Ray*_*yne 3 dns scapy payload python-2.7
packet[TCP].payload.load我正在尝试使用和从 pcap 文件中提取所有 UDP 和 TCP 有效负载packet[UDP].payload.load。但是,我注意到packet[UDP].payload.loadDNS 数据包失败了。
输出packet[IP].show()如下(一个DNS查询和响应数据包)。我没有看到任何[ Raw ]部分,我猜这是.load失败的地方。如何在此类数据包的 UDP 层之后提取以字节为单位的有效负载?
====================================================
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 64
id = 59183
flags =
frag = 0
ttl = 128
proto = udp
chksum = 0x0
src = 172.22.32.48
dst = 203.211.152.66
\options \
###[ UDP ]###
sport = 55884
dport = domain
len = 44
chksum = 0x309a
###[ DNS ]###
id = 40212
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
<snipped>
None
====================================================
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 155
id = 38148
flags =
frag = 0
ttl = 58
proto = udp
chksum = 0xbaf1
src = 203.211.152.66
dst = 172.22.32.48
\options \
###[ UDP ]###
sport = domain
dport = 55884
len = 135
chksum = 0x51d9
###[ DNS ]###
id = 40212
qr = 1
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 1
<snipped>
None
Scapy 将 DNS 层剖析成有意义的东西。如果您想要原始字节,您可以调用bytes()层来取回它们。
例如:
bytes(packet[TCP].payload)
| 归档时间: |
|
| 查看次数: |
11379 次 |
| 最近记录: |