是否有任何方法可以提取通过原始套接字解析的Scapy的原始负载?我可以通过指定ip [scapy.IP]和ip [scapy.TCP]提取TCP和IP标头,而不是原始负载。
当我尝试通过指定ip [raw.load]提取原始负载时,它给我一个错误,提示未找到图层原始。
This is an image of the raw load that I want to extract out
import sys
import socket
from scapy.all import *
#from scapy import all as scapy
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while 1:
packet = s.recvfrom(2000);
packet = packet[0]
ip = IP(packet)
print(ip.show())
#print(str(ip[IP]))
#print(ip[scapy.IP].src)
#print(ip[scapy.Raw].load)
我可以使用此代码在Scapy TCP标头中提取源端口号。
import sys
import socket
from scapy.all import *
#from scapy import all as scapy
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
while 1:
packet = s.recvfrom(2000);
packet = packet[0]
ip = IP(packet)
print(ip[TCP].sport)
答案 0 :(得分:1)
这是我的操作方式。注释代表您的代码。我还写了如何使用scapy的套接字(跨平台形式,例如SOCK_RAW在Windows上不起作用)来完成此操作
from scapy.all import *
# import socket
#s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s = conf.L3Socket(filter=“tcp”)
# The use of `filter=“tcp”` requires tcpdump.
# If you want to do it without it, you can also not set it and use `if TCP in packet:`
while True:
#packet = s.recvfrom(2000);
#packet = packet[0]
#packet = IP(packet)
packet = s.recv()
# You don’t have a Raw in every received packet !
if Raw in packet:
load = packet[Raw].load