Scapy 和 rdpcap 函数 [英] Scapy and rdpcap function

问题描述

我正在使用 Scapy 的 rdpcap 函数来读取 PCAP 文件.我还使用 链接到 Scapy 中的 HTTP 支持中描述的模块 在我的情况下是需要的，因为我必须检索所有 HTTP 请求和响应及其相关数据包.

I'm using rdpcap function of Scapy to read a PCAP file. I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets.

我注意到 rdpcap 函数解析大型 PCAP 文件需要花费太多时间来读取它.

I noticed that parsing a large PCAP file the rdpcap function takes too much time to read it.

有没有办法更快地读取 pcap 文件?

Is there a solution to read a pcap file faster?

推荐答案

Scapy 有另一种方法 sniff，你也可以用它来读取 pcap 文件:

Scapy has another method sniff which you can use to read the pcap files too:

def method_filter_HTTP(pkt):
    #Your processing

sniff(offline="your_file.pcap",prn=method_filter_HTTP,store=0)

rdpcap 将整个 pcap 文件加载到内存中.因此它使用了大量内存，正如你所说的它很慢.sniff 一次读取一个数据包并将其传递给提供的 prn 函数.store=0 参数确保数据包在处理后立即从内存中删除.

rdpcap loads the entire pcap file to the memory. Hence it uses a lot of memory and as you said its slow. While sniff reads one packet at a time and passes it to the provided prn function. That store=0 parameter ensures that the packet is deleted from memory as soon as it is processed.

这篇关于Scapy 和 rdpcap 函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！