scapy函数介绍

1、读取报文

>>> packets = rdpcap("d.pcap")

2、对于给定的报文,返回一个scapy命令,用于生成该报文

>>> packets[0].command()
"Ether(dst='00:16:3e:33:02:64', src='00:16:3e:5c:f2:a3', type=2048)/IP(version=4, ihl=5, tos=0, len=40, id=1, flags=0, frag=0, ttl=64, proto=6, chksum=13080, src='192.168.5.59', dst='181.42.204.169')/TCP(sport=9468, dport=445, seq=1417283690, ack=483066995, dataofs=5, reserved=0, flags=2, window=8192, chksum=41807, urgptr=0)"

 

3、查看原始数据

>>> raw(packets[0]) 
b'\x00\x16>3\x02d\x00\x16>\\\xf2\xa3\x08\x00E\x00\x00(\x00\x01\x00\x00@\x063\x18\xc0\xa8\x05;\xb5*\xcc\xa9$\xfc\x01\xbdTz\x08j\x1c\xcb\x04sP\x02 \x00\xa3O\x00\x00'

4、16进制数据格式化展示

>>> hexdump(packets[0])
0000  00 16 3E 33 02 64 00 16 3E 5C F2 A3 08 00 45 00  ..>3.d..>\....E.
0010  00 28 00 01 00 00 40 06 33 18 C0 A8 05 3B B5 2A  .(....@.3....;.*
0020  CC A9 24 FC 01 BD 54 7A 08 6A 1C CB 04 73 50 02  ..$...Tz.j...sP.
0030  20 00 A3 4F 00 00

5、展示各层的各字段数据,不便于阅读

>>> ls(packets[0])
dst        : DestMACField                        = '00:16:3e:33:02:64' ('None')
src        : SourceMACField                      = '00:16:3e:5c:f2:a3' ('None')
type       : XShortEnumField                     = 2048            ('36864')
--
version    : BitField  (4 bits)                  = 4               ('4')
ihl        : BitField  (4 bits)                  = 5               ('None')
tos        : XByteField                          = 0               ('0')
len        : ShortField                          = 40              ('None')
id         : ShortField                          = 1               ('1')
flags      : FlagsField                          = <Flag 0 ()>     ('<Flag 0 ()>')
frag       : BitField  (13 bits)                 = 0               ('0')
ttl        : ByteField                           = 64              ('64')
proto      : ByteEnumField                       = 6               ('0')
chksum     : XShortField                         = 13080           ('None')
src        : SourceIPField                       = '192.168.5.59'  ('None')
dst        : DestIPField                         = '181.42.204.169' ('None')
options    : PacketListField                     = []              ('[]')
--
sport      : ShortEnumField                      = 9468            ('20')
dport      : ShortEnumField                      = 445             ('80')
seq        : IntField                            = 1417283690      ('0')
ack        : IntField                            = 483066995       ('0')
dataofs    : BitField  (4 bits)                  = 5               ('None')
reserved   : BitField  (3 bits)                  = 0               ('0')
flags      : FlagsField                          = <Flag 2 (S)>    ('<Flag 2 (S)>')
window     : ShortField                          = 8192            ('8192')
chksum     : XShortField                         = 41807           ('None')
urgptr     : ShortField                          = 0               ('0')
options    : TCPOptionsField                     = []              ("b''")

6、展示概要信息

>>> packets[0].summary()
'Ether / IP / TCP 192.168.5.59:9468 > 181.42.204.169:microsoft_ds S'

7、展示各层的各字段数据,便于阅读

>>> packets[0].show()
###[ Ethernet ]###
  dst       = 00:16:3e:33:02:64
  src       = 00:16:3e:5c:f2:a3
  type      = IPv4
###[ IP ]###
     version   = 4
     ihl       = 5
     tos       = 0x0
     len       = 40
     id        = 1
     flags     =
     frag      = 0
     ttl       = 64
     proto     = tcp
     chksum    = 0x3318
     src       = 192.168.5.59
     dst       = 181.42.204.169
     \options   \
###[ TCP ]###
        sport     = 9468
        dport     = microsoft_ds
        seq       = 1417283690
        ack       = 483066995
        dataofs   = 5
        reserved  = 0
        flags     = S
        window    = 8192
        chksum    = 0xa34f
        urgptr    = 0
        options   = ''

 

posted @ 2023-04-21 10:36  超级宝宝11  阅读(241)  评论(0编辑  收藏  举报