如何从原始字节创建Scapy数据包
[英]How to create a Scapy packet from raw bytes
问题描述
Using the python packet parsing/sniffing tool Scapy, I would like to create a packet from a raw byte-string. 
使用python数据包解析/嗅探工具Scapy,我想从原始字节串创建一个数据包。 While the details of my specific use-case are more realistic, the following example illustrates my problem and my present attempt: 虽然我的具体用例的细节更加真实,但以下示例说明了我的问题以及我目前的尝试:
# Get an example packet (we won't really have an offline file in production.)
pkt = sniff(offline="./example_packets/example_packets2.pcap")
# Convert it to raw bytes -- oddly __str__ does this.
raw_packet = str(pkt)
# Current, broken, attempt to construct a new packet from the same bytes as the old.
# In truth, there are easier ways to copy packets from existing Scapy packets, but
# we are really just using that offline packet as a convenient example.
new_packet = Packet(_pkt=raw_packet)
# Sadly, while this packet has the bytes internally, it no longer has the
# interpretations of the layers like the original packet did (such as saying that
# the packet is ARP and has these field values, etc.
print repr(new_packet)
How can I produce a new_packet from raw bytes that will look the same as if it were sniffed from a pcap file? 如何从原始字节生成一个new_packet ,它看起来和从pcap文件中嗅探一样?
1 个解决方案
解决方案1
12 已采纳 2014-12-03 07:14:23
There is no way for Scapy to guess the first layer of your packet, so you need to specify it. Scapy无法猜测数据包的第一层,因此您需要指定它。
You can do so by using the appropriate Packet subclass. 您可以使用适当的Packet子类来完成此操作。 For example, say your packet's first layer is Ethernet, use Ether(raw_packet) instead of Packet(raw_packet) . 例如,假设您的数据包的第一层是以太网,请使用Ether(raw_packet)而不是Packet(raw_packet) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.