I was looking for a way to parse TCP/IP packets in Python, when a friend recommended Scapy. Scapy is a nice python package that’s got a very cool interface using the “div” operator, and is used like so:
packet = IP()/TCP()/"GET / HTTP/1.0\r\n\r\n"
str(packet) # returns the packet's binary data
which is pretty cool and creative. It makes the layers concept pretty visual. Now, I was looking for a way to parse packets, i.e., the other way around. So we were looking in scapy’s documentation. The section on “dissecting” seemed like it might be what we wanted, and here’s the introduction:
Layers are only list of fields, but what is the glue between each field, and after, between each layer. These are the mysteries explain in this section.