使用 Scapy 获取 TCP 标志 [英] Get TCP Flags with Scapy

问题描述

我正在解析 PCAP 文件，我需要提取 TCP 标志(SYN、ACK、PSH、URG 等).我正在使用 packet['TCP'].flags 值一次获取所有标志.

I'm parsing a PCAP file and I need to extract TCP flags (SYN, ACK, PSH, URG, ...). I'm using the packet['TCP'].flags value to obtain all the flags at once.

pkts = PcapReader(infile)
for p in pkts:
        F = bin(p['TCP'].flags)
        print F, bin(F), p.summary()
        # manual flags extraction from F

有没有办法在不从 packet['TCP'].flags 值中手动提取它的情况下获取单个 TCP 标志?

Is there a way to obtain a single TCP flag without manually extract it from packet['TCP'].flags value?

推荐答案

通常，处理 FLAGS 的常用方法是使用位图和按位运算符.如果您的 Packet 类没有特定的方法来测试标志，恕我直言，您可以做的最好的事情是:

Normally, the usual way to handle FLAGS is with a bitmap and bitwise operators. If your Packet class doesn't have specific method to test for flags, the best thing you can do IMHO is to:

FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80

然后像这样测试它们:

F = p['TCP'].flags    # this should give you an integer
if F & FIN:
    # FIN flag activated
if F & SYN:
    # SYN flag activated
# rest of the flags here

遗憾的是，python 没有 switch 语句来使它更优雅，但这并不重要.

Sadly, python doesn't have a switch statement to make this more elegant but it doesn't really matter much.

希望这有帮助！

这篇关于使用 Scapy 获取 TCP 标志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！