3

I am doing a little networking project using the scapy library for python. My project involves sniffing in packets, and shimming a new layer between layers 3 and 4.

Using this guide, http://www.secdev.org/projects/scapy/doc/build_dissect.html

I was able to create a new packet layer. I can easily add the layer on top of the existing packet by doing something like, 

packet = newlayer()/packet

And the newlayer() layer will be placed below the IP layer. I want, however, to sandwich this new layer between layers 3 and 4 (instead of just below IP). But I can't seem to figure out an easy way to accomplish this.

I know that I can just create a new packet and do something like,

packet = Ether()/IP()/newlayer()/TCP()

however since, I want to insert the layer into packets that I've already sniffed, I'd like to simply modify the original packet instead of creating a new packet from scratch.

Any help would be appreciated!

alec
  • 141
  • 2
  • 11
  • Maybe this helps: http://stackoverflow.com/questions/29133482/scapy-how-to-insert-a-new-layer-802-1q-into-existing-packet – ρss Apr 23 '15 at 10:18

1 Answers1

6

Here's an example that shows how to inject another Dot1Q() header between layer 1 and layer 2 (counting Ether() as layer 0):

>>> pkt = Ether() / Dot1Q() / IP() / TCP()
>>> payload = pkt.getlayer(1).payload
>>> payload
<IP  frag=0 proto=tcp |<TCP  |>>
>>> pkt.getlayer(1).remove_payload()
>>> pkt
<Ether  type=n_802_1Q |<Dot1Q  |>>
>>> newPkt = pkt / Dot1Q() / payload
>>> newPkt
<Ether  type=n_802_1Q |<Dot1Q  type=n_802_1Q |<Dot1Q  type=IPv4 |<IP  frag=0 proto=tcp |<TCP  |>>>>>
>>>

There may be an easier way, but the above is easy enough I think.

wookie919
  • 3,054
  • 24
  • 32