1

我正在尝试从原始字符串构建 scapy 以太包。

packet = packets[4] # this is the packet I get from pcap file
str_packet = str(packet) # I get string form from here

packet2 = Ether(str_packet) # I try to make packet2 from the string
packet.show() 
packet2.show()

此处的输出显示以太包 2 没有很好地形成。

任何想法,如何从原始字符串中获取 packet2 ?

###[ Ethernet ]### 
  dst       = 80:e6:50:14:3d:52
  src       = 2a:74:02:9b:85:64
  type      = IPv4
###[ IP ]### 
     version   = 4
     ihl       = 5
     tos       = 0x0
     len       = 52
     id        = 44178
     flags     = 
     frag      = 0
     ttl       = 88
     proto     = tcp
     chksum    = 0x5503
     src       = 157.240.13.35
     dst       = 172.20.10.7
     \options   \
###[ TCP ]### 
        sport     = https
        dport     = 60643
        seq       = 905248884
        ack       = 938762494
        dataofs   = 8
        reserved  = 0
        flags     = A
        window    = 113
        chksum    = 0x43e9
        urgptr    = 0
        options   = [('NOP', None), ('NOP', None), ('Timestamp', (2596765797, 886096700))]

###[ Raw ]### 
  load      = "b'\\x80\\xe6P\\x14=R*t\\x02\\x9b\\x85d\\x08\\x00E\\x00\\x004\\xac\\x92\\x00\\x00X\\x06U\\x03\\x9d\\xf0\\r#\\xac\\x14\\n\\x07\\x01\\xbb\\xec\\xe35\\xf5\\x00t7\\xf4`\\xfe\\x80\\x10\\x00qC\\xe9\\x00\\x00\\x01\\x01\\x08\\n\\x9a\\xc7\\x80e4\\xd0\\xc3<'"
4

1 回答 1

3

在第 2 行,使用raw代替str. 我像你一样从 pcap 文件中提取了一些帧,这就是我得到的:

>>> str(p)                                                                                                                                                    
WARNING: Calling str(pkt) on Python 3 makes no sense!
"b'\\xf4\\xca\\xe5Cu\\x10\\x00!\\xcc\\xd3px\\x08\\x00E\\x00\\x004\\xbe\\x05@\\x00@\\x06\\xfb\\xc4\\xc0\\xa8\\x01\\x0f6\\xbf\\x88\\x83\\x96N\\x01\\xbb5M\\x94r\\xd0\\xc7\\xd9\\xae\\x80\\x10\\x01\\xf5\\x81 \\x00\\x00\\x01\\x01\\x08\\np\\xaf\\xdf\\xc4a\\xcf=\\x84'"

>>> raw(p)                                                                                                                                                    
b'\xf4\xca\xe5Cu\x10\x00!\xcc\xd3px\x08\x00E\x00\x004\xbe\x05@\x00@\x06\xfb\xc4\xc0\xa8\x01\x0f6\xbf\x88\x83\x96N\x01\xbb5M\x94r\xd0\xc7\xd9\xae\x80\x10\x01\xf5\x81 \x00\x00\x01\x01\x08\np\xaf\xdf\xc4a\xcf=\x84'

>>> Ether(raw(p)).show()                                                                                                                                      
###[ Ethernet ]### 
  dst= f4:ca:e5:43:75:10
  src= 00:21:cc:d3:70:78
  type= IPv4
###[ IP ]### 
     version= 4
     ihl= 5
     tos= 0x0
     len= 52
     id= 48645
     flags= DF
     frag= 0
     ttl= 64
     proto= tcp
     chksum= 0xfbc4
     src= 192.168.1.15
     dst= 54.191.136.131
     \options\
###[ TCP ]### 
        sport= 38478
        dport= https
        seq= 894276722
        ack= 3502758318
        dataofs= 8
        reserved= 0
        flags= A
        window= 501
        chksum= 0x8120
        urgptr= 0
        options= [('NOP', None), ('NOP', None), ('Timestamp', (1890574276, 1640971652))]
于 2020-08-05T14:00:06.690 回答