# In this lab, we will learn to use the python packet manipulation library Scapy to modify Ethernet frames.

Scapy (https://scapy.net/) is a python library that enables manipulating packets.  Recall that network communication is more than just the ability to send 1s and 0s. We need structure so that both sides of the communication can understand each other.  In Ethernet, this structure was: 

\[ dst \]\[ src \]\[ type \]\[ payload \]\[ FCS \]

This naturally can translate to a data structure in a programming language like Python.  With Scapy, you can read packets from a file, read live traffic from the network interface, or generate packets from scratch.  

For a full tutorial, you can visit the scapy website.  Here, we'll go through just enough to complete this lab.

Useful cheat sheet for scapy:
https://wiki.sans.blue/Tools/pdfs/ScapyCheatSheet_v0.2.pdf


This lab, as typical for Jupyter notebooks, contains multiple cells which you can execute one at a time and then see the result of each cell's execution.  The execution state is shared across cells so the results of one cell can be seen by a subsequent cell.

Execute each cell below, in sequence, to see how you can interact with Scapy.  Then provide your own implementation for the cell containing '# your code here' to complete this lab.  You will be graded on the result of that implementation.

In [None]:
#We need to import the scapy library, in this case everything (*)
from scapy.all import *

#Read in a trace of packets from a file
pkts = rdpcap("intro-wireshark-trace1.pcap")

The pkts variable is now an array of the Packet data structure which was populated in the operation above from reading the pcap file. 

In [None]:
pkt = pkts[1]

# Do checks on what types are in the packet
eth = Ether in pkt
print(eth)

# You can get the name of the layers in the packet (requesting a specific one)
layer = pkt.getlayer(0)
print(layer)

# or, there's a variable within the pkt structure indicating the name of the type
exp = pkt.name
print (exp)

# You can list all the available protocols - won't, since it's large
#ls()

# Or list the fields in a particular layer
ls(Ether)

In [None]:
# Dump the packet contents in hex
hexdump(pkt)

In [None]:
# Dump the packet in a nice format
pkt.show()

In [None]:
# You can manipulate the packet through fields

pkt.dst = "11:22:33:44:55:66"

pkt.show()

Your task for the graded portion of this lab is to iterate (loop) over all the packets loaded into the pkts array from the first cell and for each packet, ONLY if it includes Ether, change its source address to 11:11:11:11:11:11 and its destination address to 22:22:22:22:22:22. Do not add to or remove packets from the array.

In [None]:
# your code here
for pkt in pkts:
    if Ether in pkt:
        assert pkt[Ether].src == "11:11:11:11:11:11", f"Source MAC not updated: {pkt[Ether].src}"
        assert pkt[Ether].dst == "22:22:22:22:22:22", f"Destination MAC not updated: {pkt[Ether].dst}"



In [None]:
"""This cell contains hidden tests that will be executed by the autograder.
You do not need to modify or execute this cell yourself.
Submit the assignment to generate your grade.
If you didn't get 100%, review the task description for the cell above and check that your implementation is correct.
"""

