以时间间隔写入使用 scapy sniff 捕获的数据包 [英] Write packets captured with scapy sniff in time intervals

问题描述

我试图每 10 秒将数据包转储到 scapy sniff 函数捕获的文件中，但无济于事.

I’m trying to dump packets to a file captured by scapy sniff function every 10 second to no avail.

这可以通过 tcpdump 实现，例如:tcpdump -s 0 -i -G 10 -w .G 标志是rotate_seconds.

That is possible with tcpdump like: tcpdump -s 0 -i <interface> -G 10 -w <output.pcap>. G flag is the rotate_seconds.

这可以通过 scapy 实现吗?

Is this achievable with scapy?

推荐答案

当然是.查看 wrpcap() 文档.

Of course it is. Have a look at the wrpcap() documentation.

本质上，您只需构建一个接收数据包并采取行动的回调函数.这是一个非常简单的示例，不一定要具有功能性.(我在这里即时编写)这应该每 100 个数据包保存一个 cap 文件.您只需将逻辑更改为基于时间而不是基于数据包计数.

Essentially, you will simply build a callback function that receives packets and takes actions. Here's a very simple example that is not necessarily intended to be functional. (I'm writing it on the fly here) This should save a cap file every 100 packets. You would simply need to change the logic to be time based instead of packet count based.

#!/usr/bin/env python
from scapy import sniff

pendingPackets = []
baseFilename = "capture-"
totalPackets = 0

def handle_packet(packet):
    pendingPackets.append(packet)
    totalPackets += 1

    if len(pendingPackets) >= 100:
        filename = baseFilename + str(totalPackets) + ".pcap"
        wrpcap(filename, pendingPackets)
        pendingPackets = []

sniff(filter="ip", prn=handle_packet)

这篇关于以时间间隔写入使用 scapy sniff 捕获的数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！