通过pyshark解析pcap报文

代码：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

import pyshark   def extract_dns_info(packet):     dns = packet.dns     query_name = dns.qry_name if hasattr(dns, 'qry_name') else None     query_type = dns.qry_type if hasattr(dns, 'qry_type') else None       # 解析响应的IP地址或其他响应内容     response_data = []     if hasattr(dns, 'a'):         response_data.append(dns.a)     if hasattr(dns, 'aaaa'):         response_data.append(dns.aaaa)     if hasattr(dns, 'cname'):         response_data.append(dns.cname)     if hasattr(dns, 'txt'):         response_data.append(dns.txt)       print("query name:", query_name, "type:", query_type, "response:", response_data)     return query_name, query_type, response_data     def extract_five_tuple(packet):     # 默认值，用于非TCP/UDP协议     src_ip, dst_ip = "N/A", "N/A"     src_port, dst_port = "N/A", "N/A"     protocol = "N/A"     # 检测数据包是否有IP层     if 'IP' in packet:         src_ip = packet.ip.src         dst_ip = packet.ip.dst           # 如果是TCP或UDP协议，获取端口信息         if 'TCP' in packet:             src_port = packet.tcp.srcport             dst_port = packet.tcp.dstport             protocol = "TCP"         elif 'UDP' in packet:             src_port = packet.udp.srcport             dst_port = packet.udp.dstport             protocol = "UDP"         else:             protocol = packet.ip.proto     return src_ip, dst_ip, src_port, dst_port, protocol   def extract_tcp_payload(packet):     print('*'*66)     print("Network protocol:", packet.highest_layer)     print("src_ip, dst_ip, src_port, dst_port, protocol:", extract_five_tuple(packet))       if packet.highest_layer == 'DNS':         extract_dns_info(packet)       found = False     for protocol in ('tcp', 'udp'):         if hasattr(packet, protocol) and hasattr(getattr(packet, protocol), 'payload'):             layer = getattr(packet, protocol)             payload = layer.payload.raw_value             print("Raw payload:", payload)             print("Human readable(non-printable char is \\x digit+digit) payload: ")             if packet.highest_layer == 'SMB':                 printify(bytes.fromhex(payload), need_hex=False)             else:                 printify(bytes.fromhex(payload), need_hex=True)             found = True     if not found:         print("No payload found!")     print('*'*66)     def printify(payload, need_hex=False):     payload_str = ""     for byte in payload:         if byte == 0x0d:  # Carriage Return (CR)             payload_str += "\\r"         elif byte == 0x0a:  # Line Feed (LF)             payload_str += "\\n"         if byte < 32 or byte > 126:  # Non-printable ASCII range             if need_hex:                 payload_str += f'\\x{byte:02x}'             else:                 payload_str += '.'         else:             payload_str += chr(byte)       print(payload_str)     def parse_pcap(pcap_file):     cap = pyshark.FileCapture(pcap_file)       for packet in cap:         extract_tcp_payload(packet)     cap.close()     # 测试 # path = "D:\\source\\LocalUtil\\6tcp.pcap" # path = "D:\\source\\LocalUtil\\5smb.pcap" path = "D:\\source\\LocalUtil\\4_decrypted.pcap" # path = "D:\\source\\LocalUtil\\complex.pcap" parse_pcap(path)

　　

示例输出：

 

