scapy无法解析GTP层 [英] scapy not parsing GTP layers

问题描述

我想使用scapy从我拥有的pcap文件中解析我的GTP数据包.我能够使用Scapy解析正常的UDP/TCP数据包.例如，如果我的包裹是udppacket，那么

udppacket[3]

向我展示了udp数据包的数据部分.对于GTP数据包，它在udp层之后具有更多层，并且数据位于最后一层内部.因此，如果我的gtp数据包是gtppacket，那么

gtppacket[4]

给我一​​个错误，说IndexError:找不到第4层.其实如果我使用

gtppacket[3]

然后，我可以看到数据以及来自其他层的其他信息.因此，有什么办法让我遍历gtppacket的第3层并仅访问我对此感兴趣的部分.我需要从第3层提取的数据始终位于恒定偏移量之后.以下是hexdump(gtppacket [3])的输出.

0000   30 FF 00 B6 F8 8E EA 50  45 00 00 B6 04 D2 40 00   0......PE.....@.
0010   7E 11 6D F1 C0 A8 05 02  C0 A8 03 21 22 B8 15 B3   ~.m........!"...
0020   00 A2 3C C2 00 00 00 09  00 00 00 00 00 00 00 00   ..<.............
0030   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0040   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0050   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0060   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0070   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0080   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0090   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00a0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00b0   00 00 00 00 00 00 00 00  00 00 00 00 00 00         ..............

我实际上要提取从09开始的数据.我对其他数据不感兴趣.另一个想法是将此输出保存为字符数组，然后使用正确的偏移量进行访问.但是我不知道有没有更好的主意来提取我想要的东西.

解决方案

Scapy支持gtp库. 嘿，您可以使用scapy gtp库执行操作. 您将十六进制字符串复制到这样的变量中 a ='30FF00B6F88EEA50450000B604D240007E116DF1C0A80502C0A8032122B815B300A23CC200000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

导入scapy模块

从scapy.layers.gtp导入*

通过给出原始十六进制来解码gtp标头

GTPHeader(a) 出[8]:>>

I want to use scapy to parse my GTP packets from the pcap files that I have. I am able to use scapy to parse normal UDP/TCP packets. For example, if my packet is udppacket, then

udppacket[3]

shows me the data part of the udp packet. For a GTP packet, it has more layers following the udp layers and the data is inside the last layer. So if my gtp packet is gtppacket, then

gtppacket[4]

gives me error saying IndexError : layer 4 not found. Actually if I use

gtppacket[3]

Then I can see the data along with other information from the other layers. So is there any way for me to traverse inside the layer 3 of gtppacket and access only the part of it that I am interested in it. The data that I need to extract from layer 3 always lies after a constant offset. The following is the output of hexdump(gtppacket[3]).

0000   30 FF 00 B6 F8 8E EA 50  45 00 00 B6 04 D2 40 00   0......PE.....@.
0010   7E 11 6D F1 C0 A8 05 02  C0 A8 03 21 22 B8 15 B3   ~.m........!"...
0020   00 A2 3C C2 00 00 00 09  00 00 00 00 00 00 00 00   ..<.............
0030   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0040   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0050   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0060   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0070   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0080   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0090   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00a0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00b0   00 00 00 00 00 00 00 00  00 00 00 00 00 00         ..............

The data starting from 09 is what i actually want to extract. I am not interested in the other data. Another idea is to save this output a character array and then access using the correct offset. But I do not know if there are any better ideas to extract what I want.

解决方案

Scapy support the gtp library. Hey you can use the scapy gtp library to do the things. You copy the hexstring in a variable like this a = '30FF00B6F88EEA50450000B604D240007E116DF1C0A80502C0A8032122B815B300A23CC200000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'

import the scapy module

from scapy.layers.gtp import *

decode the gtp header by giving the raw hex

GTPHeader(a) Out[8]: >>

这篇关于scapy无法解析GTP层的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！