The HTTP layer detection doesn't seems to work properly. I have a sample pcap file with a single packet that is correctly parsed by Wireshark but not by this script:
from scapy.all import *
from scapy_http.http import HTTPRequest
packets = rdpcap('scapy_repro.pcap')
for packet in packets:
print
print packet.show()
print
print "HTTP" if packet.haslayer(HTTPRequest) else "NOT HTTP"
(.virtualenv) ➜ workspace/scapy git:(master) ✗ python scapy_repro.py
###[ Ethernet ]###
dst = 00:00:00:00:00:00
src = 00:00:00:00:00:00
type = 0x800
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = 284
id = 37297
flags = DF
frag = 0L
ttl = 64
proto = tcp
chksum = 0xaa28
src = 127.0.0.1
dst = 127.0.0.1
\options \
###[ TCP ]###
sport = 38364
dport = fmtp
seq = 4275972702
ack = 1395008342
dataofs = 8L
reserved = 0L
flags = PA
window = 14338
chksum = 0xff10
urgptr = 0
options = [('NOP', None), ('NOP', None), ('Timestamp', (137714020, 137714020))]
###[ Raw ]###
load = 'GET /v1/kv/vitess/deploy/restart/us_east_1/vtctld/vtctld-0d28e6af524075ec1 HTTP/1.1\r\nHost: 127.0.0.1:8500\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.18.4\r\n\r\n'
None
NOT HTTP
Probably linked with #31?
(.virtualenv) ➜ workspace/scapy git:(master) ✗ pip freeze
cffi==1.11.5
dnet==1.12
libpcap==1.0.0b9
pcapy==0.11.1
pycparser==2.18
scapy==2.3.3
scapy-http==1.8
I might be wrong but I think this evaluation is not correct as the type is not a string?
The HTTP layer detection doesn't seems to work properly. I have a sample
pcapfile with a single packet that is correctly parsed by Wireshark but not by this script:Probably linked with #31?
I might be wrong but I think this evaluation is not correct as the type is not a string?