将原始 Scapy 数据解码为人类可读 [英] Decode raw Scapy data to human readable

问题描述

我正在尝试改用 Scapy 而不是 Wireshark，但在解码我获得的数据时遇到问题.在 Wireshark 中，我可以很容易地看到标记为分布式交互式模拟"的过滤数据包的最后一层，但在 Scapy 中，最后一层是原始".我正在尝试以相同的人类可读格式从该层获取数据.到目前为止，我已经得到:

I'm trying to switch to using Scapy instead of Wireshark, but am having trouble decoding the data I'm getting. In Wireshark I can easily see the last layer for filtered packets labeled as "Distributed Interactive Simulation", but in Scapy the last layer is "Raw". I'm trying to get the data from this layer in the same human readable format. So far I've gotten:

# Capture with Scapy
from scapy.all import sniff
capture = sniff(filter="dst 10.6.255.255 and port 3000", count=5)
packet = capture[0]
raw = pkt.lastlayer()
print(raw)

<Raw  load='\x068\x14\x05L\x88nK\x00x\x00\x00\x00\x94\x08\x88\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x9f\x00\x00\x02 \x00\x01sj\x9b\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04p\x00\x08\x00\x00\x00\x00\x00\x00d\xe9Y<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x8c\x00\x00\x113\x00\x00\x00\x01\x00\x02\x0c\x00\x00\x00\x01\x02\x00\x00\x00\x041187\x00\x00\x00\x00\x00' |>

有人能告诉我如何让这个人类可读吗?

Could someone show me how to make this human readable?

推荐答案

首先，您的脚本中有错误.raw = pkt.lastlayer() 应该是 raw = packet.lastlayer().

First, you have an error in your script. raw = pkt.lastlayer() should be raw = packet.lastlayer().

尝试将 print(packet.show()) 添加到您的脚本中以获得更具可读性的格式，这将为您提供类似的内容:

Try adding print(packet.show()) to your script for a more readable format which will give you something similar to this:

###[ Ethernet ]###
  dst       = 94:c6:91:1c:68:c3
  src       = 94:c6:91:1c:68:1d
  type      = 0x800
###[ IP ]###
     version   = 4
     ihl       = 5
     tos       = 0x0
     len       = 84
     id        = 49689
     flags     = DF
     frag      = 0
     ttl       = 64
     proto     = icmp
     chksum    = 0x1938
     src       = 192.168.111.4
     dst       = 192.168.111.2
     \options   \
###[ ICMP ]###
        type      = echo-request
        code      = 0
        chksum    = 0xb468
        id        = 0x6d3
        seq       = 0xab
###[ Raw ]###
           load      = '\x0e\x85\x96[\x00\x00\x00\x00\xd2e\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'

None

您还可以使用 hexdump 命令以更易读的格式显示原始负载.

You can also use hexdump command to show the raw load in a more readable format.

from scapy.utils import hexdump
raw = packet.lastlayer()
hexdump(raw)

输出如下:

0000  D091965B0000000080FD0E0000000000 ...[............
0010  101112131415161718191A1B1C1D1E1F ................
0020  202122232425262728292A2B2C2D2E2F  !"#$%&'()*+,-./
0030  3031323334353637                 01234567
0000  063814054CC2886E4B0078000000C294 .8..L..nK.x.....
0010  08C2880000C3BFC3BFC3BFC3BF000000 ................
0020  00000000000000000000000000000100 ................
0030  0000C29F000002200001736AC29BC3B4 ....... ..sj....
0040  00000000000000000000000470000800 ............p...
0050  000000000064C3A9593C000000000000 .....d..Y<......
0060  0000000004C28C000011330000000100 ..........3.....
0070  020C0000000102000000043131383700 ...........1187.
0080  00000000                         ....

这篇关于将原始 Scapy 数据解码为人类可读的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！