2341 lines
102 KiB
Plaintext
2341 lines
102 KiB
Plaintext
{
|
||
"cells": [
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "ab8298c0",
|
||
"metadata": {},
|
||
"source": [
|
||
"# Introduction"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "a2861660",
|
||
"metadata": {},
|
||
"source": [
|
||
"Il existe de nombreux outils de sécurité que vous pouvez retrouvez par exemple dans la distribution Kali Linux. Cependant, ces outils de sécurité ont des paramètres modifiables limités. Vous vous retrouverez donc toujours dans des situations où vous souhaitez générer une séquence de paquets qui n'est pas possible avec ces logiciels et vous devrez construire vos propres outils.\n",
|
||
"\n",
|
||
"Scapy est un puissant programme interactif de manipulation de paquets. Il est capable de forger et d'envoyer des paquets avec un grand nombre de protocoles réseau, de recevoir, de capturer et d'analyser des paquets (récupérer des informations dans le paquet), de faire correspondre des requêtes et des réponses, et bien plus encore. On vous propose ici une introduction à Scapy en vous présentant les fonctionnalité nécessaires à la réalisation de votre SAE. Vous pouvez trouver plus d'informations dans la documentation en ligne à l'adresse https://scapy.readthedocs.io."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "1fc49e14",
|
||
"metadata": {},
|
||
"source": [
|
||
"# Configuration par défaut et protocoles supportés"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "a075e28b",
|
||
"metadata": {},
|
||
"source": [
|
||
"Scapy peut être utiliser selon 2 modes : en mode interactif depuis un terminal en tapant scapy ou dans un script ou un notebook Jupyter en Python. On importe la librairie scapy avec : **from scapy.all import ***.\n",
|
||
"\n",
|
||
"Les paramètres de configuration par défaut peuvent être visualisés et modifiés avec la commande conf.\n",
|
||
"\n",
|
||
"Remarque : on rappelle que les chaines de caractères formatées (aussi appelées f-strings) permettent d’inclure la valeur d’expressions Python dans des chaines de caractères en les préfixant avec f\" chaine {expression}\"."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "raw",
|
||
"id": "4ea7ce91-630f-4bb9-956a-e37c06562628",
|
||
"metadata": {},
|
||
"source": [
|
||
"conf.route.route"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 20,
|
||
"id": "f556e4de",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"La version de Scapy est 2.5.0.\n",
|
||
"\n",
|
||
"L'interface par défaut utilisée pour l'émission et la réception des paquets est en0.\n",
|
||
"\n",
|
||
"La table de routage utilisée est : \n",
|
||
" Network Netmask Gateway Iface Output IP Metric\n",
|
||
"0.0.0.0 0.0.0.0 10.122.8.1 en0 10.122.13.217 1 \n",
|
||
"10.122.11.250 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.13.217 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.13.223 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.13.241 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.8.0 255.255.248.0 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.8.1 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"10.122.8.1 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"127.0.0.0 255.0.0.0 0.0.0.0 lo0 127.0.0.1 1 \n",
|
||
"127.0.0.1 255.255.255.255 0.0.0.0 lo0 127.0.0.1 1 \n",
|
||
"169.254.0.0 255.255.0.0 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"169.254.41.232 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"169.254.82.62 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"224.0.0.0 240.0.0.0 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"224.0.0.251 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 \n",
|
||
"255.255.255.255 255.255.255.255 0.0.0.0 en0 10.122.13.217 1 .\n",
|
||
"\n",
|
||
"La passerelle par défaut est : 10.122.8.1\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"from scapy.all import *\n",
|
||
"import netifaces as ni\n",
|
||
"conf.iface = interface ='en0'\n",
|
||
"print(f\"La version de Scapy est {conf.version}.\")\n",
|
||
"print(f\"\\nL'interface par défaut utilisée pour l'émission et la réception des paquets est {interface}.\")\n",
|
||
"print(f\"\\nLa table de routage utilisée est : \\n {conf.route}.\")\n",
|
||
"print('\\nLa passerelle par défaut est :', conf.route.route(\"0.0.0.0\")[2])"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "3fa90f17",
|
||
"metadata": {},
|
||
"source": [
|
||
"\n",
|
||
"\n",
|
||
"Pour afficher la liste des commandes "
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 21,
|
||
"id": "73343d5d",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"IPID_count : Identify IP id values classes in a list of packets\n",
|
||
"arp_mitm : ARP MitM: poison 2 target's ARP cache\n",
|
||
"arpcachepoison : Poison targets' ARP cache\n",
|
||
"arping : Send ARP who-has requests to determine which hosts are up\n",
|
||
"arpleak : Exploit ARP leak flaws, like NetBSD-SA2017-002.\n",
|
||
"bind_layers : Bind 2 layers on some specific fields' values.\n",
|
||
"bridge_and_sniff : Forward traffic between interfaces if1 and if2, sniff and return\n",
|
||
"chexdump : Build a per byte hexadecimal representation\n",
|
||
"computeNIGroupAddr : Compute the NI group Address. Can take a FQDN as input parameter\n",
|
||
"corrupt_bits : Flip a given percentage (at least one bit) or number of bits\n",
|
||
"corrupt_bytes : Corrupt a given percentage (at least one byte) or number of bytes\n",
|
||
"defrag : defrag(plist) -> ([not fragmented], [defragmented],\n",
|
||
"defragment : defragment(plist) -> plist defragmented as much as possible \n",
|
||
"dhcp_request : Send a DHCP discover request and return the answer.\n",
|
||
"dyndns_add : Send a DNS add message to a nameserver for \"name\" to have a new \"rdata\"\n",
|
||
"dyndns_del : Send a DNS delete message to a nameserver for \"name\"\n",
|
||
"etherleak : Exploit Etherleak flaw\n",
|
||
"explore : Function used to discover the Scapy layers and protocols.\n",
|
||
"fletcher16_checkbytes : Calculates the Fletcher-16 checkbytes returned as 2 byte binary-string.\n",
|
||
"fletcher16_checksum : Calculates Fletcher-16 checksum of the given buffer.\n",
|
||
"fragleak : --\n",
|
||
"fragleak2 : --\n",
|
||
"fragment : Fragment a big IP datagram\n",
|
||
"fuzz : Transform a layer into a fuzzy layer by replacing some default values\n",
|
||
"getmacbyip : Return MAC address corresponding to a given IP address\n",
|
||
"getmacbyip6 : Returns the MAC address corresponding to an IPv6 address\n",
|
||
"hexdiff : Show differences between 2 binary strings, Packets...\n",
|
||
"hexdump : Build a tcpdump like hexadecimal view\n",
|
||
"hexedit : Run hexedit on a list of packets, then return the edited packets.\n",
|
||
"hexstr : Build a fancy tcpdump like hex from bytes.\n",
|
||
"import_hexcap : Imports a tcpdump like hexadecimal view\n",
|
||
"is_promisc : Try to guess if target is in Promisc mode. The target is provided by its ip.\n",
|
||
"linehexdump : Build an equivalent view of hexdump() on a single line\n",
|
||
"ls : List available layers, or infos on a given layer class or name.\n",
|
||
"neighsol : Sends and receive an ICMPv6 Neighbor Solicitation message\n",
|
||
"overlap_frag : Build overlapping fragments to bypass NIPS\n",
|
||
"promiscping : Send ARP who-has requests to determine which hosts are in promiscuous mode\n",
|
||
"rderf : Read a ERF file and return a packet list\n",
|
||
"rdpcap : Read a pcap or pcapng file and return a packet list\n",
|
||
"report_ports : portscan a target and output a LaTeX table\n",
|
||
"restart : Restarts scapy\n",
|
||
"rfc : Generate an RFC-like representation of a packet def.\n",
|
||
"send : Send packets at layer 3\n",
|
||
"sendp : Send packets at layer 2\n",
|
||
"sendpfast : Send packets at layer 2 using tcpreplay for performance\n",
|
||
"sniff : Sniff packets and return a list of packets.\n",
|
||
"split_layers : Split 2 layers previously bound.\n",
|
||
"sr : Send and receive packets at layer 3\n",
|
||
"sr1 : Send packets at layer 3 and return only the first answer\n",
|
||
"sr1flood : Flood and receive packets at layer 3 and return only the first answer\n",
|
||
"srbt : send and receive using a bluetooth socket\n",
|
||
"srbt1 : send and receive 1 packet using a bluetooth socket\n",
|
||
"srflood : Flood and receive packets at layer 3\n",
|
||
"srloop : Send a packet at layer 3 in loop and print the answer each time\n",
|
||
"srp : Send and receive packets at layer 2\n",
|
||
"srp1 : Send and receive packets at layer 2 and return only the first answer\n",
|
||
"srp1flood : Flood and receive packets at layer 2 and return only the first answer\n",
|
||
"srpflood : Flood and receive packets at layer 2\n",
|
||
"srploop : Send a packet at layer 2 in loop and print the answer each time\n",
|
||
"tcpdump : Run tcpdump or tshark on a list of packets.\n",
|
||
"tdecode : Run tshark on a list of packets.\n",
|
||
"traceroute : Instant TCP traceroute\n",
|
||
"traceroute6 : Instant TCP traceroute using IPv6\n",
|
||
"traceroute_map : Util function to call traceroute on multiple targets, then\n",
|
||
"tshark : Sniff packets and print them calling pkt.summary().\n",
|
||
"wireshark : Runs Wireshark on a list of packets.\n",
|
||
"wrerf : Write a list of packets to a ERF file\n",
|
||
"wrpcap : Write a list of packets to a pcap file\n",
|
||
"wrpcapng : Write a list of packets to a pcapng file\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"lsc()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "ad0e70e1",
|
||
"metadata": {},
|
||
"source": [
|
||
"Pour voir les protocoles pris en charge et la structure des données de protocole, utilisez la commande ls(protocole). Certains champs ont une valeur par défaut (par exemple 64 pour le ttl dans un paquet IP) :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 22,
|
||
"id": "fc9b3e0e",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"AD_AND_OR : None\n",
|
||
"AD_KDCIssued : None\n",
|
||
"AH : AH\n",
|
||
"AKMSuite : AKM suite\n",
|
||
"ARP : ARP\n",
|
||
"ASN1P_INTEGER : None\n",
|
||
"ASN1P_OID : None\n",
|
||
"ASN1P_PRIVSEQ : None\n",
|
||
"ASN1_Packet : None\n",
|
||
"ASN1_Packet : None\n",
|
||
"ATT_Error_Response : Error Response\n",
|
||
"ATT_Exchange_MTU_Request : Exchange MTU Request\n",
|
||
"ATT_Exchange_MTU_Response : Exchange MTU Response\n",
|
||
"ATT_Execute_Write_Request : Execute Write Request\n",
|
||
"ATT_Execute_Write_Response : Execute Write Response\n",
|
||
"ATT_Find_By_Type_Value_Request : Find By Type Value Request\n",
|
||
"ATT_Find_By_Type_Value_Response : Find By Type Value Response\n",
|
||
"ATT_Find_Information_Request : Find Information Request\n",
|
||
"ATT_Find_Information_Response : Find Information Response\n",
|
||
"ATT_Handle : ATT Short Handle\n",
|
||
"ATT_Handle_UUID128 : ATT Handle (UUID 128)\n",
|
||
"ATT_Handle_Value_Indication : Handle Value Indication\n",
|
||
"ATT_Handle_Value_Notification : Handle Value Notification\n",
|
||
"ATT_Handle_Variable : None\n",
|
||
"ATT_Hdr : ATT header\n",
|
||
"ATT_Prepare_Write_Request : Prepare Write Request\n",
|
||
"ATT_Prepare_Write_Response : Prepare Write Response\n",
|
||
"ATT_Read_Blob_Request : Read Blob Request\n",
|
||
"ATT_Read_Blob_Response : Read Blob Response\n",
|
||
"ATT_Read_By_Group_Type_Request : Read By Group Type Request\n",
|
||
"ATT_Read_By_Group_Type_Response : Read By Group Type Response\n",
|
||
"ATT_Read_By_Type_Request : Read By Type Request\n",
|
||
"ATT_Read_By_Type_Request_128bit : Read By Type Request\n",
|
||
"ATT_Read_By_Type_Response : Read By Type Response\n",
|
||
"ATT_Read_Multiple_Request : Read Multiple Request\n",
|
||
"ATT_Read_Multiple_Response : Read Multiple Response\n",
|
||
"ATT_Read_Request : Read Request\n",
|
||
"ATT_Read_Response : Read Response\n",
|
||
"ATT_Write_Command : Write Request\n",
|
||
"ATT_Write_Request : Write Request\n",
|
||
"ATT_Write_Response : Write Response\n",
|
||
"AV_PAIR : NTLM AV Pair\n",
|
||
"AttributeValueAssertion : None\n",
|
||
"AuthorizationData : None\n",
|
||
"AuthorizationDataItem : None\n",
|
||
"BOOTP : BOOTP\n",
|
||
"BTLE : BT4LE\n",
|
||
"BTLE_ADV : BTLE advertising header\n",
|
||
"BTLE_ADV_DIRECT_IND : BTLE ADV_DIRECT_IND\n",
|
||
"BTLE_ADV_IND : BTLE ADV_IND\n",
|
||
"BTLE_ADV_NONCONN_IND : BTLE ADV_NONCONN_IND\n",
