Discussion:
wrpcap error(s): WARNING: PcapWriter: unknown LL type for SndRcvList. Using type 1 (Ethernet) / AttributeError: 'list' object has no attribute 'time'
ikkini
2011-12-06 12:38:51 UTC
Permalink
Hello list, perhaps someone can point out where my error is?

I'm seeing this on ubuntu, debian (2.1.0.1_all.deb) and OS X (@2.0.1).
I realize this is an older version, but these come straight from the
OS packages.
I have also tried with ans,unans formats, where I only try to write
the "ans" to a pcap.
Probably I'm doing something wrong, but I have no idea what.
This is just plain ethernet, using wifi we had the same type of problem.

sr(IP(dst='192.168.123.254')/TCP(dport=80))
Begin emission:
..Finished to send 1 packets.
.*
Received 4 packets, got 1 answers, remaining 0 packets
(<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0
ICMP:0 Other:0>)
a= _
a[0]
<Results: TCP:1 UDP:0 ICMP:0 Other:0>
wrpcap("/tmp/test.pcap",a)
WARNING: PcapWriter: unknown LL type for SndRcvList. Using type 1 (Ethernet)
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
440, in wrpcap
PcapWriter(filename, *args, **kargs).write(pkt)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
623, in write
self._write_packet(p)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
662, in _write_packet
sec = int(packet.time)
File "/opt/local/lib/python2.5/site-packages/scapy/plist.py", line
72, in __getattr__
return getattr(self.res, attr)
AttributeError: 'list' object has no attribute 'time'
ans,unans=a
ans[0][0].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 40
id= 1
flags=
frag= 0L
ttl= 64
proto= tcp
chksum= 0x199
src= 192.168.123.231
dst= 192.168.123.254
options= ''
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= 5L
reserved= 0L
flags= S
window= 8192
chksum= 0x1648
urgptr= 0
options= {}
ans[0][1].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 44
id= 0
flags= DF
frag= 0L
ttl= 64
proto= tcp
chksum= 0xc195
src= 192.168.123.254
dst= 192.168.123.231
options= ''
###[ TCP ]###
sport= http
dport= ftp_data
seq= 627185086
ack= 1
dataofs= 6L
reserved= 0L
flags= SA
window= 5840
chksum= 0xcc8a
urgptr= 0
options= [('MSS', 1460)]
###[ Padding ]###
load= '\xf9}'

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Sean Cavanaugh (scavanau)
2011-12-06 20:31:03 UTC
Permalink
Are you running the program as root? I got that once when I did not run
as root.

-S

-----Original Message-----
From: ikkini [mailto:***@gmail.com]
Sent: Tuesday, December 06, 2011 7:39 AM
To: ***@secdev.org
Subject: [scapy.ml] wrpcap error(s): WARNING: PcapWriter: unknown LL
type for SndRcvList. Using type 1 (Ethernet) / AttributeError: 'list'
object has no attribute 'time'

Hello list, perhaps someone can point out where my error is?

I'm seeing this on ubuntu, debian (2.1.0.1_all.deb) and OS X (@2.0.1).
I realize this is an older version, but these come straight from the
OS packages.
I have also tried with ans,unans formats, where I only try to write
the "ans" to a pcap.
Probably I'm doing something wrong, but I have no idea what.
This is just plain ethernet, using wifi we had the same type of problem.

sr(IP(dst='192.168.123.254')/TCP(dport=80))
Begin emission:
..Finished to send 1 packets.
.*
Received 4 packets, got 1 answers, remaining 0 packets
(<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0
ICMP:0 Other:0>)
a= _
a[0]
<Results: TCP:1 UDP:0 ICMP:0 Other:0>
wrpcap("/tmp/test.pcap",a)
WARNING: PcapWriter: unknown LL type for SndRcvList. Using type 1
(Ethernet)
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
440, in wrpcap
PcapWriter(filename, *args, **kargs).write(pkt)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
623, in write
self._write_packet(p)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
662, in _write_packet
sec = int(packet.time)
File "/opt/local/lib/python2.5/site-packages/scapy/plist.py", line
72, in __getattr__
return getattr(self.res, attr)
AttributeError: 'list' object has no attribute 'time'
ans,unans=a
ans[0][0].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 40
id= 1
flags=
frag= 0L
ttl= 64
proto= tcp
chksum= 0x199
src= 192.168.123.231
dst= 192.168.123.254
options= ''
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= 5L
reserved= 0L
flags= S
window= 8192
chksum= 0x1648
urgptr= 0
options= {}
ans[0][1].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 44
id= 0
flags= DF
frag= 0L
ttl= 64
proto= tcp
chksum= 0xc195
src= 192.168.123.254
dst= 192.168.123.231
options= ''
###[ TCP ]###
sport= http
dport= ftp_data
seq= 627185086
ack= 1
dataofs= 6L
reserved= 0L
flags= SA
window= 5840
chksum= 0xcc8a
urgptr= 0
options= [('MSS', 1460)]
###[ Padding ]###
load= '\xf9}'

