Wiki Navigation

Fields

Here's a list of fields that Scapy supports out of the box:

Simple datatypes

Legend:

X - hexadecimal representation
LE - little endian (default is big endian = network byte order)
Signed - signed (default is unsigned)

ByteField           
XByteField    

ShortField
LEShortField
XShortField

X3BytesField        # three bytes (in hexad 

IntField
SignedIntField
LEIntField
LESignedIntField
XIntField

LongField       
XLongField
LELongField

IEEEFloatField
IEEEDoubleField 
BCDFloatField       # binary coded decimal

BitField
XBitField

BitFieldLenField    # BitField specifying a length (used in RTP)
FlagsField          
FloatField

Enumerations

Possible field values are taken from a given enumeration (list, dictionary, ...) e.g. ByteEnumField("code", 4, {1:"REQUEST",2:"RESPONSE",3:"SUCCESS",4:"FAILURE"})

EnumField(name, default, enum, fmt = "H")
CharEnumField
BitEnumField
ShortEnumField
LEShortEnumField
ByteEnumField
IntEnumField
SignedIntEnumField
LEIntEnumField
XShortEnumField

Strings

StrField(name, default, fmt="H", remain=0, shift=0)
StrLenField(name, default, fld=None, length_from=None, shift=0):
StrFixedLenField
StrNullField
StrStopField

Lists and lengths

The FieldListField and LengthFields articles have more info on this topic.

FieldList(name, default, field, fld=None, shift=0, length_from=None, count_from=None)
    # A list assembled and dissected with many times the same field type
    
    # field: instance of the field that will be used to assemble and disassemble a list item
    # length_from: name of the FieldLenField holding the list length
     
FieldLenField     #  holds the list length of a FieldList field
LEFieldLenField

LenField          # contains len(pkt.payload)

PacketField       # holds packets
PacketLenField    # used e.g. in ISAKMP_payload_Proposal
PacketListField

Special

Emph     # Wrapper to emphasize field when printing, e.g. Emph(IPField("dst", "127.0.0.1")),

ActionField

ConditionalField(fld, cond)
        # Wrapper to make field 'fld' only appear if function 'cond' evals to True
        # e.g. ConditionalField(XShortField("chksum",None),lambda pkt:pkt.chksumpresent==1)
        

PadField(fld, align, padwith=None)  
       # Add bytes after the proxified field so that it ends at the specified alignment from its begining

TCP/IP

IPField
SourceIPField

IPoptionsField
TCPOptionsField

MACField
DestMACField(MACField)
SourceMACField(MACField)
ARPSourceMACField(MACField)

ICMPTimeStampField

802.11

Dot11AddrMACField
Dot11Addr2MACField
Dot11Addr3MACField
Dot11Addr4MACField
Dot11SCField

DNS

DNSStrField
DNSRRCountField
DNSRRField
DNSQRField
RDataField
RDLenField

ASN.1

ASN1F_element
ASN1F_field
ASN1F_INTEGER
ASN1F_enum_INTEGER
ASN1F_STRING
ASN1F_OID
ASN1F_SEQUENCE
ASN1F_SEQUENCE_OF
ASN1F_PACKET
ASN1F_CHOICE

Other protocols

NetBIOSNameField         # NetBIOS (StrFixedLenField) 

ISAKMPTransformSetField  # ISAKMP (StrLenField) 

TimeStampField           # NTP (BitField)

First version of this list: Dirk Loss, 2008-03-01

Download in other formats:

Plain Text