在使用scapy时,如何从一个包中读取整个ip层和tcp层?

2024-09-29 21:21:45 发布

您现在位置:Python中文网/ 问答频道 /正文
7246 3

我正在用scapy接收ICMP Destination unreachable(Fragmentation needed ICMP TYPE=3 CODE=4)消息时进行TCP重新传输行为测试。在

测试流程如下:
1建立到服务器的TCP连接
2在建立TCP时向服务器发送HTTP GET请求
三。当HTTP响应返回时
4向设置了s小MTU的服务器发送ICMP类型3代码4消息

问题是ICMP TYPE=3 CODE=4消息包括该HTTP响应包的IP报头和部分TCP报头(srt、dst和seq number)。目前,我只是从HTTP响应包中读取每个参数(如IP标识、frag标签、ttl等等)。问题是:有什么方法可以从该数据包中读取整个IP和TCP报头:

ICMP(TYPE=3 CODE=4)/IP Header/TCP Header


Tags: iphttp消息typecodedestinationscapytcp
2条回答
网友
1楼 · 编辑于 2024-09-29 21:21:45

我将packet对象转换为dict对象,以使我的解析更容易。 代码:

from scapy.all import *
from cStringIO import StringIO
import sys
class Capturing(list):
        """
        This class will capture sys.out.
        More info:
        http://stackoverflow.com/questions/16571150/how-to-capture-stdout-output-from-a-python-function-call
        """
    def __enter__(self):
        self._stdout = sys.stdout
        sys.stdout = self._stringio = StringIO()
        return self
    def __exit__(self, *args):
        self.extend(self._stringio.getvalue().splitlines())
        del self._stringio    # free up some memory
        sys.stdout = self._stdout
class PacketDict(dict):
        """
        This class will convert packet into a dict by using the result of packet.show2(). Furthermore the original
        packet will be also saved as attribute '.packet'.
        More class functions could be added, currently only support 'haslayer()'.
        Scapy version: scapy-2.3.3
        """
    def __init__(self, pkt):
        self.packet = pkt
        self.__packet_to_dict()
    def __extract_key(self, line):
        a = line.lstrip("###[ ").rstrip(" ]### ")
        return a
    def __extract_value_to_dict(self, line):
        if line.find("=") > -1:
            b = line.replace(" ","")
            a = b.split("=")
            return {a[0]: a[1]}
        return {line.replace(" ",""): None}
    def __packet_to_dict(self):
        with Capturing() as packet_in_list:
            self.packet.show2()
        current_dict = self
        for line in packet_in_list:
            if line.strip() != "":
                line = line.replace("|","")
                if line.find('###[') > -1:
                    key = self.__extract_key(line)
                    current_dict[key] = {}
                    current_dict = current_dict[key]
                    continue
                current_dict.update(self.__extract_value_to_dict(line))
    def haslayer(self, pkt_cls):
        return self.packet.haslayer(pkt_cls)

if __name__ == "__main__":
    packet_list = rdpcap("/media/sf_ubshare/pcap/test.pcap")
    for packet in packet_list:
        a = PacketDict(packet)
        print a['Ethernet']['IP']['ihl']
        print a.haslayer('ISAKMP')

输出:

^{pr2}$

字典看起来像:

{
  "Ethernet": {
    "src": "5e:22:73:12:50:02", 
    "dst": "6e:30:96:e3:a0:6c", 
    "type": "0x800", 
    "IP": {
      "frag": "0L", 
      "src": "1.0.3.0", 
      "UDP": {
        "dport": "isakmp", 
        "ISAKMP": {
          "resp_cookie": "'\\xb5A\\x06\\xef\\x126~\\x95'", 
          "exch_type": "identityprot.", 
          "length": "204", 
          "version": "0x10", 
          "flags": "", 
          "init_cookie": "'2\\x12\\xbda\\xee\\xa8\\xba\\xa6'", 
          "ISAKMP SA": {
            "IKE proposal": {
              "SPI": "''", 
              "length": "44", 
              "IKE Transform": {
                "length": "36", 
                "num": "0", 
                "transforms": "[('Encryption','AES-CBC'),('KeyLength',256),('Hash','SHA'),('Authentication','PSK'),('GroupDesc','1024MODPgr'),('LifeType','Seconds'),('LifeDuration',43200)]", 
                "ISAKMP Vendor ID": {......
网友
2楼 · 编辑于 2024-09-29 21:21:45

希望以下内容能有所帮助:

>>> pkt = ICMP()/IP()/TCP()
>>> ipHeader = pkt.getlayer(IP) 
>>> ipHeader
<IP  frag=0 proto=tcp |<TCP  |>>
>>>

要仅检索IP标头:

^{pr2}$

相关问题 更多 >

    编程相关推荐

    热门问题