To find out the fields of Ether
There is a ls method which can be used to show the fields of Ether.
This ls method is used to find out the fields that i can put in values.
This shows there are three fields, to send a broadcast frame, I need to put in ff:ff:ff:ff:ff:ff to the dst field.
There are two ways to do it.
First way is to create an Ether object, then pass in the broadcast value into dst like this:
The show method will show the contents of the ethernet frame:
As noticed from the output the src field is automatically filled in with my current interface mac address.
Another way is to directly put in the broadcast while creating the ether object.
scapy.all has a constant known as ETHER_BROADCAST which is the “ff:ff:ff:ff:ff:ff”.
The result is the same:
To find out fields of ARP
The method is the same for finding out the available fields for ARP.
Which will give the below fields:
What we are interested to put value in is pdst which is the target ip address, if we are to query 192.168.1.10 then pdst will need to put in 192.168.1.10.
The method to fill in the pdst is the same as with Ether, so I can first create an ARP object, then put in the pdst later.
which yields this result:
As noticed, the hwsrc and the psrc are automatically filled with my interface’s ip address and mac address.
Another method is to directly create an ARP object with the pdst defined.
Which yields the same result.
Concatenate Ether and ARP
scapy.all uses “/” to concatenate Ether and ARP which is a division operator, it works though it is kind of weird in my opinion…
The concatenated packet is:
cyruslab 
One thought on “[python]Understanding the fields of Ether and ARP in Scapy”