我想使用scapy从我拥有的pcap文件中解析我的GTP数据包。我能够使用scapy来解析普通的UDP / TCP数据包。例如,如果我的数据包是udppacket,那么
udppacket[3]
显示了udp数据包的数据部分。对于GTP数据包,它在udp层之后有更多层,数据在最后一层内。所以如果我的gtp包是gtppacket,那么
gtppacket[4]
给我一个错误,说IndexError:找不到第4层。实际上,如果我使用
gtppacket[3]
然后我可以看到数据以及其他图层中的其他信息。那么有什么方法让我遍历gtppacket的第3层,只访问我感兴趣的部分。我需要从第3层提取的数据总是位于常量偏移之后。以下是hexdump的输出(gtppacket [3])。
0000 30 FF 00 B6 F8 8E EA 50 45 00 00 B6 04 D2 40 00 0......PE.....@.
0010 7E 11 6D F1 C0 A8 05 02 C0 A8 03 21 22 B8 15 B3 ~.m........!"...
0020 00 A2 3C C2 00 00 00 09 00 00 00 00 00 00 00 00 ..<.............
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
从09开始的数据是我真正想要提取的。我对其他数据不感兴趣。另一个想法是将此输出保存为字符数组,然后使用正确的偏移量进行访问。但我不知道是否有更好的想法来提取我想要的东西。
答案 0 :(得分:0)
Scapy支持gtp库。 嘿,你可以使用scapy gtp库来做这些事情。 您将hexstring复制到这样的变量中 一个= '30FF00B6F88EEA50450000B604D240007E116DF1C0A80502C0A8032122B815B300A23CC200000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
来自scapy.layers.gtp import *
GTPHeader(a)中 Out [8]:&gt;&gt;