使用Scapy获取TCP标志 [英] Get TCP Flags with Scapy
问题描述
我正在解析一个PCAP文件,我需要提取TCP标志(SYN,ACK,PSH,URG等).
我正在使用packet['TCP'].flags
值一次获取所有标志.
I'm parsing a PCAP file and I need to extract TCP flags (SYN, ACK, PSH, URG, ...).
I'm using the packet['TCP'].flags
value to obtain all the flags at once.
pkts = PcapReader(infile)
for p in pkts:
F = bin(p['TCP'].flags)
print F, bin(F), p.summary()
# manual flags extraction from F
有没有一种方法可以获取单个TCP标志,而无需手动从packet['TCP'].flags
值中提取它?
Is there a way to obtain a single TCP flag without manually extract it from packet['TCP'].flags
value?
推荐答案
通常,处理FLAGS的常用方法是使用位图和按位运算符.如果您的Packet
类没有用于测试标志的特定方法,那么IMHO最好的方法是:
Normally, the usual way to handle FLAGS is with a bitmap and bitwise operators. If your Packet
class doesn't have specific method to test for flags, the best thing you can do IMHO is to:
FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80
并像这样测试它们:
F = p['TCP'].flags # this should give you an integer
if F & FIN:
# FIN flag activated
if F & SYN:
# SYN flag activated
# rest of the flags here
可悲的是,python没有switch
语句来使它更加优雅,但实际上并没有多大作用.
Sadly, python doesn't have a switch
statement to make this more elegant but it doesn't really matter much.
希望这会有所帮助!
这篇关于使用Scapy获取TCP标志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!