Ethernet header removal using scapy (python)

1.5k Views Asked by KSp At 20 May 2020 at 22:00

I am trying to work with pcap files. For a preprocessing phase, I am trying to remove an ethernet header using scapy but not sure if this is the right way. Any ideas would like much appreciated. Thanks

I am working on Jupyter notebook and I use python and scapy to read pcap files.

Packet summary: 
'Ether / IP / UDP 131.XXX:XXX:XXX:netbios_ns > 131.XXX:XXX:XXX:netbios_ns / NBNSQueryRequest'

Tried:
pk1= ['Ether / IP / UDP 131.XXX:XXX:XXX:netbios_ns > 131.XXX:XXX:XXX:netbios_ns / NBNSQueryRequest']
pkt2=pk1['NBNSQueryRequest']
pk1[Ether].remove_payload()
pk1 /=pkt2

Original Q&A

There are 3 best solutions below

dgrandm On 23 May 2020 at 05:18

You may open capture file in Wireshark, go to File menu, then "Export PDU" and specify a filter of what do you want to export.

Alex On 26 August 2020 at 09:46

If I understand correctly your question you can access the payload by doing the following:

pk1[1]
pk1.payload

Yarden On 17 December 2022 at 22:45

Assuming you have a Packet object with the following layers:

pkt = Ether()/IP()/ICMP()

The packet would look something like this:

print(repr(pkt)) 
# <Ether  type=IPv4 |<IP  frag=0 proto=icmp |<ICMP  |>>>

pkt is actually an ethernet packet with all the other layers encapsulated as it's payload, so you can just use:

pkt = pkt.payload
# Or
pkt = pkt[Ether].payload

And you'll end up with:

print(repr(pkt))
# <IP  frag=0 proto=icmp |<ICMP  |>>

Ethernet header removal using scapy (python)

There are 3 best solutions below

Related Questions in PYTHON

Related Questions in NETWORK-PROGRAMMING

Related Questions in SCAPY

Related Questions in ETHERNET

Related Questions in RAW-ETHERNET

Trending Questions

Popular # Hahtags

Popular Questions