0

Is there any difference between explicitly using Raw, and simply using a string/bytes object in its place? Or in other words, is there any difference between these two lines?

p1 = ARP(pdst="192.168.72.102") / "Some Test Data"
p2 = ARP(pdst="192.168.72.102") / Raw(load="Some Test Data")

They appear to act identically when inspecting the results in Wireshark and when looking at the produced scapy packet objects, but I'd like to be sure.

Carcigenicate
  • 43,494
  • 9
  • 68
  • 117

1 Answers1

1

Assuming conf.raw_layer hasn't been altered, they are the same.

If you check the implementation of Packet.__div__ (/; the separator used to "glue" layers together), it defers to Raw when a str or bytes object is given:

def __div__(self, other):
    if isinstance(other, Packet):
        cloneA = self.copy()
        cloneB = other.copy()
        cloneA.add_payload(cloneB)
        return cloneA
    elif isinstance(other, (bytes, str)):
        return self / conf.raw_layer(load=other)
    else:
        return other.__rdiv__(self)

And conf.raw_layer is later defined as conf.raw_layer = Raw

Carcigenicate
  • 43,494
  • 9
  • 68
  • 117
  • In some very specific cases you would change `conf.raw_layer` to something else, because it is also what a packet becomes if dissection fails. But for the most part, yeah – Cukic0d Jan 09 '21 at 00:37