|
||
"BTLE_ADV_SCAN_IND : BTLE ADV_SCAN_IND\n",
|
||
"BTLE_CONNECT_REQ : BTLE connect request\n",
|
||
"BTLE_CTRL : BTLE_CTRL\n",
|
||
"BTLE_DATA : BTLE data header\n",
|
||
"BTLE_EMPTY_PDU : Empty data PDU\n",
|
||
"BTLE_PPI : BTLE PPI header\n",
|
||
"BTLE_RF : BTLE RF info header\n",
|
||
"BTLE_SCAN_REQ : BTLE scan request\n",
|
||
"BTLE_SCAN_RSP : BTLE scan response\n",
|
||
"CLAIMS_ARRAY : None\n",
|
||
"CLAIMS_SET : None\n",
|
||
"CLAIMS_SET_METADATA : None\n",
|
||
"CLAIMS_SET_WRAP : None\n",
|
||
"CLAIM_ENTRY : None\n",
|
||
"CLDAP : None\n",
|
||
"CYPHER_BLOCK : None\n",
|
||
"CommonAuthVerifier : Common Authentication Verifier (sec_trailer)\n",
|
||
"CookedLinux : cooked linux\n",
|
||
"CookedLinuxV2 : cooked linux v2\n",
|
||
"DHCP : DHCP options\n",
|
||
"DHCP6 : DHCPv6 Generic Message\n",
|
||
"DHCP6OptAuth : DHCP6 Option - Authentication\n",
|
||
"DHCP6OptBCMCSDomains : DHCP6 Option - BCMCS Domain Name List\n",
|
||
"DHCP6OptBCMCSServers : DHCP6 Option - BCMCS Addresses List\n",
|
||
"DHCP6OptBootFileUrl : DHCP6 Boot File URL Option\n",
|
||
"DHCP6OptClientArchType : DHCP6 Client System Architecture Type Option\n",
|
||
"DHCP6OptClientFQDN : DHCP6 Option - Client FQDN\n",
|
||
"DHCP6OptClientId : DHCP6 Client Identifier Option\n",
|
||
"DHCP6OptClientLinkLayerAddr : DHCP6 Option - Client Link Layer address\n",
|
||
"DHCP6OptClientNetworkInterId : DHCP6 Client Network Interface Identifier Option\n",
|
||
"DHCP6OptDNSDomains : DHCP6 Option - Domain Search List option\n",
|
||
"DHCP6OptDNSServers : DHCP6 Option - DNS Recursive Name Server\n",
|
||
"DHCP6OptERPDomain : DHCP6 Option - ERP Domain Name List\n",
|
||
"DHCP6OptElapsedTime : DHCP6 Elapsed Time Option\n",
|
||
"DHCP6OptGeoConf : DHCP6 Option - Civic Location\n",
|
||
"DHCP6OptGeoConfElement : None\n",
|
||
"DHCP6OptIAAddress : DHCP6 IA Address Option (IA_TA or IA_NA suboption)\n",
|
||
"DHCP6OptIAPrefix : DHCP6 Option - IA Prefix option\n",
|
||
"DHCP6OptIA_NA : DHCP6 Identity Association for Non-temporary Addresses Option\n",
|
||
"DHCP6OptIA_PD : DHCP6 Option - Identity Association for Prefix Delegation\n",
|
||
"DHCP6OptIA_TA : DHCP6 Identity Association for Temporary Addresses Option\n",
|
||
"DHCP6OptIfaceId : DHCP6 Interface-Id Option\n",
|
||
"DHCP6OptInfoRefreshTime : DHCP6 Option - Information Refresh Time\n",
|
||
"DHCP6OptLQClientLink : DHCP6 Client Link Option\n",
|
||
"DHCP6OptMudUrl : DHCP6 Option - MUD URL\n",
|
||
"DHCP6OptNISDomain : DHCP6 Option - NIS Domain Name\n",
|
||
"DHCP6OptNISPDomain : DHCP6 Option - NIS+ Domain Name\n",
|
||
"DHCP6OptNISPServers : DHCP6 Option - NIS+ Servers\n",
|
||
"DHCP6OptNISServers : DHCP6 Option - NIS Servers\n",
|
||
"DHCP6OptNewPOSIXTimeZone : DHCP6 POSIX Timezone Option\n",
|
||
"DHCP6OptNewTZDBTimeZone : DHCP6 TZDB Timezone Option\n",
|
||
"DHCP6OptOptReq : DHCP6 Option Request Option\n",
|
||
"DHCP6OptPanaAuthAgent : DHCP6 PANA Authentication Agent Option\n",
|
||
"DHCP6OptPref : DHCP6 Preference Option\n",
|
||
"DHCP6OptRapidCommit : DHCP6 Rapid Commit Option\n",
|
||
"DHCP6OptReconfAccept : DHCP6 Reconfigure Accept Option\n",
|
||
"DHCP6OptReconfMsg : DHCP6 Reconfigure Message Option\n",
|
||
"DHCP6OptRelayAgentERO : DHCP6 Option - RelayRequest Option\n",
|
||
"DHCP6OptRelayMsg : DHCP6 Relay Message Option\n",
|
||
"DHCP6OptRelaySuppliedOpt : DHCP6 Relay-Supplied Options Option\n",
|
||
"DHCP6OptRemoteID : DHCP6 Option - Relay Agent Remote-ID\n",
|
||
"DHCP6OptSIPDomains : DHCP6 Option - SIP Servers Domain Name List\n",
|
||
"DHCP6OptSIPServers : DHCP6 Option - SIP Servers IPv6 Address List\n",
|
||
"DHCP6OptSNTPServers : DHCP6 option - SNTP Servers\n",
|
||
"DHCP6OptServerId : DHCP6 Server Identifier Option\n",
|
||
"DHCP6OptServerUnicast : DHCP6 Server Unicast Option\n",
|
||
"DHCP6OptStatusCode : DHCP6 Status Code Option\n",
|
||
"DHCP6OptSubscriberID : DHCP6 Option - Subscriber ID\n",
|
||
"DHCP6OptUnknown : Unknown DHCPv6 Option\n",
|
||
"DHCP6OptUserClass : DHCP6 User Class Option\n",
|
||
"DHCP6OptVSS : DHCP6 Option - Virtual Subnet Selection\n",
|
||
"DHCP6OptVendorClass : DHCP6 Vendor Class Option\n",
|
||
"DHCP6OptVendorSpecificInfo : DHCP6 Vendor-specific Information Option\n",
|
||
"DHCP6_Advertise : DHCPv6 Advertise Message\n",
|
||
"DHCP6_Confirm : DHCPv6 Confirm Message\n",
|
||
"DHCP6_Decline : DHCPv6 Decline Message\n",
|
||
"DHCP6_InfoRequest : DHCPv6 Information Request Message\n",
|
||
"DHCP6_Rebind : DHCPv6 Rebind Message\n",
|
||
"DHCP6_Reconf : DHCPv6 Reconfigure Message\n",
|
||
"DHCP6_RelayForward : DHCPv6 Relay Forward Message (Relay Agent/Server Message)\n",
|
||
"DHCP6_RelayReply : DHCPv6 Relay Reply Message (Relay Agent/Server Message)\n",
|
||
"DHCP6_Release : DHCPv6 Release Message\n",
|
||
"DHCP6_Renew : DHCPv6 Renew Message\n",
|
||
"DHCP6_Reply : DHCPv6 Reply Message\n",
|
||
"DHCP6_Request : DHCPv6 Request Message\n",
|
||
"DHCP6_Solicit : DHCPv6 Solicit Message\n",
|
||
"DHRepInfo : None\n",
|
||
"DIR_PPP : None\n",
|
||
"DNS : DNS\n",
|
||
"DNSQR : DNS Question Record\n",
|
||
"DNSRR : DNS Resource Record\n",
|
||
"DNSRRDLV : DNS DLV Resource Record\n",
|
||
"DNSRRDNSKEY : DNS DNSKEY Resource Record\n",
|
||
"DNSRRDS : DNS DS Resource Record\n",
|
||
"DNSRRMX : DNS MX Resource Record\n",
|
||
"DNSRRNSEC : DNS NSEC Resource Record\n",
|
||
"DNSRRNSEC3 : DNS NSEC3 Resource Record\n",
|
||
"DNSRRNSEC3PARAM : DNS NSEC3PARAM Resource Record\n",
|
||
"DNSRROPT : DNS OPT Resource Record\n",
|
||
"DNSRRRSIG : DNS RRSIG Resource Record\n",
|
||
"DNSRRSOA : DNS SOA Resource Record\n",
|
||
"DNSRRSRV : DNS SRV Resource Record\n",
|
||
"DNSRRTSIG : DNS TSIG Resource Record\n",
|
||
"DUID_EN : DUID - Assigned by Vendor Based on Enterprise Number\n",
|
||
"DUID_LL : DUID - Based on Link-layer Address\n",
|
||
"DUID_LLT : DUID - Link-layer address plus time\n",
|
||
"DUID_UUID : DUID - Based on UUID\n",
|
||
"DataPacket : Data Packet\n",
|
||
"DceRpc : None\n",
|
||
"DceRpc4 : DCE/RPC v4\n",
|
||
"DceRpc4Payload : None\n",
|
||
"DceRpc5 : DCE/RPC v5\n",
|
||
"DceRpc5AbstractSyntax : Presentation Syntax (p_syntax_id_t)\n",
|
||
"DceRpc5AlterContext : DCE/RPC v5 - AlterContext\n",
|
||
"DceRpc5AlterContextResp : DCE/RPC v5 - AlterContextResp\n",
|
||
"DceRpc5Auth3 : DCE/RPC v5 - Auth3\n",
|
||
"DceRpc5Bind : DCE/RPC v5 - Bind\n",
|
||
"DceRpc5BindAck : DCE/RPC v5 - Bind Ack\n",
|
||
"DceRpc5BindNak : DCE/RPC v5 - Bind Nak\n",
|
||
"DceRpc5Context : Presentation Context (p_cont_elem_t)\n",
|
||
"DceRpc5Fault : DCE/RPC v5 - Fault\n",
|
||
"DceRpc5PortAny : Port Any (port_any_t)\n",
|
||
"DceRpc5Request : DCE/RPC v5 - Request\n",
|
||
"DceRpc5Response : DCE/RPC v5 - Response\n",
|
||
"DceRpc5Result : Context negotiation Result\n",
|
||
"DceRpc5TransferSyntax : Presentation Transfer Syntax (p_syntax_id_t)\n",
|
||
"DceRpc5Version : version_t\n",
|
||
"Dot11 : 802.11\n",
|
||
"Dot11ATIM : 802.11 ATIM\n",
|
||
"Dot11Ack : 802.11 Ack packet\n",
|
||
"Dot11AssoReq : 802.11 Association Request\n",
|
||
"Dot11AssoResp : 802.11 Association Response\n",
|
||
"Dot11Auth : 802.11 Authentication\n",
|
||
"Dot11Beacon : 802.11 Beacon\n",
|
||
"Dot11CCMP : 802.11 CCMP packet\n",
|
||
"Dot11Deauth : 802.11 Deauthentication\n",
|
||
"Dot11Disas : 802.11 Disassociation\n",
|
||
"Dot11Elt : 802.11 Information Element\n",
|
||
"Dot11EltCountry : 802.11 Country\n",
|
||
"Dot11EltCountryConstraintTriplet : 802.11 Country Constraint Triplet\n",
|
||
"Dot11EltDSSSet : 802.11 DSSS Parameter Set\n",
|
||
"Dot11EltERP : 802.11 ERP\n",
|
||
"Dot11EltHTCapabilities : 802.11 HT Capabilities\n",
|
||
"Dot11EltMicrosoftWPA : 802.11 Microsoft WPA\n",
|
||
"Dot11EltRSN : 802.11 RSN information\n",
|
||
"Dot11EltRates : 802.11 Rates\n",
|
||
"Dot11EltVendorSpecific : 802.11 Vendor Specific\n",
|
||
"Dot11Encrypted : 802.11 Encrypted (unknown algorithm)\n",
|
||
"Dot11FCS : 802.11-FCS\n",
|
||
"Dot11ProbeReq : 802.11 Probe Request\n",
|
||
"Dot11ProbeResp : 802.11 Probe Response\n",
|
||
"Dot11QoS : 802.11 QoS\n",
|
||
"Dot11ReassoReq : 802.11 Reassociation Request\n",
|
||
"Dot11ReassoResp : 802.11 Reassociation Response\n",
|
||
"Dot11TKIP : 802.11 TKIP packet\n",
|
||
"Dot11WEP : 802.11 WEP packet\n",
|
||
"Dot15d4 : 802.15.4\n",
|
||
"Dot15d4Ack : 802.15.4 Ack\n",
|
||
"Dot15d4AuxSecurityHeader : 802.15.4 Auxiliary Security Header\n",
|
||
"Dot15d4Beacon : 802.15.4 Beacon\n",
|
||
"Dot15d4Cmd : 802.15.4 Command\n",
|
||
"Dot15d4CmdAssocReq : 802.15.4 Association Request Payload\n",
|
||
"Dot15d4CmdAssocResp : 802.15.4 Association Response Payload\n",
|
||
"Dot15d4CmdCoordRealign : 802.15.4 Coordinator Realign Command\n",
|
||
"Dot15d4CmdCoordRealignPage : 802.15.4 Coordinator Realign Page\n",
|
||
"Dot15d4CmdDisassociation : 802.15.4 Disassociation Notification Payload\n",
|
||
"Dot15d4CmdGTSReq : 802.15.4 GTS request command\n",
|
||
"Dot15d4Data : 802.15.4 Data\n",
|
||
"Dot15d4FCS : 802.15.4 - FCS\n",
|
||
"Dot1AD : 802_1AD\n",
|
||
"Dot1Q : 802.1Q\n",
|
||
"Dot3 : 802.3\n",
|
||
"EAP : EAP\n",
|
||
"EAPOL : EAPOL\n",
|
||
"EAP_FAST : EAP-FAST\n",
|
||
"EAP_MD5 : EAP-MD5\n",
|
||
"EAP_PEAP : PEAP\n",
|
||
"EAP_TLS : EAP-TLS\n",
|
||
"EAP_TTLS : EAP-TTLS\n",
|
||
"ECCurve : None\n",
|
||
"ECDSAPrivateKey : None\n",
|
||
"ECDSAPrivateKey_OpenSSL : ECDSA Params + Private Key\n",
|
||
"ECDSAPublicKey : None\n",
|
||
"ECDSASignature : None\n",
|
||
"ECFieldID : None\n",
|
||
"ECParameters : None\n",
|
||
"ECSpecifiedDomain : None\n",
|
||
"EDNS0ClientSubnet : DNS EDNS0 Client Subnet\n",
|
||
"EDNS0TLV : DNS EDNS0 TLV\n",
|
||
"EIR_CompleteList128BitServiceUUIDs : Complete list of 128-bit service UUIDs\n",
|
||
"EIR_CompleteList16BitServiceUUIDs : Complete list of 16-bit service UUIDs\n",
|
||
"EIR_CompleteLocalName : Complete Local Name\n",
|
||
"EIR_Device_ID : Device ID\n",
|
||
"EIR_Element : EIR Element\n",
|
||
"EIR_Flags : Flags\n",
|
||
"EIR_Hdr : EIR Header\n",
|
||
"EIR_IncompleteList128BitServiceUUIDs : Incomplete list of 128-bit service UUIDs\n",
|
||
"EIR_IncompleteList16BitServiceUUIDs : Incomplete list of 16-bit service UUIDs\n",
|
||
"EIR_Manufacturer_Specific_Data : EIR Manufacturer Specific Data\n",
|
||
"EIR_Raw : EIR Raw\n",
|
||
"EIR_ServiceData16BitUUID : EIR Service Data - 16-bit UUID\n",
|
||
"EIR_ShortenedLocalName : Shortened Local Name\n",
|
||
"EIR_TX_Power_Level : TX Power Level\n",
|
||
"EPacket : None\n",
|
||
"ESP : ESP\n",
|
||
"ETYPE_INFO : None\n",
|
||
"ETYPE_INFO2 : None\n",
|
||
"ETYPE_INFO_ENTRY : None\n",
|
||
"ETYPE_INFO_ENTRY2 : None\n",
|
||
"EncASRepPart : None\n",
|
||
"EncKeyPack : None\n",
|
||
"EncTGSRepPart : None\n",
|
||
"EncTicketPart : None\n",
|
||
"EncryptedData : None\n",
|
||
"EncryptionKey : None\n",
|
||
"EndpointFlagsPacket : RTPS Endpoint Builtin Endpoint Flags\n",
|
||
"Ether : Ethernet\n",
|
||
"EtherCat : None\n",
|
||
"EtherCatAPRD : None\n",
|
||
"EtherCatAPRW : None\n",
|
||
"EtherCatAPWR : None\n",
|
||
"EtherCatARMW : None\n",
|
||
"EtherCatBRD : None\n",
|
||
"EtherCatBRW : None\n",
|
||
"EtherCatBWR : None\n",
|
||
"EtherCatFPRD : None\n",
|
||
"EtherCatFPRW : None\n",
|
||
"EtherCatFPWR : None\n",
|
||
"EtherCatFRMW : None\n",
|
||
"EtherCatLRD : None\n",
|
||
"EtherCatLRW : None\n",
|
||
"EtherCatLWR : None\n",
|
||
"EtherCatType12DLPDU : None\n",
|
||
"ExternalPrincipalIdentifier : None\n",
|
||
"FILETIME : None\n",
|
||
"FILE_GET_QUOTA_INFORMATION : None\n",
|
||
"FILE_ID_BOTH_DIR_INFORMATION : None\n",
|
||
"FileEaInformation : None\n",
|
||
"FileFsAttributeInformation : None\n",
|
||
"FileFsSizeInformation : None\n",
|
||
"FileFsVolumeInformation : None\n",
|
||
"FileIdBothDirectoryInformation : None\n",
|
||
"FileInternalInformation : None\n",
|
||
"FileNetworkOpenInformation : None\n",
|
||
"FileStandardInformation : None\n",
|
||
"FileStreamInformation : None\n",
|
||
"GPRS : GPRSdummy\n",
|
||
"GRE : GRE\n",
|
||
"GRE_PPTP : GRE PPTP\n",
|
||
"GRErouting : GRE routing information\n",
|
||
"GSSAPI_BLOB : None\n",
|
||
"GUIDPacket : RTPS GUID\n",
|
||
"GUIDPrefixPacket : RTPS GUID Prefix\n",
|
||
"HAO : Home Address Option\n",
|
||
"HBHOptUnknown : Scapy6 Unknown Option\n",
|
||
"HCI_ACL_Hdr : HCI ACL header\n",
|
||
"HCI_Cmd_Complete_LE_Read_White_List_Size : LE Read White List Size\n",
|
||
"HCI_Cmd_Complete_Read_BD_Addr : Read BD Addr\n",
|
||
"HCI_Cmd_Connect_Accept_Timeout : Connection Attempt Timeout\n",
