0

I am trying to extract the data from 6LoWPAN support device type. Able to retrieve raw data only.

I tried using Scapy and pypcapkit. Both are providing src, dst, type and raw data only.

>>from scapy.all import *
>>pcap = rdpcap("/content/sample.pcap")

>>pcap
output as: <sample.pcap: TCP:0 UDP:0 ICMP:0 Other:252>

>>pcap[0]
output as:<Ether  dst=xx:xx:xx:xx:xx:xx src=xx:xx:xx:xx:xx:xx type=0x809a |<Raw  load='A\xd8\xbdxV\xff\xff\x8bRk\x02ece.......

code snap shot

expecting extracted data as Wireshark data

Update 1:

I tried jNetPcap, pcap4j. But nothing helped out. When i tried pyshark. It is able to project the data. But there is problem i am facing now packet.6lowpan is not allowing by python parser, variable should not start with integer.

Ex: pcap = pyshark.FileCapture("xxxx//xx//xxxx.pcapng") for pkt in pcap: print(pkt.6lowpan)

syntax error...

Update 2:

pkt.6lowpan issue resolved by using pkt["6lowpan"]... Ref solution by pyshark Team

Updating the content, may help some other.

Eswar thammana
  • 25
  • 8
  • This seems a bit broad and a situation where you should read the documentation and or do your own searching for a decent example. It's also a bit unclear what you mean by "RAW data" - one would think that would mean either the payload data or the raw bytes on the wire (or in this case air), but your screenshot of what you seem to want shows none of the raw data, but interpreted protocol fields... – Chris Stratton Aug 02 '19 at 17:19
  • @ChrisStratton Thanks for your time, i was trying for a couple of days to extract specific data of layers. At Ether layer i could get RAW format, where further want to analyze for payload data in next layers. I have knowledge of Python and OSI Model but not much on requested question. I was able to extract partial data. Where as in case of IPv4 was able to extract payloads from layers. – Eswar thammana Aug 02 '19 at 17:42
  • It's still not clear what you want. But you don't seem to have really researched what the library you are using supports for the protocols that are of interest to you - it may be that it has capability you are not leveraging, or it may be that at least in the version you are using it does not implement a very detailed parsing of the protocol, compared to say what wireshark does. Figure out what you want, research support, extend with your own modifications or you own decoder for what is missing... – Chris Stratton Aug 02 '19 at 17:45
  • @ChrisStratton Thanks for inputs... Started analysing, to implement supportive parser – Eswar thammana Aug 03 '19 at 07:16
  • If you are using a recent Scapy version (let's say 2.4.3rc4), those layers are enabled by default, so it should work :/ Could you share some raw data or the pcap, so that we can reproduce your issue ? Eventually, if it turns out to be a bug, you'll have to open an issue on the Scapy GitHub bug tracker – Cukic0d Aug 03 '19 at 10:34
  • Yes @Cukic0d Scapy is having 6LoWPAN layer implementation as sixlowpan.py, that is the reason i picked scapy for analysis. I will try to share Packet Capture if possible. Thanks for your time – Eswar thammana Aug 03 '19 at 16:56

0 Answers0