1

我在将 pcap 写入文件缓冲区时遇到问题,重要的是我不为这些 pcap 捕获触摸磁盘,是的,它们必须是实时的。

sudo scapy
>>> import io
>>> cap = sniff(timeout=30)
>>> buf = io.BytesIO()
>>> wrpcap(buf, cap)
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/scapy/utils.py", line 524, in wrpcap
    with PcapWriter(filename, *args, **kargs) as fdesc:
  File "/usr/lib/python2.7/dist-packages/scapy/utils.py", line 682, in __init__
    self.f = [open,gzip.open][gz](filename,append and "ab" or "wb", gz and 9 or bufsz)
TypeError: coercing to Unicode: need string or buffer, _io.BytesIO found

这通常发生在您打开(无)时,这是 Scapy Utils 中 PcapWriter 函数中的错误吗?

我也试过这个:buf.seek(0)在写作之前,它仍然失败。

4

2 回答 2

1

您应该使用 Scapy 的最新版本,它开箱即用:

Welcome to Scapy (2.3.3)
>>> import io
>>> cap = sniff(timeout=30)
>>> buf = io.BytesIO()
>>> wrpcap(buf, cap)
>>>

如果您需要保持buf开放,只需执行以下操作:

Welcome to Scapy (2.3.3)
>>> import io
>>> cap = sniff(timeout=30)
>>> buf = io.BytesIO()
>>> PcapWriter(buf).write(cap)
>>> buf.seek(0)
0L
>>> rdpcap(buf)
<No name: TCP:736 UDP:0 ICMP:0 Other:0>
于 2016-10-23T18:14:19.277 回答
-1

我从scapy( utils.py) 获得代码并创建memwrpcap了可以写入io.BytesIO.

buf = io.BytesIO()
memwrpcap(buf, cap)

(写入后它不会关闭缓冲区,您可以开始从缓冲区读取。)

之后,我使用标准open()write()保存数据io.BytesIO并将该文件与创建的文件进行比较wrpcap

diff -c test-std.pcap test-mem.pcap

并且看起来它们是相同的,所以io.BytesIO有 pcap 格式的数据。

完整代码 -memwrpcam以及MemoryPcapWriter我用来测试它的代码。

#
# from: scapy/utils.py
#

from scapy.all import *

def memwrpcap(filename, pkt, *args, **kargs):
    """Write a list of packets to a pcap file
    gz: set to 1 to save a gzipped capture
    linktype: force linktype value
    endianness: "<" or ">", force endianness"""

    # use MemoryPcapWriter instead of PcapWriter
    with MemoryPcapWriter(filename, *args, **kargs) as fdesc:
        fdesc.write(pkt)


class MemoryPcapWriter(PcapWriter):
    """A stream PCAP writer with more control than wrpcap()"""
    def __init__(self, filename, linktype=None, gz=False, endianness="", append=False, sync=False):
        """
        linktype: force linktype to a given value. If None, linktype is taken
                  from the first writter packet
        gz: compress the capture on the fly
        endianness: force an endianness (little:"<", big:">"). Default is native
        append: append packets to the capture file instead of truncating it
        sync: do not bufferize writes to the capture file
        """

        self.linktype = linktype
        self.header_present = 0
        self.append=append
        self.gz = gz
        self.endian = endianness
        self.filename=filename
        self.sync=sync
        bufsz=4096
        if sync:
            bufsz=0

        # use filename or file-like object 
        if isinstance(self.filename, str):
            self.f = [open,gzip.open][gz](filename,append and "ab" or "wb", gz and 9 or bufsz)
        else: # file-like object 
            self.f = filename

    def __exit__(self, exc_type, exc_value, tracback):
        self.flush()
        if isinstance(self.filename, str):
            self.close() # don't close file-like object


# --- main ---

#
# run script with sudo
#
# compare results (on Linux)
#    diff -s test-std.pcap test-mem.pcap
#

from scapy.all import *

import io

cap = sniff(timeout=5)

# save to pcap file
wrpcap('test-std.pcap', cap)

# save to buffer
buf = io.BytesIO()
memwrpcap(buf, cap)

# move to beginning and save to file
#print('current position:', buf.tell())
buf.seek(0)
#print('current position:', buf.tell())

with open('test-mem.pcap', 'wb') as fp:
    fp.write(buf.read())
于 2016-10-23T14:46:31.067 回答