Scapy:嗅探自制层
[英]Scapy: Sniffing for self made layers
问题描述
Let's say I have created an own layer in scapy like 
假设我已经在scapy中创建了一个自己的图层
class MyProtocol(Packet):
name = "MyProtocol"
fields_desc = [ IntField("layerLength", 8), # always the same
ShortField("numberA", 4),
ShortField("numberB", 2),
IntField("numberC", 2) ]
If I had two devices, one sending packets containing this self made layer on top and another one sniffing network traffic - how could the second device detect whether one of the sniffed packets contains this special layer or not? 如果我有两个设备,一个发送包含此自制层的数据包在顶部,另一个发送嗅探网络流量 - 第二个设备如何检测其中一个嗅探数据包是否包含此特殊层? Scapy already recognizes a lot of layers, but how do I make it recognize my own self made layer? Scapy已经识别出很多层,但是如何让它识别出我自己制作的层呢?
I know that i can simply take the Raw part of every packet, dissect it on byte level and, for example, check if the "layerLength" field really contains the total length of the layer, or add some special unique field, but that seems too complicated, because Scapy already knows some layers. 我知道我可以简单地获取每个数据包的Raw部分,在字节级别上剖析它,例如,检查“layerLength”字段是否真的包含图层的总长度,或者添加一些特殊的唯一字段,但似乎太复杂了,因为Scapy已经知道了一些层次。 So is there a way to make Scapy recognize a certain layer? 那么有没有办法让Scapy识别出某一层?
1 个解决方案
解决方案1
3 已采纳 2015-07-20 19:20:25
Scapy uses what is called layer binding to indicate when specific packet dissector shall be applied. Scapy使用所谓的层绑定来指示何时应用特定的数据包解析器。 You can see in scapy source code examples in each layer module. 您可以在每个图层模块中看到scapy源代码示例。
Eg If you use your protocol over TCP port 2222, you can add following line to your module: 例如,如果您通过TCP端口2222使用协议,则可以在模块中添加以下行:
bind_layers( TCP, MyProtocol, dport=2222)
Scapy will attempt to use MyProtocol to dissect the TCP payload as MyProtocol. Scapy将尝试使用MyProtocol将TCP有效负载解析为MyProtocol。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.