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org


---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
ikkini
2011-12-07 01:15:12 UTC
Permalink
Hey Sean,
Good call and that might have been it, but I went and double checked:
it's not :/

If I find the time I'll build a vm so I can run the
latest-and-greatest-spanking-new code and see if it works then...


On Tue, Dec 6, 2011 at 9:31 PM, Sean Cavanaugh (scavanau)
Are you running the program as root?  I got that once when I did not run
as root.
-S
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Sean Cavanaugh (scavanau)
2011-12-08 16:00:25 UTC
Permalink
Can you just try this?->
a = Ether() / IP() / ICMP()
a
<Ether type=0x800 |<IP frag=0 proto=icmp |<ICMP |>>>
a = wrpcap("/sean.pcap", a)
[***@localhost ggsg]# ls /
bin cgroup etc ipv6_fragment lib64 media opt root
sean.pcap srv tmp var without_fragments
boot dev home lib lost+found mnt proc sbin
selinux sys usr Video
[***@localhost ggsg]#


Simpler then sr so we can just step back a step and figure out what is
going on. I am running some older python on my linux box, I should also
upgrade ;)

-S

-----Original Message-----
From: ikkini [mailto:***@gmail.com]
Sent: Tuesday, December 06, 2011 7:39 AM
To: ***@secdev.org
Subject: [scapy.ml] wrpcap error(s): WARNING: PcapWriter: unknown LL
type for SndRcvList. Using type 1 (Ethernet) / AttributeError: 'list'
object has no attribute 'time'

Hello list, perhaps someone can point out where my error is?

I'm seeing this on ubuntu, debian (2.1.0.1_all.deb) and OS X (@2.0.1).
I realize this is an older version, but these come straight from the
OS packages.
I have also tried with ans,unans formats, where I only try to write
the "ans" to a pcap.
Probably I'm doing something wrong, but I have no idea what.
This is just plain ethernet, using wifi we had the same type of problem.

sr(IP(dst='192.168.123.254')/TCP(dport=80))
Begin emission:
..Finished to send 1 packets.
.*
Received 4 packets, got 1 answers, remaining 0 packets
(<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0 UDP:0
ICMP:0 Other:0>)
a= _
a[0]
<Results: TCP:1 UDP:0 ICMP:0 Other:0>
wrpcap("/tmp/test.pcap",a)
WARNING: PcapWriter: unknown LL type for SndRcvList. Using type 1
(Ethernet)
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
440, in wrpcap
PcapWriter(filename, *args, **kargs).write(pkt)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
623, in write
self._write_packet(p)
File "/opt/local/lib/python2.5/site-packages/scapy/utils.py", line
662, in _write_packet
sec = int(packet.time)
File "/opt/local/lib/python2.5/site-packages/scapy/plist.py", line
72, in __getattr__
return getattr(self.res, attr)
AttributeError: 'list' object has no attribute 'time'
ans,unans=a
ans[0][0].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 40
id= 1
flags=
frag= 0L
ttl= 64
proto= tcp
chksum= 0x199
src= 192.168.123.231
dst= 192.168.123.254
options= ''
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= 5L
reserved= 0L
flags= S
window= 8192
chksum= 0x1648
urgptr= 0
options= {}
ans[0][1].show2()
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 44
id= 0
flags= DF
frag= 0L
ttl= 64
proto= tcp
chksum= 0xc195
src= 192.168.123.254
dst= 192.168.123.231
options= ''
###[ TCP ]###
sport= http
dport= ftp_data
seq= 627185086
ack= 1
dataofs= 6L
reserved= 0L
flags= SA
window= 5840
chksum= 0xcc8a
urgptr= 0
options= [('MSS', 1460)]
###[ Padding ]###
load= '\xf9}'