HTTP的报文输出示例：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

****************************************************************** Network protocol: HTTP src_ip, dst_ip, src_port, dst_port, protocol: ('192.168.1.24', '112.49.45.102', '59134', '80', 'TCP') Raw payload: 474554202f563230313456322f56657273696f6e5570646174652f55706461746546696c655061636b6167652fa1bec3e2b7d1d0cda1bf2e6d747820485454502f312e310d0a486f73743a20736f66742e616e6a69616e2e636f6d0d0a4163636570743a202a2f2a0d0a507261676d613a206e6f2d63616368650d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a557365722d4167656e743a2048747470446f776e6c6f61642f322e300d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a Human readable(non-printable char is \x digit+digit) payload: GET /V2014V2/VersionUpdate/UpdateFilePackage/\xa1\xbe\xc3\xe2\xb7\xd1\xd0\xcd\xa1\xbf.mtx HTTP/1.1\r\x0d\n\x0aHost: soft.anjian.com\r\x0d\n\x0aAccept: */*\r\x0d\n\x0aPragma: no-cache\r\x0d\n\x0aCache-Control: no-cache\r\x0d\n\x0aUser-Agent: HttpDownload/2.0\r\x0d\n\x0aConnection: close\r\x0d\n\x0a\r\x0d\n\x0a ****************************************************************** ****************************************************************** Network protocol: TCP src_ip, dst_ip, src_port, dst_port, protocol: ('112.49.45.102', '192.168.1.24', '80', '59134', 'TCP') No payload found! ****************************************************************** ****************************************************************** Network protocol: DATA-TEXT-LINES src_ip, dst_ip, src_port, dst_port, protocol: ('112.49.45.102', '192.168.1.24', '80', '59134', 'TCP') Raw payload: 485454502f312e3120353033205365727669636520556e617661696c61626c650d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a20563252324330302d4941452f312e300d0a43616368652d436f6e74726f6c3a206e6f2d63616368652c206e6f2d73746f72650d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203834300d0a0d0a3c21444f43545950452068746d6c3e0d0a3c68746d6c206c616e673d22656e223e0d0a3c686561643e0d0a3c6d65746120636861727365743d225554462d38223e0d0a3c7469746c653e416e746976697275733c2f7469746c653e0d0a3c7374796c6520747970653d22746578742f637373223e0d0a68746d6c2c20626f64797b6d617267696e3a20303b70616464696e673a20303b666f6e742d66616d696c793a2056657264616e612c20417269616c2c2073616e732d73657269663b666f6e742d73697a653a20313070743b7d0d0a2e6d61696e207b706f736974696f6e3a206162736f6c7574653b746f703a3130253b6c6566743a3130253b77696474683a3830253b626f726465723a2035707820736f6c696420236161613b626f782d736861646f773a20302030203230707820233030303b7d0d0a68317b636f6c6f723a207265643b70616464696e673a20343070782034307078203020343070783b7d0d0a2e6e6f746963657b70616464696e673a20323070782034307078203430707820343070783b7d0d0a2e6e6f7469636520707b70616464696e672d746f703a20313470783b666f6e742d73697a653a20313470783b776f72642d777261703a20627265616b2d776f72643b7d0d0a2e6e6f746963652070206c6162656c7b666f6e742d7765696768743a203630303b77686974652d73706163653a207072653b7d0d0a3c2f7374796c653e0d0a3c2f686561643e0d0a3c626f64793e0d0a3c64697620636c6173733d226d61696e223e0d0a3c68313e416e7469766972757320426c6f636b65643c2f68313e0d0a3c6469762069643d226e6f746963652220636c6173733d226e6f74696365223e0d0a3c703e546865207061676520796f752072657175657374656420686173206265656e20626c6f636b6564206265636175736520697420636f6e7461696e7320736f6d652076697275732e506c6561736520636f6e7461637420796f7572206e6574776f726b2061646d696e6973747261746f7220666f722068656c702e3c2f703e0d0a3c703e3c6c6162656c3e46696c65204e616d653a203c2f6c6162656c3ea1bec3e2b7d1d0cda1bf2e6d74783c2f703e0d0a3c2f6469763e0d0a3c2f6469763e0d0a3c2f626f64793e0d0a3c2f68746d6c3e