Get TCP Flags with Scapy

Normally, the usual way to handle FLAGS is with a bitmap and bitwise operators. If your Packet class doesn't have specific method to test for flags, the best thing you can do IMHO is to:

FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80

And test them like this:

F = p['TCP'].flags    # this should give you an integer
if F & FIN:
    # FIN flag activated
if F & SYN:
    # SYN flag activated
# rest of the flags here

Sadly, python doesn't have a switch statement to make this more elegant but it doesn't really matter much.

Hope this helps!

You can use the Packet.sprintf() method:

>>> p = IP()/TCP(flags=18)
>>> p.sprintf('%TCP.flags%')
'SA'

If you want the "long" names, use a dict instead of a long if...elif... expression (dict are often used in Python when you would use a switch in other languages):

>>> flags = {
    'F': 'FIN',
    'S': 'SYN',
    'R': 'RST',
    'P': 'PSH',
    'A': 'ACK',
    'U': 'URG',
    'E': 'ECE',
    'C': 'CWR',
}
>>> [flags[x] for x in p.sprintf('%TCP.flags%')]
['SYN', 'ACK']

Get TCP Flags with Scapy

Tags:

Python

Tcp

Packet

Scapy

Packet Capture

Related

Recent Posts