如何用scapy创建新层或新协议? [英] How to create new layer or new protocol with scapy?

问题描述

我想使用scapy创建一个新层，我创建了一个新层，但是当我将其发送到另一台计算机时，它迷路了，wireshark也无法识别它. 我该如何解决这个问题?

i want to create a new layer using scapy,i created a new layer but when i sent it to another computer it got lost, wireshark also cant recognize it. how can i slove this problem?

class OMER(Packet):
    name = "OMER"
    fields_desc = [StrLenField("Omer", "", None)]

推荐答案

使用 scapy ，其他网络工具，例如 wireshark (以及其他)，因为他们不不了解您的协议详细信息.

如果要尝试新协议，则必须创建自己的本地解码器.下面的示例即使很小，也演示了以上所有内容:

If you want to experiment with a new protocol you will have to create your own local decoder. The following example even its minimal, it demonstrates all of the above:

#!/usr/bin/env python 

from scapy.all import *

# create a simple protocol 
# (example similar with the one in the scapy docs...)
class Exmpl(Packet):
    name = "myprotocol"
    fields_desc=[ ShortField("fld1",5),
                  XByteField("fld2",3) ]

from scapy.utils import PcapWriter

# write data in a pcap file to examine later with
# 1 -> scapy
# 2 -> wireshark
print '\n[+] Writing net.pcap file...'
cap = PcapWriter("net.pcap", append=True, sync=True)
for i in range(10):
    packet = Exmpl(fld1=i)
    cap.write(packet)

# read the data and examine them with scapy
# scapy is aware of the "Exmpl" protocol (e.g. its fields etc...) 
# and how to decode it, while wireshark is not
print '[+] Examining net.pcap file...\n'
packets = rdpcap('net.pcap')
for p in packets: 
    Exmpl(str(p)).show()

以上脚本的输出如下:

[+] Writing net.pcap file...
[+] Examining net.pcap file...

###[ myprotocol ]###
  fld1      = 0
  fld2      = 0x3
###[ myprotocol ]###
  fld1      = 1
  fld2      = 0x3
###[ myprotocol ]###
  fld1      = 2
  fld2      = 0x3
...skip...

如您所见，scapy 知道协议，因此可以正确解析数据.现在，如果您尝试使用wireshark检查"net.pcap"文件，您将看到以下内容:

As you can see scapy is aware of the protocol and thus can parse the data correctly. Now if you try to examine the "net.pcap" file with wireshark you will see the following:

wireshark 无法识别您的协议，并且结果，它无法正确解析它.

wireshark is not aware of your protocol and as a result it can't parse it correctly.

注意::您可以理解，即使您将这些数据包发送到另一台设备中(要真正做到这一点，您还必须实现其他功能)，那么该设备也必须知道您的协议，否则它将无法正确解析.这就是为什么当您尝试将数据包从一台计算机发送到另一台计算机时，接收方无法成功对其进行解码的原因.

Notice: As you can understand, even if you send those packets in another device (to actually do that you'll have to implement some other stuff also) then that device must also be aware of your protocol, otherwise it won't be able to parse it correctly. That is why when you tried to send the packets from one computer to another, the receiver couldn't successfully decode them.

这篇关于如何用scapy创建新层或新协议?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！