Human readable(non-printable char is \x digit+digit) payload: HTTP/1.1 503 Service Unavailable\r\x0d\n\x0aConnection: close\r\x0d\n\x0aServer: V2R2C00-IAE/1.0\r\x0d\n\x0aCache-Control: no-cache, no-store\r\x0d\n\x0aContent-Type: text/html\r\x0d\n\x0aContent-Length: 840\r\x0d\n\x0a\r\x0d\n\x0a<!DOCTYPE html>\r\x0d\n\x0a<html lang="en">\r\x0d\n\x0a<head>\r\x0d\n\x0a<meta charset="UTF-8">\r\x0d\n\x0a<title>Antivirus</title>\r\x0d\n\x0a<style type="text/css">\r\x0d\n\x0ahtml, body{margin: 0;padding: 0;font-family: Verdana, Arial, sans-serif;font-size: 10pt;}\r\x0d\n\x0a.main {position: absolute;top:10%;left:10%;width:80%;border: 5px solid #aaa;box-shadow: 0 0 20px #000;}\r\x0d\n\x0ah1{color: red;padding: 40px 40px 0 40px;}\r\x0d\n\x0a.notice{padding: 20px 40px 40px 40px;}\r\x0d\n\x0a.notice p{padding-top: 14px;font-size: 14px;word-wrap: break-word;}\r\x0d\n\x0a.notice p label{font-weight: 600;white-space: pre;}\r\x0d\n\x0a</style>\r\x0d\n\x0a</head>\r\x0d\n\x0a<body>\r\x0d\n\x0a<div class="main">\r\x0d\n\x0a<h1>Antivirus Blocked</h1>\r\x0d\n\x0a<div id="notice" class="notice">\r\x0d\n\x0a<p>The page you requested has been blocked because it contains some virus.Please contact your network administrator for help.</p>\r\x0d\n\x0a<p><label>File Name: </label>\xa1\xbe\xc3\xe2\xb7\xd1\xd0\xcd\xa1\xbf.mtx</p>\r\x0d\n\x0a</div>\r\x0d\n\x0a</div>\r\x0d\n\x0a</body>\r\x0d\n\x0a</html> ****************************************************************** ****************************************************************** Network protocol: TCP src_ip, dst_ip, src_port, dst_port, protocol: ('112.49.45.102', '192.168.1.24', '80', '59134', 'TCP') Raw payload: 485454502f312e3120323030204f4b0d0a5365727665723a206e67696e780d0a446174653a205468752c203239204a756e20323032332030333a30313a313720474d540d0a436f6e74656e742d547970653a206170706c69636174696f6e2f6d74780d0a436f6e74656e742d4c656e6774683a20333432363439360d0a436f6e6e656374696f6e3a20636c6f73650d0a4c6173742d4d6f6469666965643a204672692c203133204d617220323032302030393a31323a353420474d540d0a4163636570742d52616e6765733a2062797465730d0a455461673a20226366353438613934313766396435313a30220d0a582d506f77657265642d42793a204153502e4e45540d0a0d0a4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000280100000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000aace6723eeaf0970eeaf0970eeaf09702da05470ecaf097033fd7270ecaf09706da75470ecaf097081d9a270c7af0970e7d78d70efaf0970e7d78a70fcaf0970e7d79a70c3af0970eeaf08705bac09707de19170e8af0970f5329770deaf0970f532a3703faf0970f532a27024ae0970f532a670d9af0970f5329370efaf0970f5329470efaf097052696368eeaf0970000000000000000000000000000000000000000000000000504500004c010600f32bb2590000000000000000e00002010b010a0000be2300006a100000000000a71016000010000000d02300000040000010000000020000050001000000000005000100000000000000350000040000923935000200408100001000001000000000100000100000000000001000000000000000000000004c572b00f401000000202d005c9a03000000000000000000002c3400c01c000000c030006cc602000000000000000000000000000000000000000000000000004813280018000000f812280040000000000000000000000000d02300cc0b00000000000000000000000000000000000000000000000000002e746578740000009abd23000010000000be230000040000000000000000000000000000200000602e7264617461000008c8070000d0230000ca070000c22300000000000000000000000000400000402e646174610000008462010000a02b0000c60000008c2b00000000000000000000000000400000c02e746c73000000000200000000102d000002000000522c00000000000000000000000000400000c02e727372630000005c9a030000202d00009c030000542c00000000000000000000000000400000402e72656c6f630000803b040000c03000003c040000f02f0000000000000000000000000040000042000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000558becb870100000e8f3341600a134eb6b0033c58945f88b45085356576864546700508bf18bdae814b715008bf883c40885ff751333c05f5e5b8b4df833cde831b615008be55dc3686854670056e8edb6150083c408898598efffff85c074d568e8030000e834b715008bf083c40485f674c28bc38d50018a084084 