Scapy:如何获取完整的 IP 数据包标头?
[英]Scapy: how do I get the full IP packet header?
问题描述
In Scapy, I want to manually match packets with their corresponding ICMP time-exceeded messages.
在 Scapy 中,我想手动将数据包与其相应的 ICMP 超时消息匹配。
I need to match:我需要匹配:
- IP-in-ICMP field of ICMP packet ICMP数据包的IP-in-ICMP字段
IP header and first 8 bytes of my data packet The ICMP packet isn't a problem:
IP 标头和我的数据包的前 8 个字节 ICMP 数据包没有问题:icmpPayload = str(icmpPacket[ICMP].payload)
icmpPayload = str(icmpPacket[ICMP].payload)
As for the first 8 bytes of the data packet, I just need to do:至于数据包的前 8 个字节,我只需要这样做:
str(myPacket[IP].payload)[:8]
I don't know how to get only the IP header of myPacket .我不知道如何只获取myPacket的 IP 标头。 All I do now is replace the payload in the whole packet with its first 8 bytes.我现在要做的就是用前 8 个字节替换整个数据包中的有效负载。 This search and replace, if applied to thousands of packets, might take too long, I'm afraid:这种搜索和替换,如果应用于数千个数据包,恐怕会花费太长时间:
strOfMyPacket = str(myPacket[IP])
strOfMyPacket.replace(str(myPacket[IP].payload),str(myPacket[IP].payload)[:8],1)
Any faster way that will let me do simply the following?任何更快的方法可以让我简单地执行以下操作?
partOfPayload = str(myPacket[IP].payload)[:8]
fullHeader = _______
stringToCompare = fullHeader + partOfPayload
3 个解决方案
解决方案1
6 已采纳 2012-08-24 14:50:08
str(myPacket)[:(myPacket[IP].ihl * 4)]
The IP header length is in the field ihl (Internet Header Length). IP 标头长度位于ihl (Internet 标头长度)字段中。 It is represented as the number of 32bit words the header uses.它表示为标头使用的 32 位字数。 (it is variable because of the 'options' section of the header). (由于标题的“选项”部分,它是可变的)。 So, if we multiply that field by 32 and then divide by 8 (or * 4) we get the number of bytes the header fills, whether is has options or not.因此,如果我们将该字段乘以 32,然后除以 8(或 * 4),我们将得到报头填充的字节数,无论是否有选项。
I am surprised there is no method (that i could find) to return JUST the IP header without the lower layers.我很惊讶没有方法(我能找到)在没有较低层的情况下仅返回 IP 标头。
http://en.wikipedia.org/wiki/IPv4_header#Header http://en.wikipedia.org/wiki/IPv4_header#Header
解决方案2
5 2015-02-08 07:17:34
In case someone else bumps into this question, I think you may be able to use remove_payload() function of class Packet(inherited by IP).如果其他人遇到这个问题,我认为您可以使用类 Packet(由 IP 继承)的 remove_payload() 函数。 This should just leave the header.这应该只留下标题。 I am new to scapy but it looks like it works when i tried it on the interpreter.我是 scapy 的新手,但是当我在解释器上尝试它时,它看起来很有效。
>>> ip = IP(dst='10.0.0.1', src='10.0.0.14', ttl=255)/ICMP()
>>> hexdump(ip)
0000 45 00 00 1C 00 01 00 00 FF 01 A7 D1 0A 00 00 0E E...............
0010 0A 00 00 01 **08 00 F7 FF 00 00 00 00** ............
>>> ip.remove_payload()
>>> hexdump(ip)
0000 45 00 00 14 00 01 00 00 FF 00 A7 DA 0A 00 00 0E E...............
0010 0A 00 00 01 ....
>>>
解决方案3
0 2022-05-21 01:38:54
by :经过 :
hex_string = linehexdump(paket,onlyhex=1,dump=True)
tokens = hex_string.split(' ')
hex = ''.join(tokens[20:24])
, we can get the hex string and parse it manually. ,我们可以获取十六进制字符串并手动解析它。 In my case, I have patched 4 bytes of data to the options field on the switch.就我而言,我已将 4 个字节的数据修补到交换机上的选项字段中。 I knew that it was in bytes 20 to 24. After parsing we can get the value.我知道它在字节 20 到 24 中。解析后我们可以得到值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.