1、读取报文
>>> packets = rdpcap("d.pcap")
2、查看原始数据
>>> raw(packets[0]) b'\x00\x16>3\x02d\x00\x16>\\\xf2\xa3\x08\x00E\x00\x00(\x00\x01\x00\x00@\x063\x18\xc0\xa8\x05;\xb5*\xcc\xa9$\xfc\x01\xbdTz\x08j\x1c\xcb\x04sP\x02 \x00\xa3O\x00\x00'
3、16进制数据格式化展示
>>> hexdump(packets[0]) 0000 00 16 3E 33 02 64 00 16 3E 5C F2 A3 08 00 45 00 ..>3.d..>\....E. 0010 00 28 00 01 00 00 40 06 33 18 C0 A8 05 3B B5 2A .([email protected]....;.* 0020 CC A9 24 FC 01 BD 54 7A 08 6A 1C CB 04 73 50 02 ..$...Tz.j...sP. 0030 20 00 A3 4F 00 00
4、展示各层的各字段数据,不便于阅读
>>> ls(packets[0]) dst : DestMACField = '00:16:3e:33:02:64' ('None') src : SourceMACField = '00:16:3e:5c:f2:a3' ('None') type : XShortEnumField = 2048 ('36864') -- version : BitField (4 bits) = 4 ('4') ihl : BitField (4 bits) = 5 ('None') tos : XByteField = 0 ('0') len : ShortField = 40 ('None') id : ShortField = 1 ('1') flags : FlagsField = <Flag 0 ()> ('<Flag 0 ()>') frag : BitField (13 bits) = 0 ('0') ttl : ByteField = 64 ('64') proto : ByteEnumField = 6 ('0') chksum : XShortField = 13080 ('None') src : SourceIPField = '192.168.5.59' ('None') dst : DestIPField = '181.42.204.169' ('None') options : PacketListField = [] ('[]') -- sport : ShortEnumField = 9468 ('20') dport : ShortEnumField = 445 ('80') seq : IntField = 1417283690 ('0') ack : IntField = 483066995 ('0') dataofs : BitField (4 bits) = 5 ('None') reserved : BitField (3 bits) = 0 ('0') flags : FlagsField = <Flag 2 (S)> ('<Flag 2 (S)>') window : ShortField = 8192 ('8192') chksum : XShortField = 41807 ('None') urgptr : ShortField = 0 ('0') options : TCPOptionsField = [] ("b''")
5、展示概要信息
>>> packets[0].summary() 'Ether / IP / TCP 192.168.5.59:9468 > 181.42.204.169:microsoft_ds S'
6、展示各层的各字段数据,便于阅读
>>> packets[0].show() ###[ Ethernet ]### dst = 00:16:3e:33:02:64 src = 00:16:3e:5c:f2:a3 type = IPv4 ###[ IP ]### version = 4 ihl = 5 tos = 0x0 len = 40 id = 1 flags = frag = 0 ttl = 64 proto = tcp chksum = 0x3318 src = 192.168.5.59 dst = 181.42.204.169 \options \ ###[ TCP ]### sport = 9468 dport = microsoft_ds seq = 1417283690 ack = 483066995 dataofs = 5 reserved = 0 flags = S window = 8192 chksum = 0xa34f urgptr = 0 options = ''
7、对于给定的报文,返回一个scapy命令,用于生成该报文
>>> packets[0].command() "Ether(dst='00:16:3e:33:02:64', src='00:16:3e:5c:f2:a3', type=2048)/IP(version=4, ihl=5, tos=0, len=40, id=1, flags=0, frag=0, ttl=64, proto=6, chksum=13080, src='192.168.5.59', dst='181.42.204.169')/TCP(sport=9468, dport=445, seq=1417283690, ack=483066995, dataofs=5, reserved=0, flags=2, window=8192, chksum=41807, urgptr=0)"
标签:None,函数,16,scapy,packets,00,介绍,64,x00 From: https://www.cnblogs.com/superbaby11/p/17339498.html