使用 python/scapy 遍历 pcap 文件包以获得数据包 [英] iterate through pcap file packet for packet using python/scapy
问题描述
我想使用 python/scapy 遍历 pcap 文件包以获取数据包.该文件有多个协议.当前迭代是特定于协议的,因此如果下一个数据包来自另一个协议,则迭代进行跳转".我不知道为什么现在会这样.我想要一个包一个包,不管什么协议.
I want to iterate through a pcap file packet for packet using python/scapy. The file has multiple protocols. Current the iteration is protocol-specific, so the iteration makes a "jump" if the next packet is from another protocol. I don't know why it goes like this at the moment. I want packet for packet, no matter what protocol.
小例子:
data = 'new.pcap'
zz = rdpcap(data)
sessions = zz.sessions()
for session in sessions:
for packet in sessions[session]:
eth_src = packet[Ether].src
eth_type = packet[Ether].type
if eth_src == "00:22:97:04:06:b9" and eth_type == 0x8100:
# do anything
elif eth_src == "00:22:97:04:06:b9" and eth_type == 0x22f0:
# do anything
else:
# do anything
有人知道原因吗?
推荐答案
简单地尝试:
for pkt in PcapReader('new.pcap'):
eth_src = pkt[Ether].src
eth_type = pkt[Ether].type
if [...]
使用 rdpcap()
在内存中创建一个列表,而 PcapReader()
创建一个生成器,数据包在需要时被读取而不存储在内存中(这使得它成为可能处理巨大的 PCAP 文件).
Using rdpcap()
creates a list in memory, while PcapReader()
creates a generator, packets are read when needed and not stored in memory (which makes it possible to process huge PCAP files).
如果您出于某种原因需要列表,请执行以下操作:
If you need a list for some reason, do:
packets = rdpcap('new.pcap')
for pkt in packets:
eth_src = pkt[Ether].src
eth_type = pkt[Ether].type
if [...]
这篇关于使用 python/scapy 遍历 pcap 文件包以获得数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!