如何从txt文件中提取数据包?

2024-09-29 01:28:52 发布

您现在位置:Python中文网/ 问答频道 /正文
7127 3

我有一个trace.txt文件,它由数据包组成,我想从中提取每个数据包。 文件如下:

IP (tos 0x0, ttl 64, id 42387, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 255.255.255.255.17500: UDP, length 336
IP (tos 0x0, ttl 64, id 35677, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 10.30.31.255.17500: UDP, length 336
IP (tos 0x0, ttl 128, id 28996, offset 0, flags [none], proto UDP (17), length 78)
    10.30.12.151.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 128, id 10723, offset 0, flags [none], proto UDP (17), length 78)
    10.30.11.184.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 1, id 16034, offset 0, flags [none], proto UDP (17), length 50)
    10.30.17.171.53709 > 224.0.0.252.5355: UDP, length 22
IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50558 > 10.30.15.255.8612: UDP, length 16
IP (tos 0x0, ttl 1, id 17167, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50183 > 224.0.0.1.8612: UDP, length 16
.
.
.

如果是SYN或ACK数据包,如何对其进行分类?我如何确定一个包是否属于网站的IP地址


Tags: 文件ipnoneidpacketquery数据包length
1条回答
网友
1楼 · 发布于 2024-09-29 01:28:52

简言之,你需要

  1. 打开文件
  2. 将文本拆分为数据包
  3. 使用python的in检查所需字符串是否在数据包中

在本例中,我们将搜索字符串SYN、ACK和google IP

import re

def get_packets(filename):
    with open(filename) as f:
        text = f.read()

    # Based on the sample file, packet continuations are over multiple lines
    # So split packets based on starting with a newline and then non-space char
    text_packets = re.findall(r'\n\S[\s\S]*(?=\n\S)', text)
    print("Packets found are", text_packets)

def find_info(text_packets):
    # Keep track of the ith packet to print that number
    ith = 1
    # Let's use one of google's IP for the example
    google_ip = "172.217.1.142" 

    for tp in text_packets:
        if "SYN" in tp:
            print(ith, "packet contains SYN")
        if "ACK" in tp:
            print(ith, "packet contains ACK")
        if google_ip in tp:
            print("Traffic to google found")
        ith += 1

def main():
    text_packets = get_packets("temp")
    find_info(text_packets)

相关问题 更多 >

    编程相关推荐