在 scapy 数据包中搜索十六进制 [英] Searching for hex in scapy packet
问题描述
我正在尝试在数据包的 UDP 负载 (ISAKMP) 中搜索十六进制序列.正在从 pcap 加载数据包.如果我使用 show() 或 show2() 则输出是我无法使用的字节类型.
我最接近的是使用十六进制转储,但它在多行中显示为 3 列,我只想要中间的列是一个漂亮的长字符串.
我尝试了 hexlify、编码和解码以及 .format,但我无法得到一些有意义的东西.
感谢您的帮助
您可以将 hexlify 与 str 结合使用.下面是一个 TCP 数据包的例子.您也可以将其用于 UDP.
您的要求是hexlify(str(pkt[0])).
I am trying to search for a hex sequence in the UDP payload (ISAKMP) of a packet. the packet is being loaded from a pcap. If I use show() or show2() then the output is in type bytes which I can't use.
the closest I have come is by using hexdump, but it comes out as 3 colums over multiple lines and I just want the middle column in a nice long string.
I've tried hexlify, encoding and decoding, and .format and I can't get something that makes sense.
thanks for your help
You can use hexlify in combination with str. Below is an example with a TCP packet. You can use the same for UDP as well.
>>> pkt = sniff(filter="tcp", count=1)
>>> pkt.show()
0000 Ether / IP / TCP 27.59.126.209:cardbox > 14.139.134.39
ssh A
>>> from binascii import hexlify
>>> pktHex = hexlify(str(pkt[0]))
>>> pktHex
'7446a0afb96508357101e52508004568003483f24000340693ab1b3b7e
10e8b86270c2100167f687368446b8086801001a7a33100000101080a00
e0b1b1dddb5f6'
>>> hexdump(pkt[0])
0000 7446A0AFB96508357101E52508004568 tF...e.5q..%..Eh
0010 003483F24000340693AB1B3B7ED10E8B .4..@.4....;~...
0020 86270C2100167F687368446B80868010 .'.!...hshDk....
0030 01A7A33100000101080A003E0B1B1DDD ...1.......>....
0040 B5F6 ..
Your requirement is hexlify(str(pkt[0])).
这篇关于在 scapy 数据包中搜索十六进制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
