To get started, I read other raw scapy answers here, however none of them were helpful, maybe I'm just doing something wrong, and that's what brought me here today.
So, for starters, I have a pcap file that started to get corrupted by some retransmissions, to my belief that I returned it correctly.
It contains the Radiotap header, IEEE 802.11 (dot11), logical communications management, IPv4, UDP, and DNS.
As far as I understand, udp packets being transmitted contain this raw data, however, some recent quirks do, it is possible that raw is in Radiotap / raw.
Using scapy, I repeat through the packages, and when a package with a Raw layer is found, I use the .show()scapy function to view it.
As such, I see that there is a free download
\load \
|
| load = '@\x00\x00\x00\xff\xff\xff\xff\xff\xff\x10h?'
So, I suppose my question is how can I capture this payload to get what it might be. As far as I know, the download should be an image file, but it's hard for me to believe this, so I guess I misunderstood somewhere.
Here is the code I use to achieve the above result
from scapy.all import *
from scapy.utils import *
pack = rdpcap('/home/username/Downloads/new.pcap')
for packet in pack:
if packet.getlayer(Raw):
print '[+] Found Raw' + '\n'
l = packet.getlayer(Raw)
rawr = Raw(l)
rawr.show()
Any help or understanding for further reading would be appreciated; I am new to scapy and not a specialist in cracking packages.
* Side note, I previously tried (using a separate code and server) to reproduce packets and send them to myself, to no avail. However, I feel that due to my lack of knowledge in receiving UDP packets.
. pcap scapy reassembler, , - , , .,
pcap wirehark, , , , , ?
, getlayer(Raw).load, , - , , .