使用 Scapy 模块 (python) 从 pcap 文件中获取特定包
[英]Getting a particular package from the pcap file using the Scapy module (python)
问题描述
Is there a way to load a particular package from the pcap file using Scapy?
有没有办法使用 Scapy 从 pcap 文件加载特定包?
I know that I can load a specific number of packages using the' sniff' function and count attribute, eg'我知道我可以使用“嗅探”功能和计数属性加载特定数量的包,例如“
sniff(offline='file.pcap', prn=action, count=31)
However, I need to get a 30th packet without loading the previous packets.但是,我需要在不加载前一个数据包的情况下获取第 30 个数据包。 In other words, I am not satisfied with such an example:换句话说,我对这样的例子并不满意:
packages = (pkt for pkt in sniff (offline=path, prn=action, count=31)
print(packages[30])
The attempt to load a millionth of a package is too long.尝试加载百万分之一的包太长了。
1 个解决方案
解决方案1
1 已采纳 2018-03-02 15:48:53
Each packet header states how long it is.每个数据包头都说明了它的长度。 Once the parser has read that header, it can calculate the position of the next one.一旦解析器读取了该标头,它就可以计算下一个标头的位置。 So as far as I know, you cannot open a pcap file and instantly locate packet 30;所以据我所知,你不能打开一个 pcap 文件并立即定位到数据包 30; you'll need to parse the headers of the first 29.您需要解析前 29 个的标题。
But you don't have to keep all packets in memory either, as long as you process them while receiving.但是您也不必将所有数据包都保存在内存中,只要您在接收时处理它们即可。
i = 0
for pkt in sniff(offline=path, prn=action):
if i == 30:
print pkt
break
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.