For example, the sequence number in a captured frame can be returned using q. Given this storage method, the best way to display a field in the packet is to refer to the section and field name. In general, Scapy uses angular brackets () to denote the beginning and end of different sections, with specific fields separated by spaces, and displayed as field_name = field_value. Because of this, the method by which Scapy stores packets, and the way it wants you to refer to different parts of each packet, is kind of strange. In fact, most of what you can find on StackOverflow or Google about Scapy revolve around using it to perform Man in the Middle attacks, ARP or DNS poisoning attacks, or other attacks revolving around packet manipulation. It’s important to note that packet dissection and analysis is not the primary goal for this library it’s primarily meant for packet crafting.
To accomplish this, I chose Scapy, the “Python-based interactive packet manipulation program & library,” based on a few blog posts I found.
Therefore, my script must parse DNS responses that showed up in the packet capture and connect the initial query through any chaining to the final IP address. I wanted a solution that would let me take the actual, in situ, DNS queries from the client displayed in the capture and connect those to the IP addresses that show up.
0 kommentar(er)
