scapy数据包操作和原始pkt.time [英] scapy packet manipulation and original pkt.time

问题描述

我有python代码，可以将数据存储到数据库中(IP src和dst，端口等). 我用于一些统计. 在某些数据包上，我正在进行一些操作(更改dst端口)，然后将其发送回接口.

I have python, scapy peace of code that store my data into database (IP src and dst, ports, ..) which i use for some statistics. On some packets i am doing some manipulation (changing dst port) and then send them back out on interface.

问题是我处理的这个数据包与原始数据包具有不同的pkt.time值 如果我将这些数据包存储到数据库中，它们的数据包时间将与原始时间不同.

Problem is that this packet i was manipulating with have different pkt.time value than original one and if I store those packets into database they have different packet time then they have originally.

在创建UDP数据包中是否有放置原始pkt.time值的选项? 使用此选项，数据包处理延迟不会导致我的数据包混乱.

Is there and option within creating UDP packet to put original pkt.time value? With this option packet manipulation delay would not cause disorder with my packets.

欢迎任何帮助

下面是我的操作脚本

#!/usr/bin/env python

from scapy.all import *

# VARIABLES
interface = 'eth1'
filter_bpf = "port 8000"

def pkt_change(pkt):
    if pkt.haslayer(UDP):
        # --> pkt.time is packet time
        ts = pkt.time
        src  = pkt[IP].src
        dst = pkt[IP].dst
        sport = pkt[IP].sport
        dport = pkt[IP].dport
        msg = pkt[IP].load

        #### Spoof Response
        changed_pkt = Ether()/IP(dst=dst, src=src)/UDP(dport=8000, sport=sport)/msg

        sendp(changed_pkt, iface="eth1") 
        print 'Sent:', changed_pkt.summary()

# ------------------------------------------------
# start sniffing
print "Start Sniffing"
sniff(iface=interface, filter=filter_bpf, store=0, prn=pkt_change)

推荐答案

创建changed_pkt后，您可以按如下所示简单地设置其time属性:

After creating changed_pkt, you can simply set its time attribute as follows:

changed_pkt.time = ts

请注意，即使在更改了数据包的时间戳并将其发送后，更新的时间戳也不会反映在另一端的接收数据包中，因为时间戳是在接收数据包时在接收机中设置的，如此处.

Note that even after changing the packet's timestamp and sending it, the updated timestamp won't be reflected in the received packet on the other end since the timestamp is set in the receiving machine as the packet is received, as described here.

如果您有兴趣将数据包传输到远程计算机，同时保留其时间戳，请考虑将经过处理的数据包存储在pcap文件中，然后将该文件发送到另一台计算机上.

If you're interested in transmitting the packets to a remote machine, while keeping their timestamp, consider storing the manipulated packets in a pcap file and sending that file over to the other machine.

这篇关于scapy数据包操作和原始pkt.time的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！