Human readable(non-printable char is \x digit+digit) payload: HTTP/1.1 200 OK\r\x0d\n\x0aServer: nginx\r\x0d\n\x0aDate: Thu, 29 Jun 2023 03:01:17 GMT\r\x0d\n\x0aContent-Type: application/mtx\r\x0d\n\x0aContent-Length: 3426496\r\x0d\n\x0aConnection: close\r\x0d\n\x0aLast-Modified: Fri, 13 Mar 2020 09:12:54 GMT\r\x0d\n\x0aAccept-Ranges: bytes\r\x0d\n\x0aETag: "cf548a9417f9d51:0"\r\x0d\n\x0aX-Powered-By: ASP.NET\r\x0d\n\x0a\r\x0d\n\x0aMZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x01\x00\x00\x0e\x1f\xba\x0e\x00\xb4\x09\xcd!\xb8\x01L\xcd!This program cannot be run in DOS mode.\r\x0d\r\x0d\n\x0a$\x00\x00\x00\x00\x00\x00\x00\xaa\xceg#\xee\xaf\x09p\xee\xaf\x09p\xee\xaf\x09p-\xa0Tp\xec\xaf\x09p3\xfdrp\xec\xaf\x09pm\xa7Tp\xec\xaf\x09p\x81\xd9\xa2p\xc7\xaf\x09p\xe7\xd7\x8dp\xef\xaf\x09p\xe7\xd7\x8ap\xfc\xaf\x09p\xe7\xd7\x9ap\xc3\xaf\x09p\xee\xaf\x08p[\xac\x09p}\xe1\x91p\xe8\xaf\x09p\xf52\x97p\xde\xaf\x09p\xf52\xa3p?\xaf\x09p\xf52\xa2p$\xae\x09p\xf52\xa6p\xd9\xaf\x09p\xf52\x93p\xef\xaf\x09p\xf52\x94p\xef\xaf\x09pRich\xee\xaf\x09p\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PE\x00\x00L\x01\x06\x00\xf3+\xb2Y\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x02\x01\x0b\x01\n\x0a\x00\x00\xbe#\x00\x00j\x10\x00\x00\x00\x00\x00\xa7\x10\x16\x00\x00\x10\x00\x00\x00\xd0#\x00\x00\x00@\x00\x00\x10\x00\x00\x00\x02\x00\x00\x05\x00\x01\x00\x00\x00\x00\x00\x05\x00\x01\x00\x00\x00\x00\x00\x00\x005\x00\x00\x04\x00\x00\x9295\x00\x02\x00@\x81\x00\x00\x10\x00\x00\x10\x00\x00\x00\x00\x10\x00\x00\x10\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00LW+\x00\xf4\x01\x00\x00\x00 -\x00\\x9a\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,4\x00\xc0\x1c\x00\x00\x00\xc00\x00l\xc6\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x13(\x00\x18\x00\x00\x00\xf8\x12(\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0#\x00\xcc\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.text\x00\x00\x00\x9a\xbd#\x00\x00\x10\x00\x00\x00\xbe#\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00`.rdata\x00\x00\x08\xc8\x07\x00\x00\xd0#\x00\x00\xca\x07\x00\x00\xc2#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00@.data\x00\x00\x00\x84b\x01\x00\x00\xa0+\x00\x00\xc6\x00\x00\x00\x8c+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\xc0.tls\x00\x00\x00\x00\x02\x00\x00\x00\x00\x10-\x00\x00\x02\x00\x00\x00R,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\xc0.rsrc\x00\x00\x00\\x9a\x03\x00\x00 -\x00\x00\x9c\x03\x00\x00T,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00@.reloc\x00\x00\x80;\x04\x00\x00\xc00\x00\x00<\x04\x00\x00\xf0/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00B\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\x8b\xec\xb8p\x10\x00\x00\xe8\xf34\x16\x00\xa14\xebk\x003\xc5\x89E\xf8\x8bE\x08SVWhdTg\x00P\x8b\xf1\x8b\xda\xe8\x14\xb7\x15\x00\x8b\xf8\x83\xc4\x08\x85\xffu\x133\xc0_^[\x8bM\xf83\xcd\xe81\xb6\x15\x00\x8b\xe5]\xc3hhTg\x00V\xe8\xed\xb6\x15\x00\x83\xc4\x08\x89\x85\x98\xef\xff\xff\x85\xc0t\xd5h\xe8\x03\x00\x00\xe84\xb7\x15\x00\x8b\xf0\x83\xc4\x04\x85\xf6t\xc2\x8b\xc3\x8dP\x01\x8a\x08@\x84 ******************************************************************

