Converting from Bytes to String doesn't work // Python/Scapy

Question

I've got some trouble by converting from datatype bytes to a string. I'm generating a dns query with scapy, capture the response and I'm now trying to work with this response.

Here the code for generating and capturing and how the result looks like:

from scapy.all import *

dns = IP()/UDP()/DNS()
dns[IP].dst = "194.25.0.70"
dns["DNS Question Record"].qname = "12354987.xxxx.xxxx.de"
dns["DNS Question Record"].qtype = 35

ans, unans = sr(dns) 
ans.summary()

Output:

Begin emission:
Finished sending 1 packets.


Received 4 packets, got 1 answers, remaining 0 packets
IP / UDP / DNS Qry "b'12354987.xxxx.xxxx.de.'"  ==> IP / UDP / DNS Ans "b'\x00\n\x00\x00\x01s\x08SIPS+D2T\x00\x05_sips\x04_tcp\x0c12354987\x07xxxx\x0bxxxx\x02de\x00'" 

This works good. Next step is to extract the relevant parts of the response:

naptr = ans[0][1][UDP][DNS][DNSRR].rdata

Output:

b'\x00\n\x00\x00\x01s\x08SIPS+D2T\x00\x05_sips\x04_tcp\x0c12354987\x07xxxxy\x0bxxxx\x02de\x00'

I've tried to convert this type of bytes with .decode(), .decode('utf-8'), .decode('ascii'), with str(naptr) and some functiones found in the scapy documentation. But noting really works. Everytime I get the same result: '\x00\n\x00\x00\x01s\x08SIPS+D2T\x00\x05_sips\x04_tcp\x0c12354987\x07xxxx\x0bxxxx\x02de\x00'

Do you have any ideas or is here anyone who worked already with scapy? Thanks a lot.

BR Dennis

Answer 1

The binary data that you provided seems to represent a DNS NAPTR record. In this case, you may need to interpret the structure of the NAPTR record and extract the relevant information. The NAPTR record format includes various fields like order, preference, flags, service, regex, and replacement.

from scapy.all import *

# Create DNS query
dns = IP()/UDP()/DNS()
dns[IP].dst = "194.25.0.70"
dns["DNS Question Record"].qname = "12354987.xxxx.xxxx.de"
dns["DNS Question Record"].qtype = 35

# Send DNS query and receive response
ans, unans = sr(dns) 

# Print summary of the response
ans.summary()

# Extract the NAPTR record
naptr = ans[0][1][UDP][DNS][DNSRR].rdata

# Assuming the format of the NAPTR record is something like:
# HHHH16sHHHHHHHHHs

# Unpack the binary data
decoded_data = struct.unpack("!HHHH16sHHHHHHHHHs", naptr)

# Extract individual fields
order, preference, flags, service, regex, replacement = decoded_data

# Convert bytes to string for certain fields
service_str = service.decode('utf-8')
regex_str = regex.decode('utf-8')
replacement_str = replacement.decode('utf-8')

# Print the extracted information
print(f"Order: {order}")
print(f"Preference: {preference}")
print(f"Flags: {flags}")
print(f"Service: {service_str}")
print(f"Regex: {regex_str}")
print(f"Replacement: {replacement_str}")