CookedLinuxV2).reserved>, <IntField (CookedLinuxV2).ifindex>, <XShortField (CookedLinuxV2).lladdrtype>, <ByteEnumField (CookedLinuxV2).pkttype>, <ByteField (CookedLinuxV2).lladdrlen>, <StrFixedLenField (CookedLinuxV2).src>]
class scapy.layers.l2.DestMACField(name: str)[source]

Bases: MACField

i2h(pkt: Packet | None, x: str | None) str[source]
i2m(pkt: Packet | None, x: str | None) bytes[source]
class scapy.layers.l2.Dot1AD(_pkt, /, *, prio=0, dei=0, vlan=1, type=0)[source]

Bases: Dot1Q

aliastypes = [<class 'scapy.layers.l2.Dot1AD'>, <class 'scapy.layers.l2.Dot1Q'>, <class 'scapy.layers.l2.Ether'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (Dot1Q,Dot1AD).prio>, <BitField (Dot1Q,Dot1AD).dei>, <BitField (Dot1Q,Dot1AD).vlan>, <XShortEnumField (Dot1Q,Dot1AD).type>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>)]
class scapy.layers.l2.Dot1AH(_pkt, /, *, prio=0, dei=0, nca=0, res1=0, res2=0, isid=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.Dot1AH'>, <class 'scapy.packet.Packet'>]
answers(other: Packet) int[source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (Dot1AH).prio>, <BitField (Dot1AH).dei>, <BitField (Dot1AH).nca>, <BitField (Dot1AH).res1>, <BitField (Dot1AH).res2>, <ThreeBytesField (Dot1AH).isid>]
mysummary() str[source]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({}, <class 'scapy.layers.l2.Ether'>)]
class scapy.layers.l2.Dot1Q(_pkt, /, *, prio=0, dei=0, vlan=1, type=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.Dot1Q'>, <class 'scapy.layers.l2.Ether'>]
answers(other: Packet) int[source]
default_payload_class(pay: bytes) Type[Packet][source]
deprecated_fields: Dict[str, Tuple[str, str]] = {'id': ('dei', '2.5.0')}
extract_padding(s: bytes) Tuple[bytes, bytes | None][source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (Dot1Q,Dot1AD).prio>, <BitField (Dot1Q,Dot1AD).dei>, <BitField (Dot1Q,Dot1AD).vlan>, <XShortEnumField (Dot1Q,Dot1AD).type>]
mysummary() str[source]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'type': 34980}, <class 'scapy.contrib.ethercat.EtherCat'>), ({'type': 35020}, <class 'scapy.contrib.lldp.LLDPDU'>), ({'type': 34824}, <class 'scapy.contrib.mac_control.MACControl'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>), ({'type': 35074}, <class 'scapy.contrib.oam.OAM'>)]
class scapy.layers.l2.Dot3(_pkt, /, *, dst=None, src=None, len=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.Dot3'>, <class 'scapy.packet.Packet'>]
answers(other: Packet) int[source]
classmethod dispatch_hook(_pkt: Any | None = None, *args: Any, **kargs: Any) Type[Packet][source]
extract_padding(s: bytes) Tuple[bytes, bytes][source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<DestMACField (Dot3).dst>, <SourceMACField (Dot3).src>, <LenField (Dot3).len>]
mysummary() str[source]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'dst': '01:80:c2:00:00:20'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:21'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:22'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:23'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:24'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:25'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:26'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:27'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:28'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:29'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2a'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2b'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2c'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2d'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2e'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({'dst': '01:80:c2:00:00:2f'}, <class 'scapy.contrib.gxrp.LLC_GARP'>), ({}, <class 'scapy.layers.l2.LLC'>)]
