0

我有一个名为 trace.txt 的文件,其中包含数据包,我想从中提取每个数据包。文件如下:

IP (tos 0x0, ttl 64, id 42387, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 255.255.255.255.17500: UDP, length 336
IP (tos 0x0, ttl 64, id 35677, offset 0, flags [none], proto UDP (17), length 364)
    10.30.23.135.17500 > 10.30.31.255.17500: UDP, length 336
IP (tos 0x0, ttl 128, id 28996, offset 0, flags [none], proto UDP (17), length 78)
    10.30.12.151.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 128, id 10723, offset 0, flags [none], proto UDP (17), length 78)
    10.30.11.184.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 1, id 16034, offset 0, flags [none], proto UDP (17), length 50)
    10.30.17.171.53709 > 224.0.0.252.5355: UDP, length 22
IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50558 > 10.30.15.255.8612: UDP, length 16
IP (tos 0x0, ttl 1, id 17167, offset 0, flags [none], proto UDP (17), length 44)
    10.30.12.163.50183 > 224.0.0.1.8612: UDP, length 16
.
.
.

如何将它们分类为 SYN 或 ACK 数据包?以及如何判断一个数据包是否属于网站的IP地址?

4

1 回答 1

0

简而言之,您需要

  1. 打开文件
  2. 将文本拆分为数据包
  3. 使用 python 的 . 检查所需的字符串是否在数据包中in

在此示例中,我们将搜索字符串 SYN、ACK 和 google IP。

import re

def get_packets(filename):
    with open(filename) as f:
        text = f.read()

    # Based on the sample file, packet continuations are over multiple lines
    # So split packets based on starting with a newline and then non-space char
    text_packets = re.findall(r'\n\S[\s\S]*(?=\n\S)', text)
    print("Packets found are", text_packets)

def find_info(text_packets):
    # Keep track of the ith packet to print that number
    ith = 1
    # Let's use one of google's IP for the example
    google_ip = "172.217.1.142" 

    for tp in text_packets:
        if "SYN" in tp:
            print(ith, "packet contains SYN")
        if "ACK" in tp:
            print(ith, "packet contains ACK")
        if google_ip in tp:
            print("Traffic to google found")
        ith += 1

def main():
    text_packets = get_packets("temp")
    find_info(text_packets)
于 2020-05-18T20:46:49.017 回答