使用python数据包解析/嗅探工具Scapy,我想从原始字节串创建一个数据包.虽然我的具体用例的细节更加真实,但以下示例说明了我的问题以及我目前的尝试:
# Get an example packet (we won't really have an offline file in production.)
pkt = sniff(offline="./example_packets/example_packets2.pcap")
# Convert it to raw bytes -- oddly __str__ does this.
raw_packet = str(pkt)
# Current, broken, attempt to construct a new packet from the same bytes as the old.
# In truth, there are easier ways to copy packets from existing Scapy packets, but
# we are really just using that offline packet as a convenient example.
new_packet = Packet(_pkt=raw_packet)
# Sadly, while this packet has the bytes internally, it no longer has the
# interpretations of the layers like the original packet did (such as saying that
# the packet is ARP and has these field values, etc.
print repr(new_packet)
如何new_packet从原始字节生成一个看起来与从pcap文件中嗅探的原始字节相同?
Pie*_*rre 12
Scapy无法猜测数据包的第一层,因此您需要指定它.
您可以使用适当的Packet子类来完成此操作.例如,假设您的数据包的第一层是以太网,Ether(raw_packet)而不是使用Packet(raw_packet).
| 归档时间: |
|
| 查看次数: |
12950 次 |
| 最近记录: |