Undrstanding simple bytes output from scapy

Question

I'm trying to print the payload of packets from IP 192.168.1.198 that have a payload:

from scapy.all import *

packets = rdpcap('capture1_bug.pcapng')

payloads = []
for packet in packets:
    if IP in packet:
        ip_src=packet[IP].src
        ip_dst=packet[IP].dst
        if ip_src=="192.168.1.198" and packet[TCP].payload:
            payload = packet[TCP].payload
            payloads.append(payload)
        
print(payloads[7])

and I get

b'$\x00\x00&\x80`\x00\x00\x00\x00\x1bf\x00\x00\x1bfgM\x00*\x9d\xa8\x1e\x00\x89\xf9f\xe0  (\x00\x00\x03\x00\x08\x00\x00\x03\x00| '

I cannot understand this output. Why some bytes are 0x00 (2 digits) and some are \x1bfgM and why there are things like ( and |? Why the first character is printed as $ and not a hex number?

score 3 · Accepted Answer · answered Aug 17 '20 at 15:28

\x1bfgM are actually 4 bytes: \x1b, f, g and M. All characters in your bytes string that can be converted to ASCII characters (a-z, A-Z, 0-9, punctuation characters, ...) are printed as such and not using the \x prefix. For instance:

>>> b'\x24\x28\x7c'
b'$(|'

Undrstanding simple bytes output from scapy

1 Answers1