|
||
"HCI_Cmd_Disconnect : Disconnect\n",
|
||
"HCI_Cmd_LE_Add_Device_To_White_List : LE Add Device to White List\n",
|
||
"HCI_Cmd_LE_Clear_White_List : LE Clear White List\n",
|
||
"HCI_Cmd_LE_Connection_Update : LE Connection Update\n",
|
||
"HCI_Cmd_LE_Create_Connection : LE Create Connection\n",
|
||
"HCI_Cmd_LE_Create_Connection_Cancel : LE Create Connection Cancel\n",
|
||
"HCI_Cmd_LE_Host_Supported : LE Host Supported\n",
|
||
"HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply : LE Long Term Key Request Negative Reply\n",
|
||
"HCI_Cmd_LE_Long_Term_Key_Request_Reply : LE Long Term Key Request Reply\n",
|
||
"HCI_Cmd_LE_Read_Buffer_Size : LE Read Buffer Size\n",
|
||
"HCI_Cmd_LE_Read_Remote_Used_Features : LE Read Remote Used Features\n",
|
||
"HCI_Cmd_LE_Read_White_List_Size : LE Read White List Size\n",
|
||
"HCI_Cmd_LE_Remove_Device_From_White_List : LE Remove Device from White List\n",
|
||
"HCI_Cmd_LE_Set_Advertise_Enable : LE Set Advertise Enable\n",
|
||
"HCI_Cmd_LE_Set_Advertising_Data : LE Set Advertising Data\n",
|
||
"HCI_Cmd_LE_Set_Advertising_Parameters : LE Set Advertising Parameters\n",
|
||
"HCI_Cmd_LE_Set_Random_Address : LE Set Random Address\n",
|
||
"HCI_Cmd_LE_Set_Scan_Enable : LE Set Scan Enable\n",
|
||
"HCI_Cmd_LE_Set_Scan_Parameters : LE Set Scan Parameters\n",
|
||
"HCI_Cmd_LE_Set_Scan_Response_Data : LE Set Scan Response Data\n",
|
||
"HCI_Cmd_LE_Start_Encryption_Request : LE Start Encryption\n",
|
||
"HCI_Cmd_Read_BD_Addr : Read BD Addr\n",
|
||
"HCI_Cmd_Reset : Reset\n",
|
||
"HCI_Cmd_Set_Event_Filter : Set Event Filter\n",
|
||
"HCI_Cmd_Set_Event_Mask : Set Event Mask\n",
|
||
"HCI_Cmd_Write_Extended_Inquiry_Response : Write Extended Inquiry Response\n",
|
||
"HCI_Cmd_Write_Local_Name : None\n",
|
||
"HCI_Command_Hdr : HCI Command header\n",
|
||
"HCI_Event_Command_Complete : Command Complete\n",
|
||
"HCI_Event_Command_Status : Command Status\n",
|
||
"HCI_Event_Disconnection_Complete : Disconnection Complete\n",
|
||
"HCI_Event_Encryption_Change : Encryption Change\n",
|
||
"HCI_Event_Hdr : HCI Event header\n",
|
||
"HCI_Event_LE_Meta : LE Meta\n",
|
||
"HCI_Event_Number_Of_Completed_Packets : Number Of Completed Packets\n",
|
||
"HCI_Hdr : HCI header\n",
|
||
"HCI_LE_Meta_Advertising_Report : Advertising Report\n",
|
||
"HCI_LE_Meta_Advertising_Reports : Advertising Reports\n",
|
||
"HCI_LE_Meta_Connection_Complete : Connection Complete\n",
|
||
"HCI_LE_Meta_Connection_Update_Complete : Connection Update Complete\n",
|
||
"HCI_LE_Meta_Long_Term_Key_Request : Long Term Key Request\n",
|
||
"HCI_PHDR_Hdr : HCI PHDR transport layer\n",
|
||
"HDLC : None\n",
|
||
"HSRP : HSRP\n",
|
||
"HSRPmd5 : HSRP MD5 Authentication\n",
|
||
"HostAddress : None\n",
|
||
"ICMP : ICMP\n",
|
||
"ICMPerror : ICMP in ICMP\n",
|
||
"ICMPv6DestUnreach : ICMPv6 Destination Unreachable\n",
|
||
"ICMPv6EchoReply : ICMPv6 Echo Reply\n",
|
||
"ICMPv6EchoRequest : ICMPv6 Echo Request\n",
|
||
"ICMPv6HAADReply : ICMPv6 Home Agent Address Discovery Reply\n",
|
||
"ICMPv6HAADRequest : ICMPv6 Home Agent Address Discovery Request\n",
|
||
"ICMPv6MLDMultAddrRec : ICMPv6 MLDv2 - Multicast Address Record\n",
|
||
"ICMPv6MLDone : MLD - Multicast Listener Done\n",
|
||
"ICMPv6MLQuery : MLD - Multicast Listener Query\n",
|
||
"ICMPv6MLQuery2 : MLDv2 - Multicast Listener Query\n",
|
||
"ICMPv6MLReport : MLD - Multicast Listener Report\n",
|
||
"ICMPv6MLReport2 : MLDv2 - Multicast Listener Report\n",
|
||
"ICMPv6MPAdv : ICMPv6 Mobile Prefix Advertisement\n",
|
||
"ICMPv6MPSol : ICMPv6 Mobile Prefix Solicitation\n",
|
||
"ICMPv6MRD_Advertisement : ICMPv6 Multicast Router Discovery Advertisement\n",
|
||
"ICMPv6MRD_Solicitation : ICMPv6 Multicast Router Discovery Solicitation\n",
|
||
"ICMPv6MRD_Termination : ICMPv6 Multicast Router Discovery Termination\n",
|
||
"ICMPv6NDOptAdvInterval : ICMPv6 Neighbor Discovery - Interval Advertisement\n",
|
||
"ICMPv6NDOptDNSSL : ICMPv6 Neighbor Discovery Option - DNS Search List Option\n",
|
||
"ICMPv6NDOptDstLLAddr : ICMPv6 Neighbor Discovery Option - Destination Link-Layer Address\n",
|
||
"ICMPv6NDOptEFA : ICMPv6 Neighbor Discovery Option - Expanded Flags Option\n",
|
||
"ICMPv6NDOptHAInfo : ICMPv6 Neighbor Discovery - Home Agent Information\n",
|
||
"ICMPv6NDOptIPAddr : ICMPv6 Neighbor Discovery - IP Address Option (FH for MIPv6)\n",
|
||
"ICMPv6NDOptLLA : ICMPv6 Neighbor Discovery - Link-Layer Address (LLA) Option (FH for MIPv6)\n",
|
||
"ICMPv6NDOptMAP : ICMPv6 Neighbor Discovery - MAP Option\n",
|
||
"ICMPv6NDOptMTU : ICMPv6 Neighbor Discovery Option - MTU\n",
|
||
"ICMPv6NDOptNewRtrPrefix : ICMPv6 Neighbor Discovery - New Router Prefix Information Option (FH for MIPv6)\n",
|
||
"ICMPv6NDOptPrefixInfo : ICMPv6 Neighbor Discovery Option - Prefix Information\n",
|
||
"ICMPv6NDOptRDNSS : ICMPv6 Neighbor Discovery Option - Recursive DNS Server Option\n",
|
||
"ICMPv6NDOptRedirectedHdr : ICMPv6 Neighbor Discovery Option - Redirected Header\n",
|
||
"ICMPv6NDOptRouteInfo : ICMPv6 Neighbor Discovery Option - Route Information Option\n",
|
||
"ICMPv6NDOptShortcutLimit : ICMPv6 Neighbor Discovery Option - NBMA Shortcut Limit\n",
|
||
"ICMPv6NDOptSrcAddrList : ICMPv6 Inverse Neighbor Discovery Option - Source Address List\n",
|
||
"ICMPv6NDOptSrcLLAddr : ICMPv6 Neighbor Discovery Option - Source Link-Layer Address\n",
|
||
"ICMPv6NDOptTgtAddrList : ICMPv6 Inverse Neighbor Discovery Option - Target Address List\n",
|
||
"ICMPv6NDOptUnknown : ICMPv6 Neighbor Discovery Option - Scapy Unimplemented\n",
|
||
"ICMPv6ND_INDAdv : ICMPv6 Inverse Neighbor Discovery Advertisement\n",
|
||
"ICMPv6ND_INDSol : ICMPv6 Inverse Neighbor Discovery Solicitation\n",
|
||
"ICMPv6ND_NA : ICMPv6 Neighbor Discovery - Neighbor Advertisement\n",
|
||
"ICMPv6ND_NS : ICMPv6 Neighbor Discovery - Neighbor Solicitation\n",
|
||
"ICMPv6ND_RA : ICMPv6 Neighbor Discovery - Router Advertisement\n",
|
||
"ICMPv6ND_RS : ICMPv6 Neighbor Discovery - Router Solicitation\n",
|
||
"ICMPv6ND_Redirect : ICMPv6 Neighbor Discovery - Redirect\n",
|
||
"ICMPv6NIQueryIPv4 : ICMPv6 Node Information Query - IPv4 Address Query\n",
|
||
"ICMPv6NIQueryIPv6 : ICMPv6 Node Information Query - IPv6 Address Query\n",
|
||
"ICMPv6NIQueryNOOP : ICMPv6 Node Information Query - NOOP Query\n",
|
||
"ICMPv6NIQueryName : ICMPv6 Node Information Query - IPv6 Name Query\n",
|
||
"ICMPv6NIReplyIPv4 : ICMPv6 Node Information Reply - IPv4 addresses\n",
|
||
"ICMPv6NIReplyIPv6 : ICMPv6 Node Information Reply - IPv6 addresses\n",
|
||
"ICMPv6NIReplyNOOP : ICMPv6 Node Information Reply - NOOP Reply\n",
|
||
"ICMPv6NIReplyName : ICMPv6 Node Information Reply - Node Names\n",
|
||
"ICMPv6NIReplyRefuse : ICMPv6 Node Information Reply - Responder refuses to supply answer\n",
|
||
"ICMPv6NIReplyUnknown : ICMPv6 Node Information Reply - Qtype unknown to the responder\n",
|
||
"ICMPv6PacketTooBig : ICMPv6 Packet Too Big\n",
|
||
"ICMPv6ParamProblem : ICMPv6 Parameter Problem\n",
|
||
"ICMPv6RPL : RPL\n",
|
||
"ICMPv6TimeExceeded : ICMPv6 Time Exceeded\n",
|
||
"ICMPv6Unknown : Scapy6 ICMPv6 fallback class\n",
|
||
"IP : IP\n",
|
||
"IPOption : IP Option\n",
|
||
"IPOption_Address_Extension : IP Option Address Extension\n",
|
||
"IPOption_EOL : IP Option End of Options List\n",
|
||
"IPOption_LSRR : IP Option Loose Source and Record Route\n",
|
||
"IPOption_MTU_Probe : IP Option MTU Probe\n",
|
||
"IPOption_MTU_Reply : IP Option MTU Reply\n",
|
||
"IPOption_NOP : IP Option No Operation\n",
|
||
"IPOption_RR : IP Option Record Route\n",
|
||
"IPOption_Router_Alert : IP Option Router Alert\n",
|
||
"IPOption_SDBM : IP Option Selective Directed Broadcast Mode\n",
|
||
"IPOption_SSRR : IP Option Strict Source and Record Route\n",
|
||
"IPOption_Security : IP Option Security\n",
|
||
"IPOption_Stream_Id : IP Option Stream ID\n",
|
||
"IPOption_Timestamp : IP Option Timestamp\n",
|
||
"IPOption_Traceroute : IP Option Traceroute\n",
|
||
"IPerror : IP in ICMP\n",
|
||
"IPerror6 : IPv6 in ICMPv6\n",
|
||
"IPv46 : IP\n",
|
||
"IPv6 : IPv6\n",
|
||
"IPv6ExtHdrDestOpt : IPv6 Extension Header - Destination Options Header\n",
|
||
"IPv6ExtHdrFragment : IPv6 Extension Header - Fragmentation header\n",
|
||
"IPv6ExtHdrHopByHop : IPv6 Extension Header - Hop-by-Hop Options Header\n",
|
||
"IPv6ExtHdrRouting : IPv6 Option Header Routing\n",
|
||
"IPv6ExtHdrSegmentRouting : IPv6 Option Header Segment Routing\n",
|
||
"IPv6ExtHdrSegmentRoutingTLV : IPv6 Option Header Segment Routing - Generic TLV\n",
|
||
"IPv6ExtHdrSegmentRoutingTLVEgressNode : IPv6 Option Header Segment Routing - Egress Node TLV\n",
|
||
"IPv6ExtHdrSegmentRoutingTLVHMAC : IPv6 Option Header Segment Routing - HMAC TLV\n",
|
||
"IPv6ExtHdrSegmentRoutingTLVIngressNode : IPv6 Option Header Segment Routing - Ingress Node TLV\n",
|
||
"IPv6ExtHdrSegmentRoutingTLVPad1 : IPv6 Option Header Segment Routing - Pad1 TLV\n",
|
||
"IPv6ExtHdrSegmentRoutingTLVPadN : IPv6 Option Header Segment Routing - PadN TLV\n",
|
||
"ISAKMP : ISAKMP\n",
|
||
"ISAKMP_class : None\n",
|
||
"ISAKMP_payload : ISAKMP payload\n",
|
||
"ISAKMP_payload_Hash : ISAKMP Hash\n",
|
||
"ISAKMP_payload_ID : ISAKMP Identification\n",
|
||
"ISAKMP_payload_KE : ISAKMP Key Exchange\n",
|
||
"ISAKMP_payload_Nonce : ISAKMP Nonce\n",
|
||
"ISAKMP_payload_Proposal : IKE proposal\n",
|
||
"ISAKMP_payload_SA : ISAKMP SA\n",
|
||
"ISAKMP_payload_Transform : IKE Transform\n",
|
||
"ISAKMP_payload_VendorID : ISAKMP Vendor ID\n",
|
||
"InheritOriginDNSStrPacket : None\n",
|
||
"InlineQoSPacket : Inline QoS\n",
|
||
"IrLAPCommand : IrDA Link Access Protocol Command\n",
|
||
"IrLAPHead : IrDA Link Access Protocol Header\n",
|
||
"IrLMP : IrDA Link Management Protocol\n",
|
||
"Jumbo : Jumbo Payload\n",
|
||
"KERB_VALIDATION_INFO : None\n",
|
||
"KERB_VALIDATION_INFO_WRAP : None\n",
|
||
"KRB5_GSS : None\n",
|
||
"KRB5_GSS_Delete_sec_context_RFC1964 : Kerberos v5 GSS_Delete_sec_context (RFC1964)\n",
|
||
"KRB5_GSS_GetMIC : Kerberos v5 GSS_GetMIC\n",
|
||
"KRB5_GSS_GetMIC_RFC1964 : Kerberos v5 GSS_GetMIC (RFC1964)\n",
|
||
"KRB5_GSS_Wrap : Kerberos v5 GSS_Wrap\n",
|
||
"KRB5_GSS_Wrap_RFC1964 : Kerberos v5 GSS_Wrap (RFC1964)\n",
|
||
"KRB5_InitialContextToken_innerContextToken : Kerberos v5 InitialContextToken innerContextToken (RFC1964)\n",
|
||
"KRB_AP_REP : None\n",
|
||
"KRB_AP_REQ : None\n",
|
||
"KRB_AS_REP : None\n",
|
||
"KRB_AS_REQ : None\n",
|
||
"KRB_Authenticator : None\n",
|
||
"KRB_ERROR : None\n",
|
||
"KRB_InitialContextToken : Kerberos v5 InitialContextToken (RFC1964)\n",
|
||
"KRB_KDC_REQ_BODY : None\n",
|
||
"KRB_TGS_REP : None\n",
|
||
"KRB_TGS_REQ : None\n",
|
||
"KRB_Ticket : None\n",
|
||
"Kerberos : None\n",
|
||
"KerberosTCPHeader : None\n",
|
||
"KrbFastArmor : None\n",
|
||
"KrbFastArmoredRep : None\n",
|
||
"KrbFastArmoredReq : None\n",
|
||
"KrbFastFinished : None\n",
|
||
"KrbFastReq : None\n",
|
||
"KrbFastResponse : None\n",
|
||
"L2CAP_CmdHdr : L2CAP command header\n",
|
||
"L2CAP_CmdRej : L2CAP Command Rej\n",
|
||
"L2CAP_ConfReq : L2CAP Conf Req\n",
|
||
"L2CAP_ConfResp : L2CAP Conf Resp\n",
|
||
"L2CAP_ConnReq : L2CAP Conn Req\n",
|
||
"L2CAP_ConnResp : L2CAP Conn Resp\n",
|
||
"L2CAP_Connection_Parameter_Update_Request : L2CAP Connection Parameter Update Request\n",
|
||
"L2CAP_Connection_Parameter_Update_Response : L2CAP Connection Parameter Update Response\n",
|
||
"L2CAP_DisconnReq : L2CAP Disconn Req\n",
|
||
"L2CAP_DisconnResp : L2CAP Disconn Resp\n",
|
||
"L2CAP_Hdr : L2CAP header\n",
|
||
"L2CAP_InfoReq : L2CAP Info Req\n",
|
||
"L2CAP_InfoResp : L2CAP Info Resp\n",
|
||
"L2TP : L2TP\n",
|
||
"LDAP : None\n",
|
||
"LDAPReferral : None\n",
|
||
"LDAP_AbandonRequest : None\n",
|
||
"LDAP_BindRequest : None\n",
|
||
"LDAP_BindResponse : None\n",
|
||
"LDAP_Control : None\n",
|
||
"LDAP_Filter : None\n",
|
||
"LDAP_FilterAnd : None\n",
|
||
"LDAP_FilterOr : None\n",
|
||
"LDAP_FilterPresent : None\n",
|
||
"LDAP_SaslCredentials : None\n",
|
||
"LDAP_SearchRequest : None\n",
|
||
"LDAP_SearchRequestAttribute : None\n",
|
||
"LDAP_SearchResponseEntry : None\n",
|
||
"LDAP_SearchResponseEntryAttribute : None\n",
|
||
"LDAP_SearchResponseEntryAttributeValue : None\n",
|
||
"LDAP_SearchResponseResultCode : None\n",
|
||
"LDAP_SubstringFilter : None\n",
|
||