class scapy.layers.l2.Ether(_pkt, /, *, dst=None, src=None, type=36864)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.Ether'>, <class 'scapy.packet.Packet'>]
answers(other: Packet) int[source]
classmethod dispatch_hook(_pkt: bytes | None = None, *args: Any, **kargs: Any) Type[Packet][source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<DestMACField (Ether,MetawatchEther).dst>, <SourceMACField (Ether,MetawatchEther).src>, <XShortEnumField (Ether,MetawatchEther).type>]
hashret() bytes[source]
mysummary() str[source]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'type': 122}, <class 'scapy.layers.l2.LLC'>), ({'type': 34928}, <class 'scapy.layers.l2.LLC'>), ({'type': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'type': 1}, <class 'scapy.layers.l2.Ether'>), ({'type': 2054}, <class 'scapy.layers.l2.ARP'>), ({'type': 34978}, <class 'scapy.contrib.aoe.AOE'>), ({'type': 2048}, <class 'scapy.layers.inet.IP'>), ({'type': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'dst': '01:80:c2:00:00:02', 'type': 34825}, <class 'scapy.contrib.slowprot.SlowProtocol'>), ({'type': 34980}, <class 'scapy.contrib.ethercat.EtherCat'>), ({'type': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'type': 34915}, <class 'scapy.layers.ppp.PPPoED'>), ({'type': 34916}, <class 'scapy.layers.ppp.PPPoE'>), ({'type': 32801}, <class 'scapy.layers.ppp.PPP_IPCP'>), ({'type': 32851}, <class 'scapy.layers.ppp.PPP_ECP'>), ({'type': 35041}, <class 'scapy.contrib.homeplugav.HomePlugAV'>), ({'type': 34887}, <class 'scapy.contrib.mpls.MPLS'>), ({'type': 60734}, <class 'scapy.contrib.ife.IFE'>), ({'type': 35020}, <class 'scapy.contrib.lldp.LLDPDU'>), ({'type': 34824}, <class 'scapy.contrib.mac_control.MACControl'>), ({'type': 35045}, <class 'scapy.contrib.macsec.MACsec'>), ({'type': 35033}, <class 'scapy.layers.lltd.LLTD'>), ({'type': 41197}, <class 'scapy.layers.sixlowpan.SixLoWPAN'>), ({'type': 35151}, <class 'scapy.contrib.nsh.NSH'>), ({'type': 34962}, <class 'scapy.contrib.pnio.ProfinetIO'>), ({'type': 35093}, <class 'scapy.contrib.roce.GRH'>)]
class scapy.layers.l2.GRE(_pkt, /, *, chksum_present=0, routing_present=0, key_present=0, seqnum_present=0, strict_route_source=0, recursion_control=0, flags=0, version=0, proto=0, chksum=None, offset=None, key=None, sequence_number=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.GRE'>, <class 'scapy.packet.Packet'>]
deprecated_fields: Dict[str, Tuple[str, str]] = {'seqence_number': ('sequence_number', '2.4.4')}
classmethod dispatch_hook(_pkt: Any | None = None, *args: Any, **kargs: Any) Type[Packet][source]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (GRE).chksum_present>, <BitField (GRE).routing_present>, <BitField (GRE).key_present>, <BitField (GRE).seqnum_present>, <BitField (GRE).strict_route_source>, <BitField (GRE).recursion_control>, <BitField (GRE).flags>, <BitField (GRE).version>, <XShortEnumField (GRE).proto>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'proto': 25944}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'routing_present': 1}, <class 'scapy.layers.l2.GRErouting'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 35006, 'seqnum_present': 0}, <class 'scapy.contrib.erspan.ERSPAN'>), ({'proto': 35006, 'seqnum_present': 1}, <class 'scapy.contrib.erspan.ERSPAN_II'>), ({'proto': 8939}, <class 'scapy.contrib.erspan.ERSPAN_III'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34887}, <class 'scapy.contrib.mpls.MPLS'>), ({'proto': 35151}, <class 'scapy.contrib.nsh.NSH'>)]
post_build(p: bytes, pay: bytes) bytes[source]
class scapy.layers.l2.GRE_PPTP(_pkt, /, *, chksum_present=0, routing_present=0, key_present=1, seqnum_present=0, strict_route_source=0, recursion_control=0, acknum_present=0, flags=0, version=1, proto=34827, payload_len=None, call_id=None, sequence_number=None, ack_number=None)[source]