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org


---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
ikkini
2011-12-08 23:51:38 UTC
Permalink
Hey Sean, thanks for your assistance.
Interestingly enough, your suggestion works like a charm:

a = Ether()/IP()/ICMP()
a
<Ether type=IPv4 |<IP frag=0 proto=icmp |<ICMP |>>>
wrpcap("ikkini.pcap", a)
type(a)
<class 'scapy.layers.l2.Ether'>

This also works:

sniff()
^C<Sniffed: TCP:3 UDP:0 ICMP:0 Other:0>
sniffed = _
wrpcap("sniffed.pcap", sniffed)
type(sniffed)
<type 'instance'>

This does not work:

pkts=sr(IP(dst='192.168.178.1')/TCP(dport=80))
wrpcap("pkts.pcap", pkts)
[...]
AttributeError: 'list' object has no attribute 'time'
type(pkts)
<type 'tuple'>

and neither does this:

ans,unans=sr1(IP(dst='192.168.178.1')/TCP(dport=80))
wrpcap("ans.pcap", ans)
[...]
AttributeError: 'tuple' object has no attribute 'time'
type(ans)
<type 'instance'>

Also interesting is that as part of the error I get:
"WARNING: PcapWriter: unknown LL type for tuple. Using type 1 (Ethernet)"

So lets make sure nothing's missing:
ans,unans=srp(Ether()/IP(dst='192.168.178.1')/TCP(dport=80))

wrpcap("ans.pcap", ans)
WARNING: PcapWriter: unknown LL type for tuple. Using type 1 (Ethernet)
[...]
AttributeError: 'tuple' object has no attribute 'time'

The reason I'm adding all the "type()"-ing is because I'm guessing
that is probably where this issue is: wrpcap gets a "packet" and it
then has to unpack and figure out what to do with it. The error points
to:

/usr/lib/pymodules/python2.6/scapy/utils.py", line 688, in _write_packet
sec = int(packet.time)

Apparently it ends up with lists and tuples in some "packet" cases,
which have "no attribute 'time'".

The following does work:

ans,unans=srp(Ether()/IP(dst='192.168.178.1')/TCP(dport=80))
Begin emission:
...*Finished to send 1 packets.
Received 4 packets, got 1 answers, remaining 0 packets

ans[0]
(<Ether type=IPv4 |<IP frag=0 proto=tcp dst=192.168.178.1 |<TCP
dport=www |>>>, <Ether dst=00:0c:29:be:64:b0 src=00:24:fe:36:60:82
type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=44 id=0 flags=DF frag=0L
ttl=64 proto=tcp chksum=0x5538 src=192.168.178.1 dst=192.168.178.65
options=[] |<TCP sport=www dport=ftp_data seq=1298246651 ack=1
dataofs=6L reserved=0L flags=SA window=5840 chksum=0xa1f0 urgptr=0
options=[('MSS', 1460)] |<Padding load='\x01\x00' |>>>>)
type(ans[0])
<type 'tuple'>

wrpcap("testans0.pcap",ans[0])

tshark -r testans0.pcap
1 0.000000 192.168.178.65 -> 192.168.178.1 TCP ftp-data > http
[SYN] Seq=0 Win=8192 Len=0
2 0.064471 192.168.178.1 -> 192.168.178.65 TCP http > ftp-data
[SYN, ACK] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460

So basically it can handle some instances and classes like
'scapy.layers.l2.Ether', but not some other instances, tuples and
lists. I've looked through some documentation by Philippe and Dirk,
and where ever I saw "wrpcap" being explained, it was always in
relation to sniff().

I guess for what I want to do I'm going to have to start using something like:
http://permalink.gmane.org/gmane.comp.security.scapy.general/4475

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Sean Cavanaugh (scavanau)
2011-12-12 16:09:47 UTC
Permalink
Hey,

Sorry for the late reply, was on vacation.

