python修改pcap包指定字段的值

用wireshark抓包后要修改固定字段的值，代码如下：

实现思路：

1. 用wireshark 打开pcap包，找到要修改的字段位置

2.用scapy读取pcap包，取出指定位置的值，判断是否为要替换的值，如果是替换新值后，把数据流拼接成新的一条完成数据流，放入新的数据包中，如果不符合的不修改直接放回，具体代码如下：

 一次修改单一IP的值

from tqdm import tqdm
from scapy.utils import PcapReader, PcapWriter
import socket

OLD_SOURCE_IP = '192.168.1.100'
OLD_DEST_IP = '192.168.2.100'
OLD_TEID = '0x0e60b0a4'

NEW_TEID = '0xd970575e'
NEW_SOURCE_IP = '172.16.1.100'
NEW_DEST_IP = '172.16.1.200'

i_filepath = "tpcu_200000.pcap"   # pcap to read
o_filepath = "out_{0}".format(i_filepath)  # pcap to write
i_open_file = PcapReader(i_filepath)
o_open_file = PcapWriter(o_filepath)  # opened file to write
new_pkt = ''

for packet in tqdm(i_open_file):

    byteArray = packet['Raw'].load
    # format ip
    source_ip = socket.inet_ntoa(byteArray[26:30])
    des_ip = socket.inet_ntoa(byteArray[30:34])
    if source_ip == OLD_SOURCE_IP and des_ip == OLD_DEST_IP:
        # ip to bytes
        new_source_ip = socket.inet_aton(NEW_SOURCE_IP)
        new_dest_ip = socket.inet_aton(NEW_DEST_IP)
        # hex to bytes
        new_teid = bytes.fromhex(NEW_TEID.replace('0x',''))
        new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid+byteArray[50:]
        # write new pacp package
        o_open_file.write(new_pkt)
    elif source_ip == OLD_DEST_IP and des_ip == OLD_SOURCE_IP:
        new_source_ip = socket.inet_aton(NEW_DEST_IP)
        new_dest_ip = socket.inet_aton(NEW_SOURCE_IP)
        new_teid = bytes.fromhex(NEW_TEID.replace('0x', ''))
        new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid + byteArray[50:]
        o_open_file.write(new_pkt)
    else:
        new_pkt = byteArray
        o_open_file.write(new_pkt)

　　批量修改IP的值,dpkt 读取pcap包的性能是scapy的10倍以上，批量操作时读取用dpkt进行读取，替换时间从12s优化到3s左右。

from tqdm import tqdm
from scapy.utils import PcapReader, PcapWriter
import socket
from config import *
from dpkt.pcap import Reader
'''

data = [{"source_ip":[old_source_ip,new_source_ip], "dest_ip":[old_dest_ip,new_dest_ip],"teid":[old_teid,new_teid]},
        {"source_ip":[old_source_ip,new_source_ip], "dest_ip":[old_dest_ip,new_dest_ip],"teid":[old_teid,new_teid]}
        ]

'''
# pcap to write
o_filepath = "out_dpkt_{0}".format(i_filepath)
i_open_file = PcapReader(i_filepath)
# opened file to write
o_open_file = PcapWriter(o_filepath)
new_pkt = ''
flags = 0
def bytes_format_ip(byte):
    return socket.inet_ntoa(byte)
def ip_format_bytes(ip):
    return socket.inet_aton(ip)
def hex_format_bytes(hex_value):
    return bytes.fromhex(hex_value.replace('0x',''))

with open(i_filepath,'rb') as f:
    for _, byteArray in tqdm(Reader(f)):
        flags = 0
        source_ip = bytes_format_ip(byteArray[26:30])
        des_ip = bytes_format_ip(byteArray[30:34])
        teid = byteArray[46:50]
        for i in data:
            if teid == hex_format_bytes(i["teid"][0]) and source_ip == i["source_ip"][0] and des_ip == i["dest_ip"][0]:
                new_source_ip = ip_format_bytes(i["source_ip"][-1])
                new_dest_ip = ip_format_bytes(i["dest_ip"][-1])
                new_teid = hex_format_bytes(i["teid"][-1])
                new_pkt = byteArray[0:26] + new_source_ip + new_dest_ip + byteArray[34:46] + new_teid + byteArray[50:]
                o_open_file.write(new_pkt)
                flags = 1
                break
        # Unqualified direct return
        if flags == 0:
            o_open_file.write(byteArray)

# if __name__ == '__main__':
#     update_ip_teid()