Bases: GRE

Enhanced GRE header used with PPTP RFC 2637

aliastypes = [<class 'scapy.layers.l2.GRE_PPTP'>, <class 'scapy.layers.l2.GRE'>, <class 'scapy.packet.Packet'>]
deprecated_fields: Dict[str, Tuple[str, str]] = {'seqence_number': ('sequence_number', '2.4.4')}
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (GRE_PPTP).chksum_present>, <BitField (GRE_PPTP).routing_present>, <BitField (GRE_PPTP).key_present>, <BitField (GRE_PPTP).seqnum_present>, <BitField (GRE_PPTP).strict_route_source>, <BitField (GRE_PPTP).recursion_control>, <BitField (GRE_PPTP).acknum_present>, <BitField (GRE_PPTP).flags>, <BitField (GRE_PPTP).version>, <XShortEnumField (GRE_PPTP).proto>, <ShortField (GRE_PPTP).payload_len>, <ShortField (GRE_PPTP).call_id>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'proto': 122}, <class 'scapy.layers.l2.LLC'>), ({'proto': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'proto': 25944}, <class 'scapy.layers.l2.Ether'>), ({'proto': 2054}, <class 'scapy.layers.l2.ARP'>), ({'routing_present': 1}, <class 'scapy.layers.l2.GRErouting'>), ({'proto': 2048}, <class 'scapy.layers.inet.IP'>), ({'proto': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'proto': 35006, 'seqnum_present': 0}, <class 'scapy.contrib.erspan.ERSPAN'>), ({'proto': 35006, 'seqnum_present': 1}, <class 'scapy.contrib.erspan.ERSPAN_II'>), ({'proto': 8939}, <class 'scapy.contrib.erspan.ERSPAN_III'>), ({'proto': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'proto': 34827}, <class 'scapy.layers.ppp.PPP'>)]
post_build(p: bytes, pay: bytes) bytes[source]
class scapy.layers.l2.GRErouting(_pkt, /, *, address_family=0, SRE_offset=0, SRE_len=None, routing_info=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.GRErouting'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (GRErouting).address_family>, <ByteField (GRErouting).SRE_offset>, <FieldLenField (GRErouting).SRE_len>, <StrLenField (GRErouting).routing_info>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'SRE_len': 0, 'address_family': 0}, <class 'scapy.packet.Raw'>), ({}, <class 'scapy.layers.l2.GRErouting'>)]
class scapy.layers.l2.LLC(_pkt, /, *, dsap=0, ssap=0, ctrl=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.LLC'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<XByteField (LLC,LLC_GARP).dsap>, <XByteField (LLC,LLC_GARP).ssap>, <ByteField (LLC,LLC_GARP).ctrl>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'ctrl': 3, 'dsap': 66, 'ssap': 66}, <class 'scapy.layers.l2.STP'>), ({'ctrl': 3, 'dsap': 170, 'ssap': 170}, <class 'scapy.layers.l2.SNAP'>), ({'ctrl': 3, 'dsap': 254, 'ssap': 254}, <function _create_cln_pdu>)]
class scapy.layers.l2.LoIntEnumField(name: str, default: int | None, enum: Dict[int, str] | Dict[str, int] | List[str] | DADict[int, str] | Type[Enum] | Tuple[Callable[[int], str], Callable[[str], int]])[source]

Bases: IntEnumField

i2m(pkt: Packet | None, x: List[int] | int | None) int[source]
m2i(pkt: Packet | None, x: int) int[source]
class scapy.layers.l2.Loopback(_pkt, /, *, type=2)[source]

Bases: Packet

*BSD loopback layer

aliastypes = [<class 'scapy.layers.l2.Loopback'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LoIntEnumField (Loopback).type>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'type': 0}, <class 'scapy.layers.inet.IP'>), ({'type': AddressFamily.AF_INET}, <class 'scapy.layers.inet.IP'>), ({'type': AddressFamily.AF_INET6}, <class 'scapy.layers.inet6.IPv6'>)]
class scapy.layers.l2.LoopbackOpenBSD(_pkt, /, *, type=2)[source]

