从 pcap 文件中获取有效负载中的特定字节 [英] Get specific bytes in payload from a pcap file

问题描述

我有一个正在使用 Scapy 解析的 PCAP 文件，

I have a PCAP file which I am parsing using Scapy,

我已经使用下面的代码成功地将有效负载转储到十六进制转储

I have managed to dump the payload to a hexdump by using the code bellow

pkts = rdpcap('Sink.pcap')
print hexdump(pkts[0][2].load)

我得到输出

0000   00 00 00 *01* 58 2F AC 47  01 D8 1E 5F 00 00 00 01   ....X/.G..._....
0010   00 0A 5E 32 08 00 08 00  08 00 08 00 08 00 08 00   ..^2............
0020   08 00 08 00 08 00 08 00  08 00 08 00 08 00 08 00   ................
0030   08 00 08 00 08 00 08 00  08 00 08 00               ............
None

我想做的是例如只打印第 4 个字节 (0x01).(被星星包围)，我该怎么做?是先把hexdump转成字符串再做字符串解析还是可以使用Scapy库来实现这个操作?

What I want to do is for example print only the 4th byte (0x01) that is. (Surrounded by stars), how would I do this? Do I convert the hexdump to a string and then do string parsing or can I use the Scapy library to achieve this operation?

推荐答案

你的意思是

print pkts[0][2].load[3]

或者可能是十六进制和字符

or maybe as hex and char

val = pkts[0][2].load[3]
print "%x %s" % (ord(val), val)

当然你也可以用hexdump

print hexdump( pkts[0][2].load[3] )

这篇关于从 pcap 文件中获取有效负载中的特定字节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！