"LDAP_SubstringFilterAny : None\n",
|
||
"LDAP_SubstringFilterFinal : None\n",
|
||
"LDAP_SubstringFilterInitial : None\n",
|
||
"LDAP_SubstringFilterStr : None\n",
|
||
"LDAP_UnbindRequest : None\n",
|
||
"LEAP : Cisco LEAP\n",
|
||
"LLC : LLC\n",
|
||
"LLMNRQuery : Link Local Multicast Node Resolution - Query\n",
|
||
"LLMNRResponse : Link Local Multicast Node Resolution - Response\n",
|
||
"LLTD : LLTD\n",
|
||
"LLTDAttribute : LLTD Attribute\n",
|
||
"LLTDAttribute80211MaxRate : LLTD Attribute - 802.11 Max Rate\n",
|
||
"LLTDAttribute80211PhysicalMedium : LLTD Attribute - 802.11 Physical Medium\n",
|
||
"LLTDAttributeCharacteristics : LLTD Attribute - Characteristics\n",
|
||
"LLTDAttributeDeviceUUID : LLTD Attribute - Device UUID\n",
|
||
"LLTDAttributeEOP : LLTD Attribute - End Of Property\n",
|
||
"LLTDAttributeHostID : LLTD Attribute - Host ID\n",
|
||
"LLTDAttributeIPv4Address : LLTD Attribute - IPv4 Address\n",
|
||
"LLTDAttributeIPv6Address : LLTD Attribute - IPv6 Address\n",
|
||
"LLTDAttributeLargeTLV : LLTD Attribute - Large TLV\n",
|
||
"LLTDAttributeLinkSpeed : LLTD Attribute - Link Speed\n",
|
||
"LLTDAttributeMachineName : LLTD Attribute - Machine Name\n",
|
||
"LLTDAttributePerformanceCounterFrequency : LLTD Attribute - Performance Counter Frequency\n",
|
||
"LLTDAttributePhysicalMedium : LLTD Attribute - Physical Medium\n",
|
||
"LLTDAttributeQOSCharacteristics : LLTD Attribute - QoS Characteristics\n",
|
||
"LLTDAttributeSeesList : LLTD Attribute - Sees List Working Set\n",
|
||
"LLTDDiscover : LLTD - Discover\n",
|
||
"LLTDEmit : LLTD - Emit\n",
|
||
"LLTDEmiteeDesc : LLTD - Emitee Desc\n",
|
||
"LLTDHello : LLTD - Hello\n",
|
||
"LLTDQueryLargeTlv : LLTD - Query Large Tlv\n",
|
||
"LLTDQueryLargeTlvResp : LLTD - Query Large Tlv Response\n",
|
||
"LLTDQueryResp : LLTD - Query Response\n",
|
||
"LLTDRecveeDesc : LLTD - Recvee Desc\n",
|
||
"LL_CHANNEL_MAP_IND : LL_CHANNEL_MAP_IND\n",
|
||
"LL_CONNECTION_PARAM_REQ : LL_CONNECTION_PARAM_REQ\n",
|
||
"LL_CONNECTION_PARAM_RSP : LL_CONNECTION_PARAM_RSP\n",
|
||
"LL_CONNECTION_UPDATE_IND : LL_CONNECTION_UPDATE_IND\n",
|
||
"LL_ENC_REQ : LL_ENC_REQ\n",
|
||
"LL_ENC_RSP : LL_ENC_RSP\n",
|
||
"LL_FEATURE_REQ : LL_FEATURE_REQ\n",
|
||
"LL_FEATURE_RSP : LL_FEATURE_RSP\n",
|
||
"LL_LENGTH_REQ : LL_LENGTH_REQ\n",
|
||
"LL_LENGTH_RSP : LL_LENGTH_RSP\n",
|
||
"LL_MIN_USED_CHANNELS_IND : LL_MIN_USED_CHANNELS_IND\n",
|
||
"LL_PAUSE_ENC_REQ : LL_PAUSE_ENC_REQ\n",
|
||
"LL_PAUSE_ENC_RSP : LL_PAUSE_ENC_RSP\n",
|
||
"LL_PHY_REQ : LL_PHY_REQ\n",
|
||
"LL_PHY_RSP : LL_PHY_RSP\n",
|
||
"LL_PHY_UPDATE_IND : LL_PHY_UPDATE_IND\n",
|
||
"LL_PING_REQ : LL_PING_REQ\n",
|
||
"LL_PING_RSP : LL_PING_RSP\n",
|
||
"LL_REJECT_EXT_IND : LL_REJECT_EXT_IND\n",
|
||
"LL_REJECT_IND : LL_REJECT_IND\n",
|
||
"LL_SLAVE_FEATURE_REQ : LL_SLAVE_FEATURE_REQ\n",
|
||
"LL_START_ENC_REQ : LL_START_ENC_REQ\n",
|
||
"LL_START_ENC_RSP : LL_START_ENC_RSP\n",
|
||
"LL_TERMINATE_IND : LL_TERMINATE_IND\n",
|
||
"LL_UNKNOWN_RSP : LL_UNKNOWN_RSP\n",
|
||
"LL_VERSION_IND : LL_VERSION_IND\n",
|
||
"LM_RESPONSE : None\n",
|
||
"LMv2_RESPONSE : None\n",
|
||
"LastReqItem : None\n",
|
||
"LeaseDurationPacket : Lease Duration\n",
|
||
"LinkStatusEntry : ZigBee Link Status Entry\n",
|
||
"LinuxTunIfReq : None\n",
|
||
"LinuxTunPacketInfo : None\n",
|
||
"LoWPANBroadcast : 6LoWPAN Broadcast\n",
|
||
"LoWPANFragmentationFirst : 6LoWPAN First Fragmentation Packet\n",
|
||
"LoWPANFragmentationSubsequent : 6LoWPAN Subsequent Fragmentation Packet\n",
|
||
"LoWPANMesh : 6LoWPAN Mesh Packet\n",
|
||
"LoWPANUncompressedIPv6 : 6LoWPAN Uncompressed IPv6\n",
|
||
"LoWPAN_HC1 : LoWPAN_HC1 Compressed IPv6\n",
|
||
"LoWPAN_HC2_UDP : 6LoWPAN HC1 UDP encoding\n",
|
||
"LoWPAN_IPHC : LoWPAN IP Header Compression Packet\n",
|
||
"LoWPAN_NHC : LOWPAN_NHC\n",
|
||
"LoWPAN_NHC_Hdr : None\n",
|
||
"LoWPAN_NHC_IPv6Ext : None\n",
|
||
"LoWPAN_NHC_UDP : None\n",
|
||
"LocatorPacket : RTPS Locator\n",
|
||
"Loopback : Loopback\n",
|
||
"MACsecSCI : SCI\n",
|
||
"MGCP : MGCP\n",
|
||
"MIP6MH_BA : IPv6 Mobility Header - Binding ACK\n",
|
||
"MIP6MH_BE : IPv6 Mobility Header - Binding Error\n",
|
||
"MIP6MH_BRR : IPv6 Mobility Header - Binding Refresh Request\n",
|
||
"MIP6MH_BU : IPv6 Mobility Header - Binding Update\n",
|
||
"MIP6MH_CoT : IPv6 Mobility Header - Care-of Test\n",
|
||
"MIP6MH_CoTI : IPv6 Mobility Header - Care-of Test Init\n",
|
||
"MIP6MH_Generic : IPv6 Mobility Header - Generic Message\n",
|
||
"MIP6MH_HoT : IPv6 Mobility Header - Home Test\n",
|
||
"MIP6MH_HoTI : IPv6 Mobility Header - Home Test Init\n",
|
||
"MIP6OptAltCoA : MIPv6 Option - Alternate Care-of Address\n",
|
||
"MIP6OptBRAdvice : Mobile IPv6 Option - Binding Refresh Advice\n",
|
||
"MIP6OptBindingAuthData : MIPv6 Option - Binding Authorization Data\n",
|
||
"MIP6OptCGAParams : MIPv6 option - CGA Parameters\n",
|
||
"MIP6OptCGAParamsReq : MIPv6 option - CGA Parameters Request\n",
|
||
"MIP6OptCareOfTest : MIPv6 option - Care-of Test\n",
|
||
"MIP6OptCareOfTestInit : MIPv6 option - Care-of Test Init\n",
|
||
"MIP6OptHomeKeygenToken : MIPv6 option - Home Keygen Token\n",
|
||
"MIP6OptLLAddr : MIPv6 Option - Link-Layer Address (MH-LLA)\n",
|
||
"MIP6OptMNID : MIPv6 Option - Mobile Node Identifier\n",
|
||
"MIP6OptMobNetPrefix : NEMO Option - Mobile Network Prefix\n",
|
||
"MIP6OptMsgAuth : MIPv6 Option - Mobility Message Authentication\n",
|
||
"MIP6OptNonceIndices : MIPv6 Option - Nonce Indices\n",
|
||
"MIP6OptReplayProtection : MIPv6 option - Replay Protection\n",
|
||
"MIP6OptSignature : MIPv6 option - Signature\n",
|
||
"MIP6OptUnknown : Scapy6 - Unknown Mobility Option\n",
|
||
"MKABasicParamSet : Basic Parameter Set\n",
|
||
"MKADistributedCAKParamSet : Distributed CAK parameter set\n",
|
||
"MKADistributedSAKParamSet : Distributed SAK parameter set\n",
|
||
"MKAICVSet : ICV\n",
|
||
"MKALivePeerListParamSet : Live Peer List Parameter Set\n",
|
||
"MKAPDU : MKPDU\n",
|
||
"MKAParamSet : None\n",
|
||
"MKAPeerListTuple : Peer List Tuple\n",
|
||
"MKAPotentialPeerListParamSet : Potential Peer List Parameter Set\n",
|
||
"MKASAKUseParamSet : SAK Use Parameter Set\n",
|
||
"MPacketPreamble : MPacket Preamble\n",
|
||
"MethodData : None\n",
|
||
"MobileIP : Mobile IP (RFC3344)\n",
|
||
"MobileIPRRP : Mobile IP Registration Reply (RFC3344)\n",
|
||
"MobileIPRRQ : Mobile IP Registration Request (RFC3344)\n",
|
||
"MobileIPTunnelData : Mobile IP Tunnel Data Message (RFC3519)\n",
|
||
"NBNSHeader : NBNS Header\n",
|
||
"NBNSNodeStatusRequest : NBNS status request\n",
|
||
"NBNSNodeStatusResponse : NBNS Node Status Response\n",
|
||
"NBNSNodeStatusResponseService : NBNS Node Status Response Service\n",
|
||
"NBNSQueryRequest : NBNS query request\n",
|
||
"NBNSQueryResponse : NBNS query response\n",
|
||
"NBNSRegistrationRequest : NBNS registration request\n",
|
||
"NBNSWackResponse : NBNS Wait for Acknowledgement Response\n",
|
||
"NBNS_ADD_ENTRY : None\n",
|
||
"NBTDatagram : NBT Datagram Packet\n",
|
||
"NBTSession : NBT Session Packet\n",
|
||
"NDRConformantArray : None\n",
|
||
"NDRConformantString : None\n",
|
||
"NDRContextHandle : None\n",
|
||
"NDRPacket : None\n",
|
||
"NDRPacket : None\n",
|
||
"NDRPointer : None\n",
|
||
"NDRSerialization1Header : None\n",
|
||
"NDRSerialization1PrivateHeader : None\n",
|
||
"NDRUnion : None\n",
|
||
"NDRVaryingArray : None\n",
|
||
"NEGOEX_BYTE_VECTOR : None\n",
|
||
"NEGOEX_CHECKSUM : None\n",
|
||
"NEGOEX_EXCHANGE_MESSAGE : None\n",
|
||
"NEGOEX_EXCHANGE_NTLM : None\n",
|
||
"NEGOEX_EXCHANGE_NTLM_ITEM : None\n",
|
||
"NEGOEX_EXTENSION_VECTOR : None\n",
|
||
"NEGOEX_MESSAGE_HEADER : None\n",
|
||
"NEGOEX_NEGO_MESSAGE : None\n",
|
||
"NEGOEX_VERIFY_MESSAGE : None\n",
|
||
"NL_AUTH_MESSAGE : NL_AUTH_MESSAGE\n",
|
||
"NL_AUTH_SIGNATURE : NL_AUTH_(SHA2_)SIGNATURE\n",
|
||
"NTLMSSP_MESSAGE_SIGNATURE : None\n",
|
||
"NTLM_AUTHENTICATE : NTLM Authenticate\n",
|
||
"NTLM_AUTHENTICATE_V2 : NTLM Authenticate\n",
|
||
"NTLM_CHALLENGE : NTLM Challenge\n",
|
||
"NTLM_Header : NTLM Header\n",
|
||
"NTLM_NEGOTIATE : NTLM Negotiate\n",
|
||
"NTLM_RESPONSE : None\n",
|
||
"NTLMv2_CLIENT_CHALLENGE : None\n",
|
||
"NTLMv2_RESPONSE : None\n",
|
||
"NTP : None\n",
|
||
"NTPAuthenticator : Authenticator\n",
|
||
"NTPClockStatusPacket : clock status\n",
|
||
"NTPConfPeer : conf_peer\n",
|
||
"NTPConfRestrict : conf_restrict\n",
|
||
"NTPConfTrap : conf_trap\n",
|
||
"NTPConfUnpeer : conf_unpeer\n",
|
||
"NTPControl : Control message\n",
|
||
"NTPErrorStatusPacket : error status\n",
|
||
"NTPExtension : extension\n",
|
||
"NTPExtensions : NTPv4 extensions\n",
|
||
"NTPHeader : NTPHeader\n",
|
||
"NTPInfoAuth : info_auth\n",
|
||
"NTPInfoControl : info_control\n",
|
||
"NTPInfoIOStats : info_io_stats\n",
|
||
"NTPInfoIfStatsIPv4 : info_if_stats\n",
|
||
"NTPInfoIfStatsIPv6 : info_if_stats\n",
|
||
"NTPInfoKernel : info_kernel\n",
|
||
"NTPInfoLoop : info_loop\n",
|
||
"NTPInfoMemStats : info_mem_stats\n",
|
||
"NTPInfoMonitor1 : InfoMonitor1\n",
|
||
"NTPInfoPeer : info_peer\n",
|
||
"NTPInfoPeerList : info_peer_list\n",
|
||
"NTPInfoPeerStats : info_peer_stats\n",
|
||
"NTPInfoPeerSummary : info_peer_summary\n",
|
||
"NTPInfoSys : info_sys\n",
|
||
"NTPInfoSysStats : info_sys_stats\n",
|
||
"NTPInfoTimerStats : info_timer_stats\n",
|
||
"NTPPeerStatusDataPacket : data / peer status\n",
|
||
"NTPPeerStatusPacket : peer status\n",
|
||
"NTPPrivate : Private (mode 7)\n",
|
||
"NTPPrivatePktTail : req_pkt_tail\n",
|
||
"NTPPrivateReqPacket : request data\n",
|
||
"NTPStatusPacket : status\n",
|
||
"NTPSystemStatusPacket : system status\n",
|
||
"NetBIOS_DS : NetBIOS datagram service\n",
|
||
"NetflowDataflowsetV9 : Netflow DataFlowSet V9/10\n",
|
||
"NetflowFlowsetV9 : Netflow FlowSet V9/10\n",
|
||
"NetflowHeader : Netflow Header\n",
|
||
"NetflowHeaderV1 : Netflow Header v1\n",
|
||
"NetflowHeaderV10 : IPFix (Netflow V10) Header\n",
|
||
"NetflowHeaderV5 : Netflow Header v5\n",
|
||
"NetflowHeaderV9 : Netflow Header V9\n",
|
||
"NetflowOptionsFlowset10 : Netflow V10 (IPFix) Options Template FlowSet\n",
|
||
"NetflowOptionsFlowsetOptionV9 : Netflow Options Template FlowSet V9/10 - Option\n",
|
||
"NetflowOptionsFlowsetScopeV9 : Netflow Options Template FlowSet V9/10 - Scope\n",
|
||
"NetflowOptionsFlowsetV9 : Netflow Options Template FlowSet V9\n",
|
||
"NetflowOptionsRecordOptionV9 : Netflow Options Template Record V9/10 - Option\n",
|
||
"NetflowOptionsRecordScopeV9 : Netflow Options Template Record V9/10 - Scope\n",
|
||
"NetflowRecordV1 : Netflow Record v1\n",
|
||
"NetflowRecordV5 : Netflow Record v5\n",
|
||
"NetflowRecordV9 : Netflow DataFlowset Record V9/10\n",
|
||
"NetflowTemplateFieldV9 : Netflow Flowset Template Field V9/10\n",
|
||
"NetflowTemplateV9 : Netflow Flowset Template V9/10\n",
|
||
"NoPayload : None\n",
|
||
"OCSP_ByKey : None\n",
|
||
"OCSP_ByName : None\n",
|
||
"OCSP_CertID : None\n",
|
||
"OCSP_CertStatus : None\n",
|
||
"OCSP_GoodInfo : None\n",
|
||
"OCSP_ResponderID : None\n",
|
||
"OCSP_Response : None\n",
|
||
"OCSP_ResponseBytes : None\n",
|
||
"OCSP_ResponseData : None\n",
|
||
"OCSP_RevokedInfo : None\n",
|
||
"OCSP_SingleResponse : None\n",
|
||
"OCSP_UnknownInfo : None\n",
|
||
"PACTYPE : PACTYPE - PAC\n",
|
||
"PAC_ATTRIBUTES_INFO : None\n",
|
||
"PAC_CLIENT_CLAIMS_INFO : None\n",
|
||
"PAC_CLIENT_INFO : None\n",
|
||
"PAC_CREDENTIAL_INFO : None\n",
|
||
"PAC_DEVICE_INFO : None\n",
|
||
"PAC_DEVICE_INFO_WRAP : None\n",
|
||
"PAC_INFO_BUFFER : None\n",
|
||
"PAC_REQUESTOR : None\n",
|
||
"PAC_SIGNATURE_DATA : None\n",
|
||
"PADATA : None\n",
|
||
"PA_AUTHENTICATION_SET : None\n",
|
||
"PA_AUTHENTICATION_SET_ELEM : None\n",
|
||
"PA_ENC_TS_ENC : None\n",
|
||
"PA_FX_FAST_REPLY : None\n",
|
||
"PA_FX_FAST_REQUEST : None\n",
|
||
"PA_PAC_OPTIONS : None\n",
|
||
"PA_PAC_REQUEST : None\n",
|
||
"PA_PK_AS_REP : None\n",
|
||
"PA_PK_AS_REQ : None\n",
|
||
"PA_SUPPORTED_ENCTYPES : None\n",
|
||
"PDOMAIN_GROUP_MEMBERSHIP : None\n",
|
||
"PGROUP_MEMBERSHIP : None\n",
|
||
"PIDPacketBase : PID Base Packet\n",
|
||
"PID_BUILTIN_ENDPOINT_QOS : PID_BUILTIN_ENDPOINT_QOS\n",
|
||
"PID_BUILTIN_ENDPOINT_SET : PID_BUILTIN_ENDPOINT_SET\n",
|
||
"PID_CONTENT_FILTER_PROPERTY : PID_CONTENT_FILTER_PROPERTY\n",
|
||
"PID_DEADLINE : PID_DEADLINE\n",
|
||
"PID_DEFAULT_MULTICAST_LOCATOR : PID_DEFAULT_MULTICAST_LOCATOR\n",
