我能够使用.pcap从pyshark文件中读取数据包。这是我的代码:
import pyshark
cap = pyshark.FileCapture(pcap_dir) # pcap_dir is the directory of my pcap file
print(cap[0]) # Print a packet
print(cap[0]['IP'].src) # Print some header value
现在,我需要将此数据包发送到某个接口(例如eth0)。我尝试了以下操作:
from socket import socket, AF_PACKET, SOCK_RAW
sock = socket(AF_PACKET, SOCK_RAW)
sock.bind(('eth0', 0))
sock.send(cap[0])
但是我得到了错误:
sock.send(cap[0])
TypeError: a bytes-like object is required, not 'Packet'
有人可以帮忙吗?
答案 0 :(得分:0)
我能够解决我的问题。这是解释:
use_json=True和include_raw=True来获取原始数据包数据。print(cap[0])打印第一个数据包,则应看到一个名为FRAME_RAW的图层。这是包含整个数据包原始数据的层。代码:
import pyshark
from socket import socket, AF_PACKET, SOCK_RAW
cap = pyshark.FileCapture(
input_file=pcap_dir, # pcap_dir the pcap file directory
use_json=True,
include_raw=True
)._packets_from_tshark_sync()
sock = socket(AF_PACKET, SOCK_RAW)
sock.bind(('YOUR_NETWORK_INTERFACE_NAME', 0))
sock.send(bytearray.fromhex(cap.__next__().frame_raw.value)) # 1st packet in the pcap file
sock.send(bytearray.fromhex(cap.__next__().frame_raw.value)) # 2nd packet in the pcap file
# And so on until the end of the file ...