Scapy 和 rdpcap 函数 [英] Scapy and rdpcap function
问题描述
我正在使用 Scapy 的 rdpcap
函数来读取 PCAP 文件.我还使用 链接到 Scapy 中的 HTTP 支持中描述的模块 在我的情况下是需要的,因为我必须检索所有 HTTP 请求和响应及其相关数据包.
I'm using rdpcap
function of Scapy to read a PCAP file.
I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets.
我注意到 rdpcap
函数解析大型 PCAP 文件需要花费太多时间来读取它.
I noticed that parsing a large PCAP file the rdpcap
function takes too much time to read it.
有没有办法更快地读取 pcap
文件?
Is there a solution to read a pcap
file faster?
推荐答案
Scapy 有另一种方法 sniff
,你也可以用它来读取 pcap 文件:
Scapy has another method sniff
which you can use to read the pcap files too:
def method_filter_HTTP(pkt):
#Your processing
sniff(offline="your_file.pcap",prn=method_filter_HTTP,store=0)
rdpcap
将整个 pcap 文件加载到内存中.因此它使用了大量内存,正如你所说的它很慢.sniff
一次读取一个数据包并将其传递给提供的 prn
函数.store=0
参数确保数据包在处理后立即从内存中删除.
rdpcap
loads the entire pcap file to the memory. Hence it uses a lot of memory and as you said its slow. While sniff
reads one packet at a time and passes it to the provided prn
function. That store=0
parameter ensures that the packet is deleted from memory as soon as it is processed.
这篇关于Scapy 和 rdpcap 函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!