Bases: Loopback

aliastypes = [<class 'scapy.layers.l2.LoopbackOpenBSD'>, <class 'scapy.layers.l2.Loopback'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<IntEnumField (LoopbackOpenBSD).type>]
class scapy.layers.l2.MPacketPreamble(_pkt, /, *, preamble=b'', fcs=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.MPacketPreamble'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (MPacketPreamble).preamble>, <scapy.fields.FCSField object>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({}, <class 'scapy.layers.l2.Ether'>)]
class scapy.layers.l2.Neighbor[source]

Bases: object

register_l3(l2: Type[Packet], l3: Type[Packet], resolve_method: Callable[[Packet, Packet], str | None]) None[source]
resolve(l2inst: Packet, l3inst: Packet) str | None[source]
resolvers: Dict[Tuple[Type[Packet], Type[Packet]], Callable[[Packet, Packet], str | None]]
class scapy.layers.l2.SNAP(_pkt, /, *, OUI=0, code=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.SNAP'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<OUIField (SNAP).OUI>, <XShortEnumField (SNAP).code>]
payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'code': 33024}, <class 'scapy.layers.l2.Dot1Q'>), ({'type': 34984}, <class 'scapy.layers.l2.Dot1AD'>), ({'type': 35047}, <class 'scapy.layers.l2.Dot1AH'>), ({'code': 1}, <class 'scapy.layers.l2.Ether'>), ({'code': 2054}, <class 'scapy.layers.l2.ARP'>), ({'code': 267}, <class 'scapy.layers.l2.STP'>), ({'code': 2048}, <class 'scapy.layers.inet.IP'>), ({'code': 34525}, <class 'scapy.layers.inet6.IPv6'>), ({'OUI': 12, 'code': 8192}, <class 'scapy.contrib.cdp.CDPv2_HDR'>), ({'OUI': 12, 'code': 8196}, <class 'scapy.contrib.dtp.DTP'>), ({'code': 34958}, <class 'scapy.layers.eap.EAPOL'>), ({'code': 8195}, <class 'scapy.contrib.vtp.VTP'>)]
class scapy.layers.l2.STP(_pkt, /, *, proto=0, version=0, bpdutype=0, bpduflags=0, rootid=0, rootmac='00:00:00:00:00:00', pathcost=0, bridgeid=0, bridgemac='00:00:00:00:00:00', portid=0, age=1, maxage=20, hellotime=2, fwddelay=15)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.l2.STP'>, <class 'scapy.packet.Packet'>]
fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ShortField (STP).proto>, <ByteField (STP).version>, <ByteField (STP).bpdutype>, <ByteField (STP).bpduflags>, <ShortField (STP).rootid>, <MACField (STP).rootmac>, <IntField (STP).pathcost>, <ShortField (STP).bridgeid>, <MACField (STP).bridgemac>, <ShortField (STP).portid>, <BCDFloatField (STP).age>, <BCDFloatField (STP).maxage>, <BCDFloatField (STP).hellotime>, <BCDFloatField (STP).fwddelay>]
class scapy.layers.l2.SourceMACField(name: str, getif: Any | None = None)[source]

Bases: MACField

getif
i2h(pkt: Packet | None, x: str | None) str[source]
i2m(pkt: Packet | None, x: Any | None) bytes[source]
scapy.layers.l2.arp_mitm(ip1: str, ip2: str, mac1: List[str] | str | None = None, mac2: List[str] | str | None = None, broadcast: bool = False, target_mac: str | None = None, iface: NetworkInterface | str | None = None, inter: int = 3) None[source]

ARP MitM: poison 2 target’s ARP cache

Parameters:

  • ip1 – IPv4 of the first machine

  • ip2 – IPv4 of the second machine

  • mac1 – MAC of the first machine (optional: will ARP otherwise)

  • mac2 – MAC of the second machine (optional: will ARP otherwise)

  • broadcast – if True, will use broadcast mac for MitM by default

  • target_mac – MAC of the attacker (optional: default to the interface’s one)

