1

I am sniffing packet with Scapy and I get the raw bytes:

 t = packet[TCP].payload
print(type(t))

type tells me that the content here is and the output is:

b'\x16\x03\x03\x01\x0b\x00\x00\x00\x00\x00\x00\x00H\xe2\xc9\x150\xc7\x92\x18\x8d\xf2~5x\xb2bU\xd0\xf2\x97\xe1\xc5\xc0na\x9f\x9d>Dnv\xa9X\xb18\r\x03\xdeuN8\xaf\xfb/\xd3^:\x1c\xd7\x984\xbbvn~8\x03\x16\t\x14'

I cannot use the binascii.hexlify, etc to convert this to hexadecimal because the data type is not string, int, or bytes.

Anyone have a solution to convert this to either bytes, hex string, something like this?

16030102

Paul3
  • 31
  • 1
  • 2
  • 5
  • `print str(t).encode("HEX")`? returns a 142 character long alpha-numeric string; https://stackoverflow.com/questions/27172789/how-to-extract-raw-of-tcp-packet-using-scapy – chickity china chinese chicken Mar 31 '18 at 01:02
  • I seem to be getting the following error: File "./pcapy.py", line 50, in packet_callback print(str(t).encode("hex")) LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs – Paul3 Mar 31 '18 at 06:36
  • I think I misunderstood your question, and I can't reproduce your results. does `print(type(t))` give `b'\x16\x03\x03\x01\x...\x14'` output? what does `print(t)` show? – chickity china chinese chicken Mar 31 '18 at 07:06
  • type gives back: . I'm guessing the type is raw. – Paul3 Apr 01 '18 at 02:42

1 Answers1

2

I found a simple solution which worked with scapy.packet.raw:

pkt = binascii.hexlify(bytes(packet[TCP].payload))

Now I can search the content simply:

if data[:4] == b'1603':

simple enough for what I need at the moment

Paul3
  • 31
  • 1
  • 2
  • 5