|
||
"PID_DEFAULT_UNICAST_IPADDRESS : PID_DEFAULT_UNICAST_IPADDRESS\n",
|
||
"PID_DEFAULT_UNICAST_LOCATOR : PID_DEFAULT_UNICAST_LOCATOR\n",
|
||
"PID_DEFAULT_UNICAST_PORT : PID_DEFAULT_UNICAST_PORT\n",
|
||
"PID_DESTINATION_ORDER : PID_DESTINATION_ORDER\n",
|
||
"PID_DOMAIN_ID : PID_DOMAIN_ID\n",
|
||
"PID_DOMAIN_TAG : PID_DOMAIN_TAG\n",
|
||
"PID_DURABILITY : PID_DURABILITY\n",
|
||
"PID_DURABILITY_SERVICE : PID_DURABILITY_SERVICE\n",
|
||
"PID_ENDPOINT_GUID : PID_ENDPOINT_GUID\n",
|
||
"PID_ENTITY_NAME : PID_ENTITY_NAME\n",
|
||
"PID_EXPECTS_INLINE_QOS : PID_EXPECTS_INLINE_QOS\n",
|
||
"PID_GROUP_DATA : PID_GROUP_DATA\n",
|
||
"PID_GROUP_ENTITYID : PID_GROUP_ENTITYID\n",
|
||
"PID_GROUP_GUID : PID_GROUP_GUID\n",
|
||
"PID_HISTORY : PID_HISTORY\n",
|
||
"PID_KEY_HASH : PID_KEY_HASH\n",
|
||
"PID_LATENCY_BUDGET : PID_LATENCY_BUDGET\n",
|
||
"PID_LIFESPAN : PID_LIFESPAN\n",
|
||
"PID_LIVELINESS : PID_LIVELINESS\n",
|
||
"PID_METATRAFFIC_MULTICAST_IPADDRESS : PID_METATRAFFIC_MULTICAST_IPADDRESS\n",
|
||
"PID_METATRAFFIC_MULTICAST_LOCATOR : PID_METATRAFFIC_MULTICAST_LOCATOR\n",
|
||
"PID_METATRAFFIC_MULTICAST_PORT : PID_METATRAFFIC_MULTICAST_PORT\n",
|
||
"PID_METATRAFFIC_UNICAST_IPADDRESS : PID_METATRAFFIC_UNICAST_IPADDRESS\n",
|
||
"PID_METATRAFFIC_UNICAST_LOCATOR : PID_METATRAFFIC_UNICAST_LOCATOR\n",
|
||
"PID_METATRAFFIC_UNICAST_PORT : PID_METATRAFFIC_UNICAST_PORT\n",
|
||
"PID_MULTICAST_IPADDRESS : PID_MULTICAST_IPADDRESS\n",
|
||
"PID_MULTICAST_LOCATOR : PID_MULTICAST_LOCATOR\n",
|
||
"PID_OWNERSHIP : PID_OWNERSHIP\n",
|
||
"PID_OWNERSHIP_STRENGTH : PID_OWNERSHIP_STRENGTH\n",
|
||
"PID_PAD : PID_PAD\n",
|
||
"PID_PARTICIPANT_BUILTIN_ENDPOINTS : PID_PARTICIPANT_BUILTIN_ENDPOINTS\n",
|
||
"PID_PARTICIPANT_GUID : PID_PARTICIPANT_GUID\n",
|
||
"PID_PARTICIPANT_LEASE_DURATION : PID_PARTICIPANT_LEASE_DURATION\n",
|
||
"PID_PARTICIPANT_MANUAL_LIVELINESS_COUNT : PID_PARTICIPANT_MANUAL_LIVELINESS_COUNT\n",
|
||
"PID_PARTITION : PID_PARTITION\n",
|
||
"PID_PLUGIN_PROMISCUITY_KIND : PID_PLUGIN_PROMISCUITY_KIND\n",
|
||
"PID_PRESENTATION : PID_PRESENTATION\n",
|
||
"PID_PRODUCT_VERSION : PID_PRODUCT_VERSION\n",
|
||
"PID_PROPERTY_LIST : PID_PROPERTY_LIST\n",
|
||
"PID_PROTOCOL_VERSION : PID_PROTOCOL_VERSION\n",
|
||
"PID_REACHABILITY_LEASE_DURATION : PID_REACHABILITY_LEASE_DURATION\n",
|
||
"PID_RELIABILITY : PID_RELIABILITY\n",
|
||
"PID_RESOURCE_LIMITS : PID_RESOURCE_LIMITS\n",
|
||
"PID_RTI_DOMAIN_ID : PID_RTI_DOMAIN_ID\n",
|
||
"PID_SENTINEL : PID_SENTINEL\n",
|
||
"PID_STATUS_INFO : PID_STATUS_INFO\n",
|
||
"PID_TIME_BASED_FILTER : PID_TIME_BASED_FILTER\n",
|
||
"PID_TOPIC_DATA : PID_TOPIC_DATA\n",
|
||
"PID_TOPIC_NAME : PID_TOPIC_NAME\n",
|
||
"PID_TRANSPORT_INFO_LIST : PID_TRANSPORT_INFO_LIST\n",
|
||
"PID_TRANSPORT_PRIO : PID_TRANSPORT_PRIO\n",
|
||
"PID_TRANSPORT_PRIORITY : PID_TRANSPORT_PRIORITY\n",
|
||
"PID_TYPE_MAX_SIZE_SERIALIZED : PID_TYPE_MAX_SIZE_SERIALIZED\n",
|
||
"PID_TYPE_NAME : PID_TYPE_NAME\n",
|
||
"PID_UNICAST_LOCATOR : PID_UNICAST_LOCATOR\n",
|
||
"PID_UNKNOWN : PID_UNKNOWN\n",
|
||
"PID_USER_DATA : PID_USER_DATA\n",
|
||
"PID_VENDOR_BUILTIN_ENDPOINT_SET : PID_VENDOR_BUILTIN_ENDPOINT_SET\n",
|
||
"PID_VENDOR_ID : PID_VENDOR_ID\n",
|
||
"PKERB_SID_AND_ATTRIBUTES : None\n",
|
||
"PMKIDListPacket : PMKIDs\n",
|
||
"PPI : Per-Packet Information header (PPI)\n",
|
||
"PPI_Element : PPI Element\n",
|
||
"PPI_Hdr : PPI Header\n",
|
||
"PPP : PPP Link Layer\n",
|
||
"PPP_CHAP : PPP Challenge Handshake Authentication Protocol\n",
|
||
"PPP_CHAP_ChallengeResponse : PPP Challenge Handshake Authentication Protocol\n",
|
||
"PPP_ECP : None\n",
|
||
"PPP_ECP_Option : PPP ECP Option\n",
|
||
"PPP_ECP_Option_OUI : PPP ECP Option\n",
|
||
"PPP_IPCP : None\n",
|
||
"PPP_IPCP_Option : PPP IPCP Option\n",
|
||
"PPP_IPCP_Option_DNS1 : PPP IPCP Option: DNS1 Address\n",
|
||
"PPP_IPCP_Option_DNS2 : PPP IPCP Option: DNS2 Address\n",
|
||
"PPP_IPCP_Option_IPAddress : PPP IPCP Option: IP Address\n",
|
||
"PPP_IPCP_Option_NBNS1 : PPP IPCP Option: NBNS1 Address\n",
|
||
"PPP_IPCP_Option_NBNS2 : PPP IPCP Option: NBNS2 Address\n",
|
||
"PPP_LCP : PPP Link Control Protocol\n",
|
||
"PPP_LCP_ACCM_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Auth_Protocol_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Callback_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Code_Reject : PPP Link Control Protocol\n",
|
||
"PPP_LCP_Configure : PPP Link Control Protocol\n",
|
||
"PPP_LCP_Discard_Request : PPP Link Control Protocol\n",
|
||
"PPP_LCP_Echo : PPP Link Control Protocol\n",
|
||
"PPP_LCP_MRU_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Magic_Number_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Protocol_Reject : PPP Link Control Protocol\n",
|
||
"PPP_LCP_Quality_Protocol_Option : PPP LCP Option\n",
|
||
"PPP_LCP_Terminate : PPP Link Control Protocol\n",
|
||
"PPP_PAP : PPP Password Authentication Protocol\n",
|
||
"PPP_PAP_Request : PPP Password Authentication Protocol\n",
|
||
"PPP_PAP_Response : PPP Password Authentication Protocol\n",
|
||
"PPPoE : PPP over Ethernet\n",
|
||
"PPPoED : PPP over Ethernet Discovery\n",
|
||
"PPPoED_Tags : PPPoE Tag List\n",
|
||
"PPPoETag : PPPoE Tag\n",
|
||
"PPTP : PPTP\n",
|
||
"PPTPCallClearRequest : PPTP Call Clear Request\n",
|
||
"PPTPCallDisconnectNotify : PPTP Call Disconnect Notify\n",
|
||
"PPTPEchoReply : PPTP Echo Reply\n",
|
||
"PPTPEchoRequest : PPTP Echo Request\n",
|
||
"PPTPIncomingCallConnected : PPTP Incoming Call Connected\n",
|
||
"PPTPIncomingCallReply : PPTP Incoming Call Reply\n",
|
||
"PPTPIncomingCallRequest : PPTP Incoming Call Request\n",
|
||
"PPTPOutgoingCallReply : PPTP Outgoing Call Reply\n",
|
||
"PPTPOutgoingCallRequest : PPTP Outgoing Call Request\n",
|
||
"PPTPSetLinkInfo : PPTP Set Link Info\n",
|
||
"PPTPStartControlConnectionReply : PPTP Start Control Connection Reply\n",
|
||
"PPTPStartControlConnectionRequest : PPTP Start Control Connection Request\n",
|
||
"PPTPStopControlConnectionReply : PPTP Stop Control Connection Reply\n",
|
||
"PPTPStopControlConnectionRequest : PPTP Stop Control Connection Request\n",
|
||
"PPTPWANErrorNotify : PPTP WAN Error Notify\n",
|
||
"PSID : None\n",
|
||
"Packet : None\n",
|
||
"Pad1 : Pad1\n",
|
||
"PadN : PadN\n",
|
||
"Padding : Padding\n",
|
||
"ParameterListPacket : PID list\n",
|
||
"ParticipantMessageDataPacket : Participant Message Data\n",
|
||
"PrincipalName : None\n",
|
||
"PrismHeader : Prism header\n",
|
||
"ProductVersionPacket : Product Version\n",
|
||
"ProtocolVersionPacket : RTPS Protocol Version\n",
|
||
"PseudoIPv6 : Pseudo IPv6 Header\n",
|
||
"RIP : RIP header\n",
|
||
"RIPAuth : RIP authentication\n",
|
||
"RIPEntry : RIP entry\n",
|
||
"RPC_SID_IDENTIFIER_AUTHORITY : None\n",
|
||
"RPC_UNICODE_STRING : None\n",
|
||
"RSAOtherPrimeInfo : None\n",
|
||
"RSAPrivateKey : None\n",
|
||
"RSAPrivateKey_OpenSSL : None\n",
|
||
"RSAPublicKey : None\n",
|
||
"RSNCipherSuite : Cipher suite\n",
|
||
"RTP : RTP\n",
|
||
"RTPExtension : RTP extension\n",
|
||
"RTPS : RTPS Header\n",
|
||
"RTPSMessage : RTPS Message\n",
|
||
"RTPSSubMessage_ACKNACK : RTPS ACKNACK (0x06)\n",
|
||
"RTPSSubMessage_DATA : RTPS DATA (0x15)\n",
|
||
"RTPSSubMessage_DATA_FRAG : RTPS DATA_FRAG (0x16)\n",
|
||
"RTPSSubMessage_GAP : RTPS GAP (0x08)\n",
|
||
"RTPSSubMessage_HEARTBEAT : RTPS HEARTBEAT (0x07)\n",
|
||
"RTPSSubMessage_INFO_DST : RTPS INFO_DTS (0x0e)\n",
|
||
"RTPSSubMessage_INFO_TS : RTPS INFO_TS (0x09)\n",
|
||
"RTPSSubMessage_PAD : RTPS PAD (0x01)\n",
|
||
"RTPSSubMessage_SEC_BODY : RTPS SEC_BODY (0x30)\n",
|
||
"RTPSSubMessage_SEC_POSTFIX : RTPS SEC_POSTFIX (0x32)\n",
|
||
"RTPSSubMessage_SEC_PREFIX : RTPS SEC_PREFIX (0x31)\n",
|
||
"RTPSSubMessage_SRTPS_POSTFIX : RTPS SRPTS_POSTFIX (0x34)\n",
|
||
"RTPSSubMessage_SRTPS_PREFIX : RTPS SRPTS_PREFIX (0x33)\n",
|
||
"RadioTap : RadioTap\n",
|
||
"RadioTapExtendedPresenceMask : RadioTap Extended presence mask\n",
|
||
"RadioTapTLV : None\n",
|
||
"Radius : RADIUS\n",
|
||
"RadiusAttr_ARAP_Security : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Authentic : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Delay_Time : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Input_Gigawords : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Input_Octets : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Input_Packets : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Interim_Interval : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Link_Count : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Output_Gigawords : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Output_Octets : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Output_Packets : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Session_Time : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Status_Type : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Terminate_Cause : Radius Attribute\n",
|
||
"RadiusAttr_Acct_Tunnel_Packets_Lost : Radius Attribute\n",
|
||
"RadiusAttr_EAP_Message : EAP-Message\n",
|
||
"RadiusAttr_Egress_VLANID : Radius Attribute\n",
|
||
"RadiusAttr_Framed_AppleTalk_Link : Radius Attribute\n",
|
||
"RadiusAttr_Framed_AppleTalk_Network : Radius Attribute\n",
|
||
"RadiusAttr_Framed_IPX_Network : Radius Attribute\n",
|
||
"RadiusAttr_Framed_IP_Address : Radius Attribute\n",
|
||
"RadiusAttr_Framed_IP_Netmask : Radius Attribute\n",
|
||
"RadiusAttr_Framed_MTU : Radius Attribute\n",
|
||
"RadiusAttr_Framed_Protocol : Radius Attribute\n",
|
||
"RadiusAttr_Idle_Timeout : Radius Attribute\n",
|
||
"RadiusAttr_Login_IP_Host : Radius Attribute\n",
|
||
"RadiusAttr_Login_TCP_Port : Radius Attribute\n",
|
||
"RadiusAttr_Management_Privilege_Level : Radius Attribute\n",
|
||
"RadiusAttr_Message_Authenticator : Radius Attribute\n",
|
||
"RadiusAttr_Mobility_Domain_Id : Radius Attribute\n",
|
||
"RadiusAttr_NAS_IP_Address : Radius Attribute\n",
|
||
"RadiusAttr_NAS_Port : Radius Attribute\n",
|
||
"RadiusAttr_NAS_Port_Type : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Home_DHCP4_Server_Address : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Home_IPv4_Gateway : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Home_LMA_IPv4_Address : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Visited_DHCP4_Server_Address : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Visited_IPv4_Gateway : Radius Attribute\n",
|
||
"RadiusAttr_PMIP6_Visited_LMA_IPv4_Address : Radius Attribute\n",
|
||
"RadiusAttr_Password_Retry : Radius Attribute\n",
|
||
"RadiusAttr_Port_Limit : Radius Attribute\n",
|
||
"RadiusAttr_Preauth_Timeout : Radius Attribute\n",
|
||
"RadiusAttr_Service_Type : Radius Attribute\n",
|
||
"RadiusAttr_Session_Timeout : Radius Attribute\n",
|
||
"RadiusAttr_State : Radius Attribute\n",
|
||
"RadiusAttr_Tunnel_Preference : Radius Attribute\n",
|
||
"RadiusAttr_User_Name : Radius Attribute\n",
|
||
"RadiusAttr_User_Password : Radius Attribute\n",
|
||
"RadiusAttr_Vendor_Specific : Vendor-Specific\n",
|
||
"RadiusAttr_WLAN_AKM_Suite : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_Group_Cipher : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_Group_Mgmt_Cipher : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_Pairwise_Cipher : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_RF_Band : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_Reason_Code : Radius Attribute\n",
|
||
"RadiusAttr_WLAN_Venue_Info : Radius Attribute\n",
|
||
"RadiusAttribute : Radius Attribute\n",
|
||
"Raw : Raw\n",
|
||
"RouterAlert : Router Alert\n",
|
||
"SCTP : None\n",
|
||
"SCTPChunkAbort : None\n",
|
||
"SCTPChunkAddressConf : None\n",
|
||
"SCTPChunkAddressConfAck : None\n",
|
||
"SCTPChunkAuthentication : None\n",
|
||
"SCTPChunkCookieAck : None\n",
|
||
"SCTPChunkCookieEcho : None\n",
|
||
"SCTPChunkData : None\n",
|
||
"SCTPChunkError : None\n",
|
||
"SCTPChunkHeartbeatAck : None\n",
|
||
"SCTPChunkHeartbeatReq : None\n",
|
||
"SCTPChunkInit : None\n",
|
||
"SCTPChunkInitAck : None\n",
|
||
"SCTPChunkParamAdaptationLayer : None\n",
|
||
"SCTPChunkParamAddIPAddr : None\n",
|
||
"SCTPChunkParamChunkList : None\n",
|
||
"SCTPChunkParamCookiePreservative : None\n",
|
||
"SCTPChunkParamDelIPAddr : None\n",
|
||
"SCTPChunkParamECNCapable : None\n",
|
||
"SCTPChunkParamErrorIndication : None\n",