　　

smb的输出结果（无payload的表示为syn、ack这类报文）：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

****************************************************************** Network protocol: TCP src_ip, dst_ip, src_port, dst_port, protocol: ('172.18.46.251', '192.168.200.88', '59691', '445', 'TCP') No payload found! ****************************************************************** ****************************************************************** Network protocol: TCP src_ip, dst_ip, src_port, dst_port, protocol: ('192.168.200.88', '172.18.46.251', '445', '59691', 'TCP') No payload found! ****************************************************************** ****************************************************************** Network protocol: TCP src_ip, dst_ip, src_port, dst_port, protocol: ('172.18.46.251', '192.168.200.88', '59691', '445', 'TCP') No payload found! ****************************************************************** ****************************************************************** Network protocol: SMB src_ip, dst_ip, src_port, dst_port, protocol: ('172.18.46.251', '192.168.200.88', '59691', '445', 'TCP') Raw payload: 00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200 Human readable(non-printable char is \x digit+digit) payload: .....SMBr.....S...................@..b..PC NETWORK PROGRAM 1.0..LANMAN1.0..Windows for Workgroups 3.1a..LM1.2X002..LANMAN2.1..NT LM 0.12. ****************************************************************** ****************************************************************** Network protocol: SMB src_ip, dst_ip, src_port, dst_port, protocol: ('192.168.200.88', '172.18.46.251', '445', '59691', 'TCP') Raw payload: 00000073ff534d4272000000009853c00000000000000000000000000000fffe000040001105000332000100044100000000010000000000fce3010068a0c2d7d9dad90120fe082e0084c517288395326e57004f0052004b00470052004f0055005000000053004a005f0045005800430045004c000000 Human readable(non-printable char is \x digit+digit) payload: ...s.SMBr.....S...................@.....2....A..............h....... .......(..2nW.O.R.K.G.R.O.U.P...S.J._.E.X.C.E.L... ****************************************************************** ****************************************************************** Network protocol: SMB src_ip, dst_ip, src_port, dst_port, protocol: ('172.18.46.251', '192.168.200.88', '59691', '445', 'TCP') Raw payload: 00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000 Human readable(non-printable char is \x digit+digit) payload: .....SMBs.........................@.\r.......\n....................K......W.i.n.d.o.w.s. .2.0.0.0. .2.1.9.5...W.i.n.d.o.w.s. .2.0.0.0. .5...0... ******************************************************************

　　

DNS的报文示例：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

****************************************************************** Network protocol: DNS src_ip, dst_ip, src_port, dst_port, protocol: ('7.249.195.228', '114.114.114.114', '59031', '53', 'UDP') query name: ug.baidu.com type: 1 response: [] Raw payload: ef730100000100000000000002756705626169647503636f6d0000010001 Human readable(non-printable char is \x digit+digit) payload: \xefs\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02ug\x05baidu\x03com\x00\x00\x01\x00\x01 ****************************************************************** ****************************************************************** Network protocol: DNS src_ip, dst_ip, src_port, dst_port, protocol: ('7.249.195.228', '114.114.114.114', '59031', '53', 'UDP') query name: ug.baidu.com type: 1 response: [] Raw payload: ef730100000100000000000002756705626169647503636f6d0000010001 Human readable(non-printable char is \x digit+digit) payload: \xefs\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02ug\x05baidu\x03com\x00\x00\x01\x00\x01 ****************************************************************** ****************************************************************** Network protocol: DNS src_ip, dst_ip, src_port, dst_port, protocol: ('114.114.114.114', '7.249.195.228', '53', '59031', 'UDP') query name: ug.baidu.com type: 1 response: ['110.242.69.186', 'eopa.n.shifen.com'] Raw payload: ef738180000100030000000002756705626169647503636f6d0000010001c00c000500010000005e001004656f7061016e0673686966656ec015c02a000100010000002300046ef245bac02a000100010000002300046ef245c1 Human readable(non-printable char is \x digit+digit) payload: \xefs\x81\x80\x00\x01\x00\x03\x00\x00\x00\x00\x02ug\x05baidu\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x05\x00\x01\x00\x00\x00^\x00\x10\x04eopa\x01n\x06shifen\xc0\x15\xc0*\x00\x01\x00\x01\x00\x00\x00#\x00\x04n\xf2E\xba\xc0*\x00\x01\x00\x01\x00\x00\x00#\x00\x04n\xf2E\xc1 ******************************************************************