  • iface – the network interface. (optional: default, route for ip1)

Example usage:

$ sysctl net.ipv4.conf.virbr0.send_redirects=0  # virbr0 = interface
$ sysctl net.ipv4.ip_forward=1
$ sudo iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1
$ sudo scapy
>>> arp_mitm("192.168.122.156", "192.168.122.17")
Alternative usages:
>>> arp_mitm("10.0.0.1", "10.1.1.0/21", iface="eth1")
>>> arp_mitm("10.0.0.1", "10.1.1.2",
...          target_mac="aa:aa:aa:aa:aa:aa",
...          mac2="00:1e:eb:bf:c1:ab")

Warning

If using a subnet, this will first perform an arping, unless broadcast is on!

Remember to change the sysctl settings back..

scapy.layers.l2.arpcachepoison(target: str | List[str], addresses: str | Tuple[str, str] | List[Tuple[str, str]], broadcast: bool = False, count: int | None = None, interval: int = 15, **kwargs: Any) None[source]

Poison targets’ ARP cache

Parameters:

  • target – Can be an IP, subnet (string) or a list of IPs. This lists the IPs or the subnet that will be poisoned.

  • addresses – Can be either a string, a tuple of a list of tuples. If it’s a string, it’s the IP to advertise to the victim, with the local interface’s MAC. If it’s a tuple, it’s (“IP”, “MAC”). It it’s a list, it’s [(“IP”, “MAC”)]. “IP” can be a subnet of course.

  • broadcast – Use broadcast ethernet

Examples for target “192.168.0.2”:

>>> arpcachepoison("192.168.0.2", "192.168.0.1")
>>> arpcachepoison("192.168.0.1/24", "192.168.0.1")
>>> arpcachepoison(["192.168.0.2", "192.168.0.3"], "192.168.0.1")
>>> arpcachepoison("192.168.0.2", ("192.168.0.1", get_if_hwaddr("virbr0")))
>>> arpcachepoison("192.168.0.2", [("192.168.0.1", get_if_hwaddr("virbr0"),
...                                ("192.168.0.2", "aa:aa:aa:aa:aa:aa")])
scapy.layers.l2.arping(net: str, timeout: int = 2, cache: int = 0, verbose: int | None = None, threaded: bool = True, **kargs: Any) Tuple[ARPingResult, PacketList][source]

Send ARP who-has requests to determine which hosts are up:

arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None

Set cache=True if you want arping to modify internal ARP-Cache

scapy.layers.l2.arpleak(target: str, plen: int = 255, hwlen: int = 255, **kargs: Any) Tuple[SndRcvList, PacketList][source]

Exploit ARP leak flaws, like NetBSD-SA2017-002.

https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

scapy.layers.l2.etherleak(target: str, **kargs: Any) Tuple[SndRcvList, PacketList][source]

Exploit Etherleak flaw

scapy.layers.l2.getmacbyip(ip: str, chainCC: int = 0) str | None[source]

Returns the destination MAC address used to reach a given IP address.

This will follow the routing table and will issue an ARP request if necessary. Special cases (multicast, etc.) are also handled.

See also

getmacbyip6() for IPv6.

scapy.layers.l2.is_promisc(ip: str, fake_bcast: str = 'ff:ff:00:00:00:00', **kargs: Any) bool[source]

Try to guess if target is in Promisc mode. The target is provided by its ip.

scapy.layers.l2.l2_register_l3(l2: Packet, l3: Packet) str | None[source]

Delegates resolving the default L2 destination address to the payload of L3.

scapy.layers.l2.l2_register_l3_arp(l2: Packet, l3: Packet) str | None[source]

Resolves the default L2 destination address when ARP is used.

scapy.layers.l2.promiscping(net: str, timeout: int = 2, fake_bcast: str = 'ff:ff:ff:ff:ff:fe', **kargs: Any) Tuple[ARPingResult, PacketList][source]

Send ARP who-has requests to determine which hosts are in promiscuous mode promiscping(net, iface=conf.iface)