|
||
"SCTPChunkParamFwdTSN : None\n",
|
||
"SCTPChunkParamHeartbeatInfo : None\n",
|
||
"SCTPChunkParamHostname : None\n",
|
||
"SCTPChunkParamIPv4Addr : None\n",
|
||
"SCTPChunkParamIPv6Addr : None\n",
|
||
"SCTPChunkParamRandom : None\n",
|
||
"SCTPChunkParamRequestedHMACFunctions : None\n",
|
||
"SCTPChunkParamSetPrimaryAddr : None\n",
|
||
"SCTPChunkParamStateCookie : None\n",
|
||
"SCTPChunkParamSuccessIndication : None\n",
|
||
"SCTPChunkParamSupportedAddrTypes : None\n",
|
||
"SCTPChunkParamSupportedExtensions : None\n",
|
||
"SCTPChunkParamUnrocognizedParam : None\n",
|
||
"SCTPChunkSACK : None\n",
|
||
"SCTPChunkShutdown : None\n",
|
||
"SCTPChunkShutdownAck : None\n",
|
||
"SCTPChunkShutdownComplete : None\n",
|
||
"SCTPerror : SCTP in ICMP\n",
|
||
"SECURITY_DESCRIPTOR : None\n",
|
||
"SMB2_CREATE_ALLOCATION_SIZE : None\n",
|
||
"SMB2_CREATE_APP_INSTANCE_ID : None\n",
|
||
"SMB2_CREATE_APP_INSTANCE_VERSION : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_RECONNECT : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_REQUEST : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_RESPONSE : None\n",
|
||
"SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2 : None\n",
|
||
"SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST : None\n",
|
||
"SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE : None\n",
|
||
"SMB2_CREATE_QUERY_ON_DISK_ID : None\n",
|
||
"SMB2_CREATE_REQUEST_LEASE : None\n",
|
||
"SMB2_CREATE_REQUEST_LEASE_V2 : None\n",
|
||
"SMB2_CREATE_RESPONSE_LEASE : None\n",
|
||
"SMB2_CREATE_RESPONSE_LEASE_V2 : None\n",
|
||
"SMB2_CREATE_TIMEWARP_TOKEN : None\n",
|
||
"SMB2_Cancel_Request : SMB2 CANCEL Request\n",
|
||
"SMB2_Change_Notify_Request : SMB2 CHANGE NOTIFY Request\n",
|
||
"SMB2_Change_Notify_Response : SMB2 CHANGE NOTIFY Response\n",
|
||
"SMB2_Close_Request : SMB2 CLOSE Request\n",
|
||
"SMB2_Close_Response : SMB2 CLOSE Response\n",
|
||
"SMB2_Compression_Capabilities : SMB2 Compression Capabilities\n",
|
||
"SMB2_Compression_Transform_Header : SMB2 Compression Transform Header\n",
|
||
"SMB2_Create_Context : SMB2 CREATE CONTEXT\n",
|
||
"SMB2_Create_Request : SMB2 CREATE Request\n",
|
||
"SMB2_Create_Response : SMB2 CREATE Response\n",
|
||
"SMB2_Encryption_Capabilities : SMB2 Encryption Capabilities\n",
|
||
"SMB2_Error_Response : SMB2 Error Response\n",
|
||
"SMB2_FILEID : None\n",
|
||
"SMB2_Header : SMB2 Header\n",
|
||
"SMB2_IOCTL_Request : SMB2 IOCTL Request\n",
|
||
"SMB2_IOCTL_Response : SMB2 IOCTL Response\n",
|
||
"SMB2_IOCTL_Validate_Negotiate_Info_Request : SMB2 IOCTL Validate Negotiate Info\n",
|
||
"SMB2_IOCTL_Validate_Negotiate_Info_Response : SMB2 IOCTL Validate Negotiate Info\n",
|
||
"SMB2_Negotiate_Context : SMB2 Negotiate Context\n",
|
||
"SMB2_Negotiate_Protocol_Request : SMB2 Negotiate Protocol Request\n",
|
||
"SMB2_Negotiate_Protocol_Response : SMB2 Negotiate Protocol Response\n",
|
||
"SMB2_Netname_Negotiate_Context_ID : SMB2 Netname Negotiate Context ID\n",
|
||
"SMB2_Preauth_Integrity_Capabilities : SMB2 Preauth Integrity Capabilities\n",
|
||
"SMB2_Query_Directory_Request : SMB2 QUERY DIRECTORY Request\n",
|
||
"SMB2_Query_Directory_Response : SMB2 QUERY DIRECTORY Response\n",
|
||
"SMB2_Query_Info_Request : SMB2 QUERY INFO Request\n",
|
||
"SMB2_Query_Info_Response : SMB2 QUERY INFO Response\n",
|
||
"SMB2_Query_Quota_Info : None\n",
|
||
"SMB2_Read_Request : SMB2 READ Request\n",
|
||
"SMB2_Read_Response : SMB2 READ Response\n",
|
||
"SMB2_Session_Logoff_Request : SMB2 LOGOFF Request\n",
|
||
"SMB2_Session_Logoff_Response : SMB2 LOGOFF Request\n",
|
||
"SMB2_Session_Setup_Request : SMB2 Session Setup Request\n",
|
||
"SMB2_Session_Setup_Response : SMB2 Session Setup Response\n",
|
||
"SMB2_Transport_Capabilities : SMB2 Transport Capabilities\n",
|
||
"SMB2_Tree_Connect_Request : SMB2 TREE_CONNECT Request\n",
|
||
"SMB2_Tree_Connect_Response : SMB2 TREE_CONNECT Response\n",
|
||
"SMB2_Tree_Disconnect_Request : SMB2 TREE_DISCONNECT Request\n",
|
||
"SMB2_Tree_Disconnect_Response : SMB2 TREE_DISCONNECT Response\n",
|
||
"SMB2_Write_Request : SMB2 WRITE Request\n",
|
||
"SMB2_Write_Response : SMB2 WRITE Response\n",
|
||
"SMBMailSlot : None\n",
|
||
"SMBNegociate_Protocol_Request_Header_Generic : SMBNegociate Protocol Request Header Generic\n",
|
||
"SMBNegotiate_Request : SMB Negotiate Request\n",
|
||
"SMBNegotiate_Response_Extended_Security : SMB Negotiate Extended Security Response (SMB)\n",
|
||
"SMBNegotiate_Response_NoSecurity : SMB Negotiate No-Security Response (CIFS)\n",
|
||
"SMBNegotiate_Response_Security : SMB Negotiate Non-Extended Security Response (SMB)\n",
|
||
"SMBNetlogon_Protocol_Response_Header : SMBNetlogon Protocol Response Header\n",
|
||
"SMBNetlogon_Protocol_Response_Tail_LM20 : SMB Netlogon Protocol Response Tail LM20\n",
|
||
"SMBNetlogon_Protocol_Response_Tail_SAM : SMB Netlogon Protocol Response Tail SAM\n",
|
||
"SMBSession_Null : None\n",
|
||
"SMBSession_Setup_AndX_Request : Session Setup AndX Request (CIFS)\n",
|
||
"SMBSession_Setup_AndX_Request_Extended_Security : Session Setup AndX Extended Security Request (SMB)\n",
|
||
"SMBSession_Setup_AndX_Response : Session Setup AndX Response (CIFS)\n",
|
||
"SMBSession_Setup_AndX_Response_Extended_Security : Session Setup AndX Extended Security Response (SMB)\n",
|
||
"SMBTree_Connect_AndX : Session Tree Connect AndX\n",
|
||
"SMB_Dialect : SMB Dialect\n",
|
||
"SMB_Header : SMB 1 Protocol Request Header\n",
|
||
"SM_Confirm : Pairing Confirm\n",
|
||
"SM_DHKey_Check : DHKey Check\n",
|
||
"SM_Encryption_Information : Encryption Information\n",
|
||
"SM_Failed : Pairing Failed\n",
|
||
"SM_Hdr : SM header\n",
|
||
"SM_Identity_Address_Information : Identity Address Information\n",
|
||
"SM_Identity_Information : Identity Information\n",
|
||
"SM_Master_Identification : Master Identification\n",
|
||
"SM_Pairing_Request : Pairing Request\n",
|
||
"SM_Pairing_Response : Pairing Response\n",
|
||
"SM_Public_Key : Public Key\n",
|
||
"SM_Random : Pairing Random\n",
|
||
"SM_Signing_Information : Signing Information\n",
|
||
"SNAP : SNAP\n",
|
||
"SNMP : None\n",
|
||
"SNMPbulk : None\n",
|
||
"SNMPget : None\n",
|
||
"SNMPinform : None\n",
|
||
"SNMPnext : None\n",
|
||
"SNMPresponse : None\n",
|
||
"SNMPset : None\n",
|
||
"SNMPtrapv1 : None\n",
|
||
"SNMPtrapv2 : None\n",
|
||
"SNMPvarbind : None\n",
|
||
"SPNEGO_MechListMIC : None\n",
|
||
"SPNEGO_MechType : None\n",
|
||
"SPNEGO_MechTypes : None\n",
|
||
"SPNEGO_Token : None\n",
|
||
"SPNEGO_negToken : None\n",
|
||
"SPNEGO_negTokenInit : None\n",
|
||
"SPNEGO_negTokenResp : None\n",
|
||
"STP : Spanning Tree Protocol\n",
|
||
"Single_Host_Data : None\n",
|
||
"SixLoWPAN : SixLoWPAN Dispatcher\n",
|
||
"SixLoWPAN_ESC : SixLoWPAN Dispatcher ESC\n",
|
||
"Skinny : Skinny\n",
|
||
"TCP : TCP\n",
|
||
"TCPAOValue : None\n",
|
||
"TCPerror : TCP in ICMP\n",
|
||
"TFTP : TFTP opcode\n",
|
||
"TFTP_ACK : TFTP Ack\n",
|
||
"TFTP_DATA : TFTP Data\n",
|
||
"TFTP_ERROR : TFTP Error\n",
|
||
"TFTP_OACK : TFTP Option Ack\n",
|
||
"TFTP_Option : None\n",
|
||
"TFTP_Options : None\n",
|
||
"TFTP_RRQ : TFTP Read Request\n",
|
||
"TFTP_WRQ : TFTP Write Request\n",
|
||
"TransitedEncoding : None\n",
|
||
"TransportInfoPacket : Transport Info\n",
|
||
"TunPacketInfo : None\n",
|
||
"UDP : UDP\n",
|
||
"UDPerror : UDP in ICMP\n",
|
||
"UPN_DNS_INFO : None\n",
|
||
"USER_CLASS_DATA : user class data\n",
|
||
"USER_SESSION_KEY : None\n",
|
||
"VENDOR_CLASS_DATA : vendor class data\n",
|
||
"VENDOR_SPECIFIC_OPTION : vendor specific option data\n",
|
||
"VRRP : None\n",
|
||
"VRRPv3 : None\n",
|
||
"VXLAN : VXLAN\n",
|
||
"VendorIdPacket : RTPS Vendor ID\n",
|
||
"X509_AccessDescription : None\n",
|
||
"X509_AlgorithmIdentifier : None\n",
|
||
"X509_Attribute : None\n",
|
||
"X509_AttributeTypeAndValue : None\n",
|
||
"X509_AttributeValue : None\n",
|
||
"X509_CRL : None\n",
|
||
"X509_Cert : None\n",
|
||
"X509_DNSName : None\n",
|
||
"X509_DirectoryName : None\n",
|
||
"X509_EDIPartyName : None\n",
|
||
"X509_ExtAuthInfoAccess : None\n",
|
||
"X509_ExtAuthorityKeyIdentifier : None\n",
|
||
"X509_ExtBasicConstraints : None\n",
|
||
"X509_ExtCRLDistributionPoints : None\n",
|
||
"X509_ExtCRLNumber : None\n",
|
||
"X509_ExtCertificateIssuer : None\n",
|
||
"X509_ExtCertificatePolicies : None\n",
|
||
"X509_ExtComment : None\n",
|
||
"X509_ExtDefault : None\n",
|
||
"X509_ExtDeltaCRLIndicator : None\n",
|
||
"X509_ExtDistributionPoint : None\n",
|
||
"X509_ExtDistributionPointName : None\n",
|
||
"X509_ExtExtendedKeyUsage : None\n",
|
||
"X509_ExtFreshestCRL : None\n",
|
||
"X509_ExtFullName : None\n",
|
||
"X509_ExtGeneralSubtree : None\n",
|
||
"X509_ExtInhibitAnyPolicy : None\n",
|
||
"X509_ExtInvalidityDate : None\n",
|
||
"X509_ExtIssuerAltName : None\n",
|
||
"X509_ExtIssuingDistributionPoint : None\n",
|
||
"X509_ExtKeyUsage : None\n",
|
||
"X509_ExtNameConstraints : None\n",
|
||
"X509_ExtNameRelativeToCRLIssuer : None\n",
|
||
"X509_ExtNetscapeCertType : None\n",
|
||
"X509_ExtNoticeReference : None\n",
|
||
"X509_ExtPolicyConstraints : None\n",
|
||
"X509_ExtPolicyInformation : None\n",
|
||
"X509_ExtPolicyMappings : None\n",
|
||
"X509_ExtPolicyQualifierInfo : None\n",
|
||
"X509_ExtPrivateKeyUsagePeriod : None\n",
|
||
"X509_ExtQcStatement : None\n",
|
||
"X509_ExtQcStatements : None\n",
|
||
"X509_ExtReasonCode : None\n",
|
||
"X509_ExtSubjInfoAccess : None\n",
|
||
"X509_ExtSubjectAltName : None\n",
|
||
"X509_ExtSubjectDirectoryAttributes : None\n",
|
||
"X509_ExtSubjectKeyIdentifier : None\n",
|
||
"X509_ExtUserNotice : None\n",
|
||
"X509_Extension : None\n",
|
||
"X509_Extensions : None\n",
|
||
"X509_GeneralName : None\n",
|
||
"X509_IPAddress : None\n",
|
||
"X509_OtherName : None\n",
|
||
"X509_PolicyMapping : None\n",
|
||
"X509_RDN : None\n",
|
||
"X509_RFC822Name : None\n",
|
||
"X509_RegisteredID : None\n",
|
||
"X509_RevokedCertificate : None\n",
|
||
"X509_SubjectPublicKeyInfo : None\n",
|
||
"X509_TBSCertList : None\n",
|
||
"X509_TBSCertificate : None\n",
|
||
"X509_URI : None\n",
|
||
"X509_Validity : None\n",
|
||
"X509_X400Address : None\n",
|
||
"ZCLAttributeReport : ZCL Attribute Report\n",
|
||
"ZCLConfigureReportingRecord : ZCL Configure Reporting Record\n",
|
||
"ZCLConfigureReportingResponseRecord : ZCL Configure Reporting Response Record\n",
|
||
"ZCLGeneralConfigureReporting : General Domain: Command Frame Payload: configure_reporting\n",
|
||
"ZCLGeneralConfigureReportingResponse : General Domain: Command Frame Payload: configure_reporting_response\n",
|
||
"ZCLGeneralDefaultResponse : General Domain: Command Frame Payload: default_response\n",
|
||
"ZCLGeneralReadAttributes : General Domain: Command Frame Payload: read_attributes\n",
|
||
"ZCLGeneralReadAttributesResponse : General Domain: Command Frame Payload: read_attributes_response\n",
|
||
"ZCLGeneralReportAttributes : General Domain: Command Frame Payload: report_attributes\n",
|
||
"ZCLGeneralWriteAttributes : General Domain: Command Frame Payload: write_attributes\n",
|
||
"ZCLGeneralWriteAttributesResponse : General Domain: Command Frame Payload: write_attributes_response\n",
|
||
"ZCLIASZoneZoneEnrollRequest : IAS Zone Cluster: Zone Enroll Request Command (Server: Generated)\n",
|
||
"ZCLIASZoneZoneEnrollResponse : IAS Zone Cluster: Zone Enroll Response Command (Server: Received)\n",
|
||
"ZCLIASZoneZoneStatusChangeNotification : IAS Zone Cluster: Zone Status Change Notification Command (Server: Generated)\n",
|
||
"ZCLMeteringGetProfile : Metering Cluster: Get Profile Command (Server: Received)\n",
|
||
"ZCLPriceGetCurrentPrice : Price Cluster: Get Current Price Command (Server: Received)\n",
|
||
"ZCLPriceGetScheduledPrices : Price Cluster: Get Scheduled Prices Command (Server: Received)\n",
|
||
"ZCLPricePublishPrice : Price Cluster: Publish Price Command (Server: Generated)\n",
|
||
"ZCLReadAttributeStatusRecord : ZCL Read Attribute Status Record\n",
|
||
"ZCLWriteAttributeRecord : ZCL Write Attribute Record\n",
|
||
"ZCLWriteAttributeStatusRecord : ZCL Write Attribute Status Record\n",
|
||
"ZDPActiveEPReq : ZDP Transaction Data: Active_EP_req\n",
|
||
"ZDPDeviceAnnce : ZDP Transaction Data: Device_annce\n",
|
||
"ZEP1 : Zigbee Encapsulation Protocol (V1)\n",
|
||
