使用Python / Scapy从PCAP获取第二层
[英]Get second layer from PCAP with Python/Scapy
问题描述
I'm trying to read and enumerate a pcap file from Python but when doing so I only seem to be getting the layer 3 data even when the layer 2 data is present: 
我正在尝试从Python读取和枚举pcap文件,但是这样做的话,即使存在第二层数据,我似乎也只能获得第三层数据:
Here's my code: 这是我的代码:
import pprint
from scapy.all import *
target_cap = 'hello.pcap'
parser = PcapReader(root_dir + target_cap)
for i,p in enumerate(parser):
pkt = p.payload
pprint.pprint(pkt)
IE output: IE输出:
<IP version=4L ihl=5L tos=0x0 len=52 id=12220 flags=DF frag=0L ttl=128 proto=tcp chksum=0x453a src=192.168.2.100 dst=192.168.2.25 options=[] |<TCP sport=sddp dport=mbap seq=1584390497 ack=1497344211 dataofs=5L reserved=0L flags=PA window=65325 chksum=0xe356 urgptr=0 options=[] |<Raw load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>>
<IP version=4L ihl=5L tos=0x0 len=50 id=30949 flags= frag=0L ttl=64 proto=tcp chksum=0x7c13 src=192.168.2.25 dst=192.168.2.100 options=[] |<TCP sport=mbap dport=sddp seq=1497344211 ack=1584390509 dataofs=5L reserved=0L flags=PA window=4096 chksum=0xd17d urgptr=0 options=[] |<Raw load='\x00\x00\x00\x00\x00\x04\xff\x01\x01\x00' |>>>
<IP version=4L ihl=5L tos=0x0 len=40 id=12226 flags=DF frag=0L ttl=128 proto=tcp chksum=0x4540 src=192.168.2.100 dst=192.168.2.25 options=[] |<TCP sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5L reserved=0L flags=A window=65315 chksum=0xe267 urgptr=0 |>>
<IP version=4L ihl=5L tos=0x0 len=52 id=12240 flags=DF frag=0L ttl=128 proto=tcp chksum=0x4526 src=192.168.2.100 dst=192.168.2.25 options=[] |<TCP sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5L reserved=0L flags=PA window=65315 chksum=0xe34a urgptr=0 options=[] |<Raw load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>>
<IP version=4L ihl=5L tos=0x0 len=40 id=30972 flags= frag=0L ttl=64 proto=tcp chksum=0x7c06 src=192.168.2.25 dst=192.168.2.100 options=[] |<TCP sport=mbap dport=sddp seq=1497344221 ack=1584390521 dataofs=5L reserved=0L flags=A window=4096 chksum=0xd17f urgptr=0 |<Padding load='\x00\x00\x00\x00\x00\x00' |>>>
In this case I'm only interested in the layer 2 metadata, how can I fetch that instead? 在这种情况下,我只对第2层元数据感兴趣,我该如何获取呢?
1 个解决方案
解决方案1
1 已采纳 2015-06-04 13:27:31
Your code intentionally prints just the payload of the packet, and not the headers. 您的代码有意仅打印数据包的有效负载,而不打印标题。 This means that you print the N+1st layers each time. 这意味着您每次都打印第N + 1个图层。
Also, and unrelated to your problem, you don't need enumerate in your sample program. 另外,与您的问题无关,您无需在示例程序中enumerate 。
Try this instead: 尝试以下方法:
for p in parser:
pprint.pprint(p)
If you want to examine the packet data instead of merely printing it, that's easy, too: 如果您要检查数据包数据而不仅仅是打印数据,那也很容易:
# Sample code to print IP/MAC relationships:
for p in parser:
if Ether in p and IP in p:
print p[Ether].dst, p[IP].dst
print p[Ether].src, p[IP].src
Reference: http://www.secdev.org/projects/scapy/doc/index.html 参考: http : //www.secdev.org/projects/scapy/doc/index.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.