从pypcapfile中的TCP标头获取ByteArray

时间:2017-03-03 01:01:27

标签: python tcp pcap

我想在不使用PCAPLib自己的数据结构的情况下单独解析TCP数据包。出于这个原因,我需要得到TCP标头的bytearray。

from pcapfile import savefile

capfile = open('delta_capture.pcap')
sf = savefile.load_savefile(capfile)

for packet in sf.packets:
    print packet.timestamp
    print packet.packet
    print packet.header # Returns a library object, I need the bytearray instead, as I want to use my own data structure and parse.

capfile.close()

我尝试调试和检查对象结构,但是看不到任何在TCP标头中存储实际字节的对象。

变量"数据包"的调试器结果的屏幕截图:

Screenshot for debugger result for the variable "packet"

甚至可以在这个库中这样做吗?

1 个答案:

答案 0 :(得分:0)

标题的bytearray无法直接访问。解析标头中的各个字段,并且整个数据包可用:

for packet in sf.packets:
    print(packet.timestamp)
    print(packet.packet)

    # show header fields
    print(packet.header.contents.magic)          # file magic number
    print(packet.header.contents.major)          # major version number
    print(packet.header.contents.minor)          # minor version number
    print(packet.header.contents.tz_off)         # timezone offset
    print(packet.header.contents.ts_acc)         # timestamp accuracy
    print(packet.header.contents.snaplen)        # snapshot length
    print(packet.header.contents.ll_type)        # link layer header type
    print(packet.header.contents.byteorder)      # byte order specifier
    print(packet.header.contents.ns_resolution)  # nanosecond resolution

    # show entire packet
    print(packet.raw())
相关问题
最新问题