"ZEP2 : Zigbee Encapsulation Protocol (V2)\n",
|
||
"ZigBeeBeacon : ZigBee Beacon Payload\n",
|
||
"ZigbeeAppCommandPayload : Zigbee Application Layer Command Payload\n",
|
||
"ZigbeeAppDataPayload : Zigbee Application Layer Data Payload (General APS Frame Format)\n",
|
||
"ZigbeeAppDataPayloadStub : Zigbee Application Layer Data Payload for Inter-PAN Transmission\n",
|
||
"ZigbeeClusterLibrary : Zigbee Cluster Library (ZCL) Frame\n",
|
||
"ZigbeeDeviceProfile : Zigbee Device Profile (ZDP) Frame\n",
|
||
"ZigbeeNWK : Zigbee Network Layer\n",
|
||
"ZigbeeNWKCommandPayload : Zigbee Network Layer Command Payload\n",
|
||
"ZigbeeNWKStub : Zigbee Network Layer for Inter-PAN Transmission\n",
|
||
"ZigbeeSecurityHeader : Zigbee Security Header\n",
|
||
"u_sub0 : None\n",
|
||
"u_sub1 : None\n",
|
||
"u_sub2 : None\n",
|
||
"u_sub3 : None\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"ls()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "dc0852db",
|
||
"metadata": {},
|
||
"source": [
|
||
"Pour voir les champs sur le protocole IP. Nous voyons ici les valeurs par défaut."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 23,
|
||
"id": "f258f2ac",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"version : BitField (4 bits) = ('4')\n",
|
||
"ihl : BitField (4 bits) = ('None')\n",
|
||
"tos : XByteField = ('0')\n",
|
||
"len : ShortField = ('None')\n",
|
||
"id : ShortField = ('1')\n",
|
||
"flags : FlagsField = ('<Flag 0 ()>')\n",
|
||
"frag : BitField (13 bits) = ('0')\n",
|
||
"ttl : ByteField = ('64')\n",
|
||
"proto : ByteEnumField = ('0')\n",
|
||
"chksum : XShortField = ('None')\n",
|
||
"src : SourceIPField = ('None')\n",
|
||
"dst : DestIPField = ('None')\n",
|
||
"options : PacketListField = ('[]')\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"ls(IP)"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "edbce82c",
|
||
"metadata": {},
|
||
"source": [
|
||
"# Forger, visualiser et modifier un packet"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "37f13e57",
|
||
"metadata": {},
|
||
"source": [
|
||
"Pour créer/forger un paquet, indiquez la pile protocolaire du protocole le plus bas au plus haut en séparant les protocoles par un slash ‘/’. Scapy configurera automatiquement le champs que vous n'indiquez pas avec la configuration par défaut. \n",
|
||
"\n",
|
||
"Le paquet est un objet et on peut peut visualiser le contenu du paquet avec la méthode show() ou la méthode show2() qui calcule en plus les champs comme la longueur, le checksum du paquet ou la conversion d'un nom en une adresse IP."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 24,
|
||
"id": "e19dea27",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"'IP / UDP 127.0.0.1:domain > 127.0.0.1:domain'"
|
||
]
|
||
},
|
||
"execution_count": 24,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquet1=IP()/UDP()\n",
|
||
"paquet1.summary()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 25,
|
||
"id": "a77726e7",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"###[ IP ]### \n",
|
||
" version = 4\n",
|
||
" ihl = None\n",
|
||
" tos = 0x0\n",
|
||
" len = None\n",
|
||
" id = 1\n",
|
||
" flags = \n",
|
||
" frag = 0\n",
|
||
" ttl = 64\n",
|
||
" proto = udp\n",
|
||
" chksum = None\n",
|
||
" src = 127.0.0.1\n",
|
||
" dst = 127.0.0.1\n",
|
||
" \\options \\\n",
|
||
"###[ UDP ]### \n",
|
||
" sport = domain\n",
|
||
" dport = domain\n",
|
||
" len = None\n",
|
||
" chksum = None\n",
|
||
"\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"paquet1.show()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 26,
|
||
"id": "cee959e4",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"###[ IP ]### \n",
|
||
" version = 4\n",
|
||
" ihl = None\n",
|
||
" tos = 0x0\n",
|
||
" len = None\n",
|
||
" id = 1\n",
|
||
" flags = \n",
|
||
" frag = 0\n",
|
||
" ttl = 64\n",
|
||
" proto = udp\n",
|
||
" chksum = None\n",
|
||
" src = 10.122.13.217\n",
|
||
" dst = 10.122.8.1\n",
|
||
" \\options \\\n",
|
||
"###[ UDP ]### \n",
|
||
" sport = domain\n",
|
||
" dport = domain\n",
|
||
" len = None\n",
|
||
" chksum = None\n",
|
||
"\n",
|
||
"###[ IP ]### \n",
|
||
" version = 4\n",
|
||
" ihl = 5\n",
|
||
" tos = 0x0\n",
|
||
" len = 28\n",
|
||
" id = 1\n",
|
||
" flags = \n",
|
||
" frag = 0\n",
|
||
" ttl = 64\n",
|
||
" proto = udp\n",
|
||
" chksum = 0x5003\n",
|
||
" src = 10.122.13.217\n",
|
||
" dst = 10.122.8.1\n",
|
||
" \\options \\\n",
|
||
"###[ UDP ]### \n",
|
||
" sport = domain\n",
|
||
" dport = domain\n",
|
||
" len = 8\n",
|
||
" chksum = 0xd4a6\n",
|
||
"\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"IPs=ni.ifaddresses(interface)[ni.AF_INET][0]['addr']\n",
|
||
"IPd='10.122.8.1'\n",
|
||
"paquet2=IP(src=IPs, dst=IPd)/UDP()\n",
|
||
"paquet2.show()\n",
|
||
"paquet2.show2()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "99f4f1f2",
|
||
"metadata": {},
|
||
"source": [
|
||
"Si on spécifie un nom de domaine à la place d'une adresse IP, Scapy fait une requête DNS pour obtenir l'adresse IP correspondante."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 27,
|
||
"id": "4115b214",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"###[ Ethernet ]### \n",
|
||
" dst = 00:0A:1F:3B:4E:64\n",
|
||
" src = 11:22:33:44:55:66\n",
|
||
" type = IPv4\n",
|
||
"###[ IP ]### \n",
|
||
" version = 4\n",
|
||
" ihl = None\n",
|
||
" tos = 0x0\n",
|
||
" len = None\n",
|
||
" id = 1\n",
|
||
" flags = \n",
|
||
" frag = 0\n",
|
||
" ttl = 64\n",
|
||
" proto = tcp\n",
|
||
" chksum = None\n",
|
||
" src = 192.168.1.1\n",
|
||
" dst = Net(\"cours.univ-guyane.fr/32\")\n",
|
||
" \\options \\\n",
|
||
"###[ TCP ]### \n",
|
||
" sport = ftp_data\n",
|
||
" dport = http\n",
|
||
" seq = 0\n",
|
||
" ack = 0\n",
|
||
" dataofs = None\n",
|
||
" reserved = 0\n",
|
||
" flags = SA\n",
|
||
" window = 8192\n",
|
||
" chksum = None\n",
|
||
" urgptr = 0\n",
|
||
" options = ''\n",
|
||
"###[ Raw ]### \n",
|
||
" load = 'C est vraiment bien Scapy'\n",
|
||
"\n",
|
||
"###[ Ethernet ]### \n",
|
||
" dst = 00:0a:1f:3b:4e:64\n",
|
||
" src = 11:22:33:44:55:66\n",
|
||
" type = IPv4\n",
|
||
"###[ IP ]### \n",
|
||
" version = 4\n",
|
||
" ihl = 5\n",
|
||
" tos = 0x0\n",
|
||
" len = 65\n",
|
||
" id = 1\n",
|
||
" flags = \n",
|
||
" frag = 0\n",
|
||
" ttl = 64\n",
|
||
" proto = tcp\n",
|
||
" chksum = 0x55b0\n",
|
||
" src = 192.168.1.1\n",
|
||
" dst = 193.48.162.44\n",
|
||
" \\options \\\n",
|
||
"###[ TCP ]### \n",
|
||
" sport = ftp_data\n",
|
||
" dport = http\n",
|
||
" seq = 0\n",
|
||
" ack = 0\n",
|
||
" dataofs = 5\n",
|
||
" reserved = 0\n",
|
||
" flags = SA\n",
|
||
" window = 8192\n",
|
||
" chksum = 0x7429\n",
|
||
" urgptr = 0\n",
|
||
" options = []\n",
|
||
"###[ Raw ]### \n",
|
||
" load = 'C est vraiment bien Scapy'\n",
|
||
"\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"MACs='11:22:33:44:55:66'\n",
|
||
"MACd='00:0A:1F:3B:4E:64'\n",
|
||
"IPs='192.168.1.1'\n",
|
||
"IPd='cours.univ-guyane.fr'\n",
|
||
"pkt=Ether(src=MACs, dst=MACd)/IP(src=IPs, dst=IPd)/TCP(flags='SA')/\"C est vraiment bien Scapy\"\n",
|
||
"pkt.show()\n",
|
||
"pkt.show2()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "44b13240",
|
||
"metadata": {},
|
||
"source": [
|
||
"## Charger un fichier pcap"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "3a0b4370",
|
||
"metadata": {},
|
||
"source": [
|
||
"La fonction rdpcap(\"nom de fichier\") lit un fichier pcap ou pcapng (format Wireshark) et renvoie une liste de paquets (vous devez être dans le répertoire de fichiers). On peut ensuite inspecter les différents paquet de cette capture par exemple avant de travailler en temps réel sur le réseau."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 28,
|
||
"id": "7a903709",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"La capture comprend les paquets suivants :\n",
|
||
"\n",
|
||
"Ether / IP / ICMP 192.168.1.48 > 8.8.8.8 echo-request 0 / Raw\n",
|
||
"Ether / IP / ICMP 8.8.8.8 > 192.168.1.48 echo-reply 0 / Raw\n",
|
||
"Ether / IP / ICMP 192.168.1.48 > 8.8.8.8 echo-request 0 / Raw\n",
|
||
"Ether / IP / ICMP 8.8.8.8 > 192.168.1.48 echo-reply 0 / Raw\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"#paquets=rdpcap(\"Wireshark/sip-rtp-g711.pcap\")\n",
|
||
"paquets=rdpcap(\"Wireshark/Ping_Google.pcap\")\n",
|
||
"#paquets=rdpcap(\"Wireshark/ftp.pcap\")\n",
|
||
"print(\"La capture comprend les paquets suivants :\\n\")\n",
|
||
"paquets.summary()"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "586dad13",
|
||
"metadata": {},
|
||
"source": [
|
||
"# Inspecter et obtenir la valeur d'un champ d'un paquet"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "9f867732",
|
||
"metadata": {},
|
||
"source": [
|
||
"Scapy utilise sa propre structure de données pour représenter les paquets. Cette structure est basée sur des **dictionnaires** imbriqués. Un dictionnaire est une collection qui associe une clé à une valeur. Pour créer un dictionnaire, on associe une clé à une valeur en les séparant par :, le tout entre accolades {}. Pour accéder à la valeur d'élément d'un dictionnaire, il faut utiliser les crochets et préciser la valeur de la clé. Il est possible de changer la valeur pour une clé donnée ou ajouter une nouvelle valeur pour une nouvelle clé."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 29,
|
||
"id": "696b8ba3",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"'chef de departement'"
|
||
]
|
||
},
|
||
"execution_count": 29,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"RT={'Robinet' : 'chef de departement', 'William' :'enseignant', 'Gipet' : 'secretaire' }\n",
|
||
"RT['Robinet']"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 30,
|
||
"id": "c5342d38",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"Mr Robinet est chef de departement au département R&T de l'IUT de Kourou\n",
|
||
"Mr William est enseignant au département R&T de l'IUT de Kourou\n",
|
||
"Mr Gipet est secretaire au département R&T de l'IUT de Kourou\n",
|
||
"Mr Cothenet est enseignant au département R&T de l'IUT de Kourou\n"
|
||
]
|
||
},
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"[None, None, None, None]"
|
||
]
|
||
},
|
||
"execution_count": 30,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"RT['Cothenet']='enseignant'\n",
|
||
"[print(f\"Mr {nom} est {RT[nom]} au département R&T de l'IUT de Kourou\") for nom in RT]"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "e88d1682",
|
||
"metadata": {},
|
||
"source": [
|
||
"Des dictionnaires imbriqués sont des dictionnaires dans des dictionnaires comme illustré ci-dessous :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 31,
|
||
"id": "910f196c",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"'chef de departement'"
|
||
]
|
||
},
|
||
"execution_count": 31,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"RT={'Robinet' : {'fonction' : 'chef de departement', 'année de recutement' : 2002, \\\n",
|
||
" 'Enseignant en' : 'Informatique'},\n",
|
||
" 'William' : {'fonction' : 'Responsable de la licence MRIT', 'année de recutement' : 2009, \\\n",
|
||
" 'Enseignant en' : 'Réseaux'}} \n",
|
||
"RT['Robinet']['fonction']"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "098a8228",
|
||
"metadata": {},
|
||
"source": [
|
||
"Dans un fichier pcap ou pcapng, chaque paquet est un élément d'un dictionnaire, la clé correspondant au numéro de paquet en partant de 0. Dans la capture chargée précédemement on a 4 paquets :\n",
|
||
"\n",
|
||
"\n",
|
||
"\n",
|
||
"On peut donc récupérer le premier paquet avec :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 32,
|
||
"id": "84565ddc",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"Le premier paquet est le suivant :\n"
|
||
]
|
||
},
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"<Ether dst=f4:ca:e5:5d:b5:c8 src=8c:85:90:c5:71:56 type=IPv4 |<IP version=4 ihl=5 tos=0x0 len=84 id=3173 flags= frag=0 ttl=64 proto=icmp chksum=0x9c5c src=192.168.1.48 dst=8.8.8.8 |<ICMP type=echo-request code=0 chksum=0xf4cc id=0x5662 seq=0x0 unused='' |<Raw load='a\\\\xc0\\\\xbd\\\\xd2\\x00\\x05\\\\xa25\\x08\\t\\n\\x0b\\x0c\\r\\x0e\\x0f\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f !\"#$%&\\'()*+,-./01234567' |>>>>"
|
||
]
|
||
},
|
||
"execution_count": 32,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"print('Le premier paquet est le suivant :')\n",
