将原始 Scapy 数据解码为人类可读 [英] Decode raw Scapy data to human readable
问题描述
我正在尝试改用 Scapy 而不是 Wireshark,但在解码我获得的数据时遇到问题.在 Wireshark 中,我可以很容易地看到标记为分布式交互式模拟"的过滤数据包的最后一层,但在 Scapy 中,最后一层是原始".我正在尝试以相同的人类可读格式从该层获取数据.到目前为止,我已经得到:
I'm trying to switch to using Scapy instead of Wireshark, but am having trouble decoding the data I'm getting. In Wireshark I can easily see the last layer for filtered packets labeled as "Distributed Interactive Simulation", but in Scapy the last layer is "Raw". I'm trying to get the data from this layer in the same human readable format. So far I've gotten:
# Capture with Scapy
from scapy.all import sniff
capture = sniff(filter="dst 10.6.255.255 and port 3000", count=5)
packet = capture[0]
raw = pkt.lastlayer()
print(raw)
<Raw load='\x068\x14\x05L\x88nK\x00x\x00\x00\x00\x94\x08\x88\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x9f\x00\x00\x02 \x00\x01sj\x9b\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04p\x00\x08\x00\x00\x00\x00\x00\x00d\xe9Y<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x8c\x00\x00\x113\x00\x00\x00\x01\x00\x02\x0c\x00\x00\x00\x01\x02\x00\x00\x00\x041187\x00\x00\x00\x00\x00' |>
有人能告诉我如何让这个人类可读吗?
Could someone show me how to make this human readable?
推荐答案
首先,您的脚本中有错误.raw = pkt.lastlayer()
应该是 raw = packet.lastlayer()
.
First, you have an error in your script. raw = pkt.lastlayer()
should be raw = packet.lastlayer()
.
尝试将 print(packet.show())
添加到您的脚本中以获得更具可读性的格式,这将为您提供类似的内容:
Try adding print(packet.show())
to your script for a more readable format which will give you something similar to this:
###[ Ethernet ]###
dst = 94:c6:91:1c:68:c3
src = 94:c6:91:1c:68:1d
type = 0x800
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 84
id = 49689
flags = DF
frag = 0
ttl = 64
proto = icmp
chksum = 0x1938
src = 192.168.111.4
dst = 192.168.111.2
\options \
###[ ICMP ]###
type = echo-request
code = 0
chksum = 0xb468
id = 0x6d3
seq = 0xab
###[ Raw ]###
load = '\x0e\x85\x96[\x00\x00\x00\x00\xd2e\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'
None
您还可以使用 hexdump 命令以更易读的格式显示原始负载.
You can also use hexdump command to show the raw load in a more readable format.
from scapy.utils import hexdump
raw = packet.lastlayer()
hexdump(raw)
输出如下:
0000 D091965B0000000080FD0E0000000000 ...[............
0010 101112131415161718191A1B1C1D1E1F ................
0020 202122232425262728292A2B2C2D2E2F !"#$%&'()*+,-./
0030 3031323334353637 01234567
0000 063814054CC2886E4B0078000000C294 .8..L..nK.x.....
0010 08C2880000C3BFC3BFC3BFC3BF000000 ................
0020 00000000000000000000000000000100 ................
0030 0000C29F000002200001736AC29BC3B4 ....... ..sj....
0040 00000000000000000000000470000800 ............p...
0050 000000000064C3A9593C000000000000 .....d..Y<......
0060 0000000004C28C000011330000000100 ..........3.....
0070 020C0000000102000000043131383700 ...........1187.
0080 00000000 ....
这篇关于将原始 Scapy 数据解码为人类可读的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!