使用 Scapy 提取 TCP 数据

Question

使用 Scapy 提取 TCP 数据

flo*_*mia 3 python scapy wireshark nonetype

我目前正在尝试使用 Scapy 提取 TCP 数据包的有效负载（只是一个字母），但在处理前两个数据包后，它一直给我一个 NoneType 异常。

from scapy.all import *
import base64

capture = rdpcap('Data.pcapng') # pcap file

output = open('output.bin','wb') # save dumped data to output.bin

for packet in capture:
    # if packet is ICMP and type is 8 (echo request)
    if packet[TCP].src == '172.16.139.128': 
        output.write(packet[TCP].payload) # write packet data to output.bin

Run Code Online (Sandbox Code Playgroud)

例外情况：

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 372, in __getattr__
    fld, v = self.getfield_and_val(attr)
TypeError: cannot unpack non-iterable NoneType object

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "exploit.py", line 10, in <module>
    if packet[TCP].src == '172.16.139.128': 
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 374, in __getattr__
    return self.payload.__getattr__(attr)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 372, in __getattr__
    fld, v = self.getfield_and_val(attr)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/scapy/packet.py", line 1600, in getfield_and_val
    raise AttributeError(attr)
AttributeError: src

Run Code Online (Sandbox Code Playgroud)

有谁知道这是什么原因造成的？应该会输出更多。

Answer 1

qou*_*ify 7

IP 源地址位于 IP 标头中，而不是 TCP 中。因此，出现错误。因此，如果您想检查数据包是否来自172.16.139.128TCP 负载并具有 TCP 有效负载，则适当的测试将是：

if IP in packet and packet[IP].src == '172.16.139.128' and TCP in packet:
   output.write(packet[TCP].payload)

Run Code Online (Sandbox Code Playgroud)

归档时间：	4 年，11 月前
查看次数：	9050 次
最近记录：	1 年，10 月前