Use case : compare the IP ID sequences for 2 different IP addresses :
>>> p = IP(dst=['192.168.4.10','192.168.4.11'])/TCP(dport=80)*5
>>> ans,unans = sr(p)
Begin emission:
.**************..*****Finished to send 10 packets.
*
Received 13 packets, got 10 answers, remaining 0 packets
>>> ans.make_table(lambda (s,r): (s.dst,s.dport, r.sprintf("%IP.id%")))
192.168.4.10 192.168.4.11
80 61134 24904
I expected the make_table to give this kind of result (fake) :
>>> ans.make_table(lambda (s,r): (s.dst,s.dport, r.sprintf("%IP.id%")))
192.168.4.10 192.168.4.11
80 61134 24904
80 61135 24905
80 61136 24906
80 61137 24907
80 61138 24908
Or, for successful IP ID sequence matching (fake example, with host activity) :
>>> ans.make_table(lambda (s,r): (s.dst,s.dport, r.sprintf("%IP.id%")))
192.168.4.10 192.168.4.11
80 61134 61135
80 61140 61141
80 61145 61146
80 61151 61152
80 61158 61159
Is it a misunderstanding of what make_table is supposed to do ?
Would it be possible to modify make_table to have this behavior without breaking other functions ?
Is there a way to do it with scapy ?
I think it comes from vx/vy/vz/vfx/vfy being dict objects instead of lists, but I have no idea if it's possible to do it with lists...
The following try would be ok but I'd like make_table to do it properly ;)
>>> pprint([(s.dst, r.sprintf("%IP.id%")) for s,r in ans])
[('192.168.4.10', '61119'),
('192.168.4.11', '24894'),
('192.168.4.10', '61121'),
('192.168.4.11', '24895'),
('192.168.4.10', '61124'),
('192.168.4.11', '24896'),
[...]
