使用python数据包解析/嗅探工具Scapy,我想从原始字节串创建一个数据包。虽然我的具体用例的细节更加真实,但以下示例说明了我的问题以及我目前的尝试:
# Get an example packet (we won't really have an offline file in production.)
pkt = sniff(offline="./example_packets/example_packets2.pcap")
# Convert it to raw bytes -- oddly __str__ does this.
raw_packet = str(pkt)
# Current, broken, attempt to construct a new packet from the same bytes as the old.
# In truth, there are easier ways to copy packets from existing Scapy packets, but
# we are really just using that offline packet as a convenient example.
new_packet = Packet(_pkt=raw_packet)
# Sadly, while this packet has the bytes internally, it no longer has the
# interpretations of the layers like the original packet did (such as saying that
# the packet is ARP and has these field values, etc.
print repr(new_packet)
如何从原始字节生成new_packet,看起来与从pcap文件中嗅探的相同?
答案 0 :(得分:12)
Scapy无法猜测数据包的第一层,因此您需要指定它。
您可以使用适当的Packet子类来完成此操作。例如,假设您的数据包的第一层是以太网,请使用Ether(raw_packet)代替Packet(raw_packet)。