Maybe your pcap is being read in as a list or something and not a
packetlist... (I doubt this is it), but watch this->
a = [Ether()/IP()/ICMP() , Ether()/IP()/ICMP()]
help(a)
a.show()
Traceback (most recent call last):
File "<console>", line 1, in <module>
AttributeError: 'list' object has no attribute 'show'
a = PacketList(a)
a.show()
0000 Ether / IP / ICMP 127.0.0.1 > 127.0.0.1 echo-request 0
0001 Ether / IP / ICMP 127.0.0.1 > 127.0.0.1 echo-request 0
Make sense? Your errors seem to indicate something wrong about types...
(I am running scapy 2.2 and python 2.6)

-S

-----Original Message-----
From: ikkini [mailto:***@gmail.com]
Sent: Thursday, December 08, 2011 6:52 PM
To: ***@secdev.org
Subject: Re: [scapy.ml] wrpcap error(s): WARNING: PcapWriter: unknown LL
type for SndRcvList. Using type 1 (Ethernet) / AttributeError: 'list'
object has no attribute 'time'

Hey Sean, thanks for your assistance.
Interestingly enough, your suggestion works like a charm:

a = Ether()/IP()/ICMP()
a
<Ether type=IPv4 |<IP frag=0 proto=icmp |<ICMP |>>>
wrpcap("ikkini.pcap", a)
type(a)
<class 'scapy.layers.l2.Ether'>

This also works:

sniff()
^C<Sniffed: TCP:3 UDP:0 ICMP:0 Other:0>
sniffed = _
wrpcap("sniffed.pcap", sniffed)
type(sniffed)
<type 'instance'>

This does not work:

pkts=sr(IP(dst='192.168.178.1')/TCP(dport=80))
wrpcap("pkts.pcap", pkts)
[...]
AttributeError: 'list' object has no attribute 'time'
type(pkts)
<type 'tuple'>

and neither does this:

ans,unans=sr1(IP(dst='192.168.178.1')/TCP(dport=80))
wrpcap("ans.pcap", ans)
[...]
AttributeError: 'tuple' object has no attribute 'time'
type(ans)
<type 'instance'>

Also interesting is that as part of the error I get:
"WARNING: PcapWriter: unknown LL type for tuple. Using type 1
(Ethernet)"

So lets make sure nothing's missing:
ans,unans=srp(Ether()/IP(dst='192.168.178.1')/TCP(dport=80))

wrpcap("ans.pcap", ans)
WARNING: PcapWriter: unknown LL type for tuple. Using type 1 (Ethernet)
[...]
AttributeError: 'tuple' object has no attribute 'time'

The reason I'm adding all the "type()"-ing is because I'm guessing
that is probably where this issue is: wrpcap gets a "packet" and it
then has to unpack and figure out what to do with it. The error points
to:

/usr/lib/pymodules/python2.6/scapy/utils.py", line 688, in _write_packet
sec = int(packet.time)

Apparently it ends up with lists and tuples in some "packet" cases,
which have "no attribute 'time'".

The following does work:

ans,unans=srp(Ether()/IP(dst='192.168.178.1')/TCP(dport=80))
Begin emission:
...*Finished to send 1 packets.
Received 4 packets, got 1 answers, remaining 0 packets

ans[0]
(<Ether type=IPv4 |<IP frag=0 proto=tcp dst=192.168.178.1 |<TCP
dport=www |>>>, <Ether dst=00:0c:29:be:64:b0 src=00:24:fe:36:60:82
type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=44 id=0 flags=DF frag=0L
ttl=64 proto=tcp chksum=0x5538 src=192.168.178.1 dst=192.168.178.65
options=[] |<TCP sport=www dport=ftp_data seq=1298246651 ack=1
dataofs=6L reserved=0L flags=SA window=5840 chksum=0xa1f0 urgptr=0
options=[('MSS', 1460)] |<Padding load='\x01\x00' |>>>>)
type(ans[0])
<type 'tuple'>

wrpcap("testans0.pcap",ans[0])

tshark -r testans0.pcap
1 0.000000 192.168.178.65 -> 192.168.178.1 TCP ftp-data > http
[SYN] Seq=0 Win=8192 Len=0
2 0.064471 192.168.178.1 -> 192.168.178.65 TCP http > ftp-data
[SYN, ACK] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460

So basically it can handle some instances and classes like
'scapy.layers.l2.Ether', but not some other instances, tuples and
lists. I've looked through some documentation by Philippe and Dirk,
and where ever I saw "wrpcap" being explained, it was always in
relation to sniff().

I guess for what I want to do I'm going to have to start using something
like:
http://permalink.gmane.org/gmane.comp.security.scapy.general/4475

---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org


---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org

Loading...