有什么方法可以提取通过原始套接字解析的 Scapy 原始负载吗?我可以通过指定 ip[scapy.IP] 和 ip[scapy.TCP] 来提取 TCP 和 IP 标头,但不能指定原始负载。
当我尝试通过指定 ip[raw.load] 提取原始负载时,它给我一个错误,指出未找到原始图层。
import sys
import socket
from scapy.all import *
#from scapy import all as scapy
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while 1:
packet = s.recvfrom(2000);
packet = packet[0]
ip = IP(packet)
print(ip.show())
#print(str(ip[IP]))
#print(ip[scapy.IP].src)
#print(ip[scapy.Raw].load)
我可以使用此代码提取 Scapy TCP 标头中的源端口号。
import sys
import socket
from scapy.all import *
#from scapy import all as scapy
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while 1:
packet = s.recvfrom(2000);
packet = packet[0]
ip = IP(packet)
print(ip[TCP].sport)
Here\xe2\x80\x99s 我是如何做到的。注释代表您的代码。I\xe2\x80\x99ve 还写了如何使用 scapy\xe2\x80\x99s 套接字完成它(跨平台,因为 SOCK_RAW 不\xe2\x80\x99t 在 Windows 上工作)
\nfrom scapy.all import *\n# import socket\n\n#s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)\ns = conf.L3Socket(filter=\xe2\x80\x9ctcp\xe2\x80\x9d)\n\n# The use of `filter=\xe2\x80\x9ctcp\xe2\x80\x9d` requires libpcap.\n# If you want to do it without it, you can also not set it and use `if TCP in packet:`\n\n\nwhile True:\n #packet = s.recvfrom(2000);\n #packet = packet[0]\n #packet = IP(packet)\n packet = s.recv()\n\n # You don\xe2\x80\x99t have a Raw in every received packet !\n if Raw in packet:\n load = packet[Raw].load\n