pkts=sniff(offline="/home/jaghanata/Desktop/amostra.pcap", filter='tcp')
如何过滤TCP SYN?
答案 0 :(得分:4)
#include "stdafx.h"
#include <iostream>
#include <string>
using namespace std;
#define STACK_CAPACITY 1000
char arr[STACK_CAPACITY];
int index = 0;
class Stack
{
public:
Stack(); // constructor for a stack
void push(char c); // adds c to the top of the stack
char pop(); // removes top element
char top(); // returns the top element
bool isEmpty(); // returns true iff the stack is empty
bool isFull(); // returns true iff the stack is full
~Stack(); // destructor for a stack
};
Stack::Stack() { }
void Stack::push(char c) {
if (!isFull()) {
arr[index] = c;
index++;
}
else {
cout << "Index has exceeded." << "\n";
}
}
char Stack::pop() {
char removed;
if (!isEmpty()) {
index--;
removed = arr[index];
}
else {
cout << "Stack can go down any further." << "\n";
}
return removed;
}
char Stack::top() {
return arr[index];
}
bool Stack::isEmpty() {
bool all_empty;
if (index == -1) {
all_empty = true;
}
else {
all_empty = false;
}
return all_empty;
}
bool Stack::isFull() {
bool all_full;
if (index == 1000) {
all_full = true;
}
else {
all_full = false;
}
return all_full;
}
Stack::~Stack() { }
int main()
{
string inp;
Stack instance;
cout << "Please enter a string: ";
while(getline(cin,inp)) {
if (inp == "^D") {
break;
}
for (int i = 0; i < (int)inp.length(); i++) {
//cout << inp[i] << "\n";
arr[i] = inp[i];
instance.push(arr[i]);
cout << instance.pop();
}
cout << "\n";
//for (int j = inp.length() - 1; j >= 0; j--) {
// cout << inp[j];
//}
//cout << "\n";
cout << "Please enter a string: ";
}
return 0;
}
过滤器已满Berkeley Packet Filters,因此您可以执行以下操作:
scapy或者,更有可能的是,你想要这个:
pkts = sniff(offline="amostra.pcap", filter='tcp and tcp.flags.syn==1')
因为通常所谓的 SYN数据包是从连接方首先进行的。返回的数据包也设置了SYN标志,但它们被称为 SYN / ACK数据包,并设置了SYN和ACK标志。