Question

Scapy是一个Python程序，以下是一个RIP数据包，它是一个RIP路由条目。它具有多个路由条目。如何分别获取内部字段？

>>> rdpcap('./RIPv2.cap')
<RIPv2.cap: TCP:0 UDP:12 ICMP:0 Other:0>
>>> rip = rdpcap('./RIPv2.cap')
>>> rip = rip[-1]
>>> rip
<Ether  dst=01:00:5e:00:00:09 src=c2:01:17:23:00:00 type=0x800 |<IP  version=4 ihl=5 tos=0xc0 len=112 id=0 flags= frag=0 ttl=2 proto=udp chksum=0xcdb2 src=10.0.0.2 dst=224.0.0.9 |<UDP  sport=route dport=route len=92 chksum=0x75a9 |<RIP  cmd=resp version=2 null=0 |<RIPEntry  AF=IP RouteTag=0 addr=10.0.0.8 mask=255.255.255.252 nextHop=0.0.0.0 metric=1 |<RIPEntry  AF=IP RouteTag=0 addr=10.0.0.12 mask=255.255.255.252 nextHop=0.0.0.0 metric=2 |<RIPEntry  AF=IP RouteTag=0 addr=192.168.2.0 mask=255.255.255.0 nextHop=0.0.0.0 metric=1 |<RIPEntry  AF=IP RouteTag=0 addr=192.168.4.0 mask=255.255.255.0 nextHop=0.0.0.0 metric=2 |>>>>>>>>
>>> rip.getlayer(RIPEntry)
<RIPEntry  AF=IP RouteTag=0 addr=10.0.0.8 mask=255.255.255.252 nextHop=0.0.0.0 metric=1 |<RIPEntry  AF=IP RouteTag=0 addr=10.0.0.12 mask=255.255.255.252 nextHop=0.0.0.0 metric=2 |<RIPEntry  AF=IP RouteTag=0 addr=192.168.2.0 mask=255.255.255.0 nextHop=0.0.0.0 metric=1 |<RIPEntry  AF=IP RouteTag=0 addr=192.168.4.0 mask=255.255.255.0 nextHop=0.0.0.0 metric=2 |>>>>
>>> entry =rip.getlayer(RIPEntry)
>>> entry.fields
{'AF': 2, 'RouteTag': 0, 'addr': '10.0.0.8', 'mask': '255.255.255.252', 'nextHop': '0.0.0.0', 'metric': 1}

只能获取第一个路线条目的字段，如何获取其他？ Download RIP packet

Answer 1

您使用第二个参数：

>>> a = Ether()/IP()/ICMP(seq=0)/ICMP(seq=25)/ICMP(seq=3)
>>> a.getlayer(ICMP).seq                                
0
>>> a.getlayer(ICMP, 2).seq                             
25
>>> a.getlayer(ICMP, 3).seq                             
33

然后可以遍历各层：

>>> a = Ether()/IP()/ICMP(seq=0)/ICMP(seq=25)/ICMP(seq=3)
>>> current = a[ICMP]
>>> while current:
...:     print(current.seq)
...:     current = current.getlayer(ICMP, 2)  # Use 2 otherwise it would return itself

scapy中具有相同名称的图层如何分别获取值？

1 个答案: