在 scapy 中使用方括号作为数据包头
[英]Using square brackets for packet header in scapy
问题描述
I have a question related to the data we get when use square brackets in scapy.
我有一个与在 scapy 中使用方括号时获得的数据有关的问题。
Reference code:参考代码:
#!/usr/bin/python3
from scapy.all import *
def spoof_pkt(pkt):
a = pkt[IP]
pkt = sniff(filter='tcp',prn=spoof_pkt)
The above code tries to sniff tcp packet.上面的代码尝试嗅探 tcp 数据包。 My question is that when I use a syntax like pkt[IP] in scapy, do I get just the IP header, or do I get the entire packet starting from the IP header ?我的问题是,当我在 scapy 中使用像pkt[IP]这样的语法时,我是只得到 IP 标头,还是从 IP 标头开始获取整个数据包?
1 个解决方案
解决方案1
1 已采纳 2020-01-27 14:46:38
You will get the entire packet including and following the IP header:您将获得包含和跟随 IP 标头的整个数据包:
>>> a = Ether()/IP()/ICMP()
>>> a[IP]
<IP frag=0 proto=icmp |<ICMP |>>
If you wanted only the IP layer, you would have to remove its payload:如果您只想要 IP 层,则必须删除其有效负载:
>>> c = a.copy()[IP]
>>> c.remove_payload()
>>> c
<IP |>
Note that a packet and all its sub fields are mutable请注意,数据包及其所有子字段都是可变的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.