mr-tz
commented
2 months ago @3V3RYONE, @strictlymike do you have insights here?
Closed xrkk closed 2 months ago
mr-tz
commented
2 months ago @3V3RYONE, @strictlymike do you have insights here?
mr-tz
commented
2 months ago or @tinajn?
xrkk
commented
2 months ago @mr-tz Thank you for your attention. Actually this is solved by below code:
from scapy.utils import rdpcap
from scapy.utils import wrpcap
from scapy.layers.l2 import Ether
f_pcap = '/path/to/src/pcap'
f_dst = '/path/to/dst/pcap'
packets = rdpcap(f_pcap)
eth_ipv4 = Ether(src="00:11:22:33:44:55", dst="aa:bb:cc:dd:ee:ff", type=0x0800)
converted_packets = []
for idx, pkt in enumerate(packets):
new_pkt = eth_ipv4 / pkt.getlayer(0)
converted_packets.append(new_pkt)
wrpcap(f_dst, converted_packets, linktype=1)Again, thank you for your great work!
The pcap packets generated by fakenet-ng have the protocol
raw:as the first protocol for each frame. This behavior is viewable without any issues in Wireshark. However, certain (internal) pcap parsing software cannot interpret it and require the modification ofraw:toeth:ethertype:or something.For instance, when viewing a packet generated by fakenet-ng in Wireshark, the approximate format is as follows:
When the same data is captured by Wireshark, the format viewed in Wireshark is as follows:
I tried modifying the source code file
fakenet\diverters\diverterbase.pyby removing thelinktype=dpkt.pcap.DLT_RAWparameter when creating thedpkt.pcap.Writerso that thelinktypetakes the default valuedpkt.pcap.DLT_EN10MB. However, the format of the generated packets is as follows:I would like to know how to modify the source code or configuration to make fakenet-ng generate packets where the first protocol of the frame is
eth:ethertype:instead ofraw:.THX!