|
||
"paquets[0]"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 33,
|
||
"id": "623fc549",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"<IP version=4 ihl=5 tos=0x0 len=84 id=7714 flags= frag=0 ttl=64 proto=icmp chksum=0x8a9f src=192.168.1.48 dst=8.8.8.8 |<ICMP type=echo-request code=0 chksum=0xe086 id=0x5662 seq=0x1 unused='' |<Raw load='a\\\\xc0\\\\xbd\\\\xd3\\x00\\x05\\\\xb6y\\x08\\t\\n\\x0b\\x0c\\r\\x0e\\x0f\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f !\"#$%&\\'()*+,-./01234567' |>>>"
|
||
]
|
||
},
|
||
"execution_count": 33,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets[2]['IP']"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "e33a176e",
|
||
"metadata": {},
|
||
"source": [
|
||
"Ou plus simplement sans mettre les guillemets , Scapy interprétenant le contenu des crochets comme une str :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 34,
|
||
"id": "abe3a9dc",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"<IP version=4 ihl=5 tos=0x0 len=84 id=7714 flags= frag=0 ttl=64 proto=icmp chksum=0x8a9f src=192.168.1.48 dst=8.8.8.8 |<ICMP type=echo-request code=0 chksum=0xe086 id=0x5662 seq=0x1 unused='' |<Raw load='a\\\\xc0\\\\xbd\\\\xd3\\x00\\x05\\\\xb6y\\x08\\t\\n\\x0b\\x0c\\r\\x0e\\x0f\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f !\"#$%&\\'()*+,-./01234567' |>>>"
|
||
]
|
||
},
|
||
"execution_count": 34,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets[2][IP]"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "15eb4084",
|
||
"metadata": {},
|
||
"source": [
|
||
"On peut ensuite accéder à un champ d'une couche avec un point et le nom du champ : "
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 35,
|
||
"id": "18757a00",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"'8.8.8.8'"
|
||
]
|
||
},
|
||
"execution_count": 35,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets[2][IP].dst"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "4d3be74f",
|
||
"metadata": {},
|
||
"source": [
|
||
"Certains protocoles (généralement applicatifs) ne sont pas décodés par Scapy. Les données sont alors des données brutes indiqué par le mot clé **\"Raw\"** et ce sont des bytes notés b''. C'est par exemple le cas du contenu du paquet ICMP :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 36,
|
||
"id": "86fe851e",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"b'a\\xc0\\xbd\\xd2\\x00\\x05\\xa25\\x08\\t\\n\\x0b\\x0c\\r\\x0e\\x0f\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f !\"#$%&\\'()*+,-./01234567'"
|
||
]
|
||
},
|
||
"execution_count": 36,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets[0][Raw].load"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "1f7c510d",
|
||
"metadata": {},
|
||
"source": [
|
||
"C'est aussi le cas du protocole SIP. Comme le contenu du protocole SIP est en mode texte, on pourra cependant récupérer les différents champs mais on devra parser les champs manuellement en utilisant les différentes fonctions (méthodes) fournies par les chaîne de caractère notamment la fonction split qui permet de séparer les différents élements en fonction d'un séparateur, ici l'espace (sep=None). Comme le protocole SIP est en mode texte avec un encodage UTF8, on peut ensuite décoder un éléments de la liste avec la fonction decode."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 37,
|
||
"id": "82a02586",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"<Raw load='REGISTER sip:192.168.51.234:5060 SIP/2.0\\r\\nVia: SIP/2.0/UDP 192.168.35.42:5060;branch=z9hG4bK32fe687e88f536aca\\r\\nMax-Forwards: 70\\r\\nFrom: \"e1_tel1\" <sip:e1_tel1@192.168.51.234:5060>;tag=cbd9deb1a0\\r\\nTo: \"e1_tel1\" <sip:e1_tel1@192.168.51.234:5060>\\r\\nCall-ID: 09873fddf9ec647f\\r\\nCSeq: 2090097983 REGISTER\\r\\nAccept-Language: en\\r\\nAllow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, PRACK, SUBSCRIBE, INFO, PUBLISH\\r\\nAllow-Events: talk, hold, conference, LocalModeStatus\\r\\nAuthorization: Digest username=\"e1_tel1\",realm=\"asterisk\",nonce=\"274fcc0b\",uri=\"sip:192.168.51.234:5060\",response=\"4fb0cc1fbb5111ca76e9c147bc6bcabe\",algorithm=MD5\\r\\nContact: \"e1_tel1\" <sip:e1_tel1@192.168.35.42:5060;transport=udp>;+sip.instance=\"<urn:uuid:00000000-0000-1000-8000-00085D6BA371>\"\\r\\nSupported: path, gruu\\r\\nUser-Agent: Aastra 6863i/4.1.0.156\\r\\nContent-Length: 0\\r\\n\\r\\n' |>"
|
||
]
|
||
},
|
||
"execution_count": 37,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets2=rdpcap(\"Wireshark/SIP.pcap\")\n",
|
||
"paquets2[0][Raw]"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "302b9136",
|
||
"metadata": {},
|
||
"source": [
|
||
"Si le protocole est en mode texte comme SIP, on peut alors récupérer (parser) des champs du message avec les méthodes sur les chaines de caractères notamment la methode split qui permet de séparer les chaines en fonction d'un séparateur (ici l'espace : sep = None) dans une liste :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 38,
|
||
"id": "e5c8e96a",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"[b'REGISTER',\n",
|
||
" b'sip:192.168.51.234:5060',\n",
|
||
" b'SIP/2.0',\n",
|
||
" b'Via:',\n",
|
||
" b'SIP/2.0/UDP',\n",
|
||
" b'192.168.35.42:5060;branch=z9hG4bK32fe687e88f536aca',\n",
|
||
" b'Max-Forwards:',\n",
|
||
" b'70',\n",
|
||
" b'From:',\n",
|
||
" b'\"e1_tel1\"',\n",
|
||
" b'<sip:e1_tel1@192.168.51.234:5060>;tag=cbd9deb1a0',\n",
|
||
" b'To:',\n",
|
||
" b'\"e1_tel1\"',\n",
|
||
" b'<sip:e1_tel1@192.168.51.234:5060>',\n",
|
||
" b'Call-ID:',\n",
|
||
" b'09873fddf9ec647f',\n",
|
||
" b'CSeq:',\n",
|
||
" b'2090097983',\n",
|
||
" b'REGISTER',\n",
|
||
" b'Accept-Language:',\n",
|
||
" b'en',\n",
|
||
" b'Allow:',\n",
|
||
" b'INVITE,',\n",
|
||
" b'ACK,',\n",
|
||
" b'CANCEL,',\n",
|
||
" b'BYE,',\n",
|
||
" b'NOTIFY,',\n",
|
||
" b'REFER,',\n",
|
||
" b'OPTIONS,',\n",
|
||
" b'UPDATE,',\n",
|
||
" b'PRACK,',\n",
|
||
" b'SUBSCRIBE,',\n",
|
||
" b'INFO,',\n",
|
||
" b'PUBLISH',\n",
|
||
" b'Allow-Events:',\n",
|
||
" b'talk,',\n",
|
||
" b'hold,',\n",
|
||
" b'conference,',\n",
|
||
" b'LocalModeStatus',\n",
|
||
" b'Authorization:',\n",
|
||
" b'Digest',\n",
|
||
" b'username=\"e1_tel1\",realm=\"asterisk\",nonce=\"274fcc0b\",uri=\"sip:192.168.51.234:5060\",response=\"4fb0cc1fbb5111ca76e9c147bc6bcabe\",algorithm=MD5',\n",
|
||
" b'Contact:',\n",
|
||
" b'\"e1_tel1\"',\n",
|
||
" b'<sip:e1_tel1@192.168.35.42:5060;transport=udp>;+sip.instance=\"<urn:uuid:00000000-0000-1000-8000-00085D6BA371>\"',\n",
|
||
" b'Supported:',\n",
|
||
" b'path,',\n",
|
||
" b'gruu',\n",
|
||
" b'User-Agent:',\n",
|
||
" b'Aastra',\n",
|
||
" b'6863i/4.1.0.156',\n",
|
||
" b'Content-Length:',\n",
|
||
" b'0']"
|
||
]
|
||
},
|
||
"execution_count": 38,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets2[0][Raw].load.split(sep=None)"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "981a7048",
|
||
"metadata": {},
|
||
"source": [
|
||
"On peut alors récupérer le champ désiré en récupérant le bon élément de la liste :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 39,
|
||
"id": "4b5fc750",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"b'REGISTER'"
|
||
]
|
||
},
|
||
"execution_count": 39,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets2[0][Raw].load.split(sep=None)[0]"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "738e2fff",
|
||
"metadata": {},
|
||
"source": [
|
||
"Il s'agit d'un contenu hexadécimal noté b'' et on peut donc le décoder en indiquant le format d'encodage (par défaut on prendra UTF8) pour obtenir la chaîne de caratères correspondante : "
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 40,
|
||
"id": "bbf7471b",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"'REGISTER'"
|
||
]
|
||
},
|
||
"execution_count": 40,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"paquets2[0][Raw].load.split(sep=None)[0].decode('UTF8')"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "a3b8465a",
|
||
"metadata": {},
|
||
"source": [
|
||
"# Sniffer des paquets"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"id": "ec3ae200",
|
||
"metadata": {},
|
||
"source": [
|
||
"La fonction **sniff(filter=\"\", count=0, prn=None, lfilter=None, timeout=None, ..)** permet de capturer le trafic réseau à partir d'une ou plusieurs interfaces. sniff() a 6 options :\n",
|
||
"\n",
|
||
"- filter : filtre les paquets à l'intérieur du noyau Linux ce qui rend le filtrage très rapide. L'écriture du filtre utilise la syntaxe BPF \"Berkeley Packet Filter\" dont on trouvera une documentation ici : https://biot.com/capstats/bpf.html. On utilisera donc ce filtre dans la SAE pour ne garder que les paquets associés au protocole applicatif utilisé. Ex: filter=\"tcp and port 80\"\n",
|
||
"\n",
|
||
"\n",
|
||
"\n",
|
||
"- count : nombre de paquet à capturer. La valeur par défaut est 0 ce qui veut dire qu'il n'y a pas de limite au nombre de paquets capturés.\n",
|
||
"- prn : nom de la fonction à appliquer à chaque paquet reçu. C'est dans cette fonction qu'on effectuera les traitements sur les paquets (détection du login, mot de passe, ...)\n",
|
||
"- lfilter : filtre les paquets à l'aide d'une fonction Python, on pourra utiliser une fonction lambda. Comme filter ce filtre est utilisé pour filtrer les paquets en utilisant la syntaxe Python/Scapy. On peut dont cibler n'importe quel champ d'un protocole par contre ce filtre est beaucoup plus lent car pas implémenté dans le noyau. Ex : lfilter = lambda pkt: TCP in pkt and(pkt[TCP].dport == 80 or pkt[TCP].sport == 80)\n",
|
||
"- timeout : durée de la capture, par défaut None=∞ (^C pour arrêter)\n",
|
||
"- iface : interface sur laquelle on souhaite capturer les paquets (défaut :all)\n",
|
||
"- store : s'il faut stocker les paquets capturés ou les supprimer (store=0). Si la capture dure dans le temps et qu'on stocke les paquets, la RAM allouée au processus augmentera progressivement avec l'enregistrement des paquets.\n",
|
||
"- stopfilter : fonction à évaluer pour arrêter la capture (la fonction doit retourner true pour arrêter, false pour continuer)\n",
|
||
"\n",
|
||
"\n",
|
||
"Si on veut utiliser la fonction sniff() dans un notebook, on mettra une timeout ou un nombre de paquets à capturer. Un exemple d'utilisation de la fonction sniff pour afficher les 4 premiers paquets ICMP émis et reçus sur une interface est donné ci-dessous :"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 41,
|
||
"id": "5b3b0156",
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"Emission d'un paquet ICMP Echo vers 10.99.30.7\n",
|
||
"Réception d'un paquet ICMP Echo-Reply en provenance de 10.99.30.7\n",
|
||
"Emission d'un paquet ICMP Echo vers 10.99.30.7\n",
|
||
"Réception d'un paquet ICMP Echo-Reply en provenance de 10.99.30.7\n"
|
||
]
|
||
},
|
||
{
|
||
"data": {
|
||
"text/plain": [
|
||
"<Sniffed: TCP:0 UDP:0 ICMP:0 Other:0>"
|
||
]
|
||
},
|
||
"execution_count": 41,
|
||
"metadata": {},
|
||
"output_type": "execute_result"
|
||
}
|
||
],
|
||
"source": [
|
||
"from scapy.all import *\n",
|
||
"conf.verb=1\n",
|
||
"\n",
|
||
"ICMP_types={ 0 : 'Echo-Reply', 3 : 'Destination Unreachable', 8 : 'Echo'}\n",
|
||
"\n",
|
||
"def print_icmp (packet) : \n",
|
||
" type=packet[ICMP].type\n",
|
||
" ips=packet[IP].src\n",
|
||
" ipd=packet[IP].dst\n",
|
||
" if ips==iface_ip :\n",
|
||
" print(f\"Emission d'un paquet ICMP {ICMP_types[type]} vers {ipd}\")\n",
|
||
" else :\n",
|
||
" print(f\"Réception d'un paquet ICMP {ICMP_types[type]} en provenance de {ips}\")\n",
|
||
"\n",
|
||
"iface_ip=get_if_addr(conf.iface)\n",
|
||
"sniff(filter=\"icmp\", prn=print_icmp, store=0, iface='en0', count=4)"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": null,
|
||
"id": "bac3b21c",
|
||
"metadata": {},
|
||
"outputs": [],
|
||
"source": []
|
||
}
|
||
],
|
||
"metadata": {
|
||
"kernelspec": {
|
||
"display_name": "sae24_env",
|
||
"language": "python",
|
||
"name": "sae24_env"
|
||
},
|
||
"language_info": {
|
||
"codemirror_mode": {
|
||
"name": "ipython",
|
||
"version": 3
|
||
},
|
||
"file_extension": ".py",
|
||
"mimetype": "text/x-python",
|
||
"name": "python",
|
||
"nbconvert_exporter": "python",
|
||
"pygments_lexer": "ipython3",
|
||
"version": "3.11.9"
|
||
}
|
||
},
|
||
"nbformat": 4,
|
||
"nbformat_minor": 5
|
||
}
|