首页 / 问题 / 正文

Scapy show2() 数据包问题

3 投票
1 回答
3428 浏览
提问于 2025-04-16 20:39

我正在尝试创建一些scapy层,并希望它们能够动态调整大小。我使用了以下代码:

class Foo(Packet):
name = "Testpacket"
fields_desc = [
         ByteField("length", None),
         ByteField("byte2", None),
         ByteField("byte3", None),
         ByteField("byte4", None),
         ByteField("byte5", None),
         ByteField("byte6", None),
         ByteField("byte7", None),
         ByteField("byte8", None),
         ByteField("byte9", None),
         ByteField("byte10", None),
         ByteField("byte11", None) 
         ]     

def post_build(self, p, pay): 
    if self.length is None: 
        if self.byte11 is not None: 
            x = 0xa 
        elif self.byte10 is not None: 
            x = 0x9 
        elif self.byte9 is not None: 
            x = 0x8 
        elif self.byte8 is not None: 
            x = 0x7 
        elif self.byte7 is not None: 
            x = 0x6 
        elif self.byte6 is not None: 
            x = 0x5 
        elif self.byte5 is not None: 
            x = 0x4 
        elif self.byte4 is not None: 
            x = 0x3 
        elif self.byte3 is not None: 
            x = 0x2 
        elif self.byte2 is not None: 
            x = 0x1 
            print "byte2 is set, x is %s"%(x,)
        else: 
            x = 0x0 
    p = p[:0] + struct.pack(">b", x)
    p += pay
    return p

当我在scapy解释器中执行以下操作时:>>> aa=Foo(); aa.byte2=0x14; aa.show2();我得到了:

>>> aa=Foo(); aa.byte2=0x14; aa.show2(); aa.show();
###[ Testpacket ]###
  length= 1
  byte2= None
  byte3= None
  byte4= None
  byte5= None
  byte6= None
  byte7= None
  byte8= None
  byte9= None
  byte10= None
  byte11= None
###[ Testpacket ]###
  length= None
  byte2= 20
  byte3= None
  byte4= None
  byte5= None
  byte6= None
  byte7= None
  byte8= None
  byte9= None
  byte10= None
  byte11= None

根据我的理解,show2()应该计算数据包的长度等等。在我的情况下,这应该同时设置长度和byte2。不幸的是,情况并非如此。你们觉得我哪里做错了吗?我已经搜索这个问题好几个小时了,现在真的没有头绪了 :-S 任何建议都非常欢迎。

祝好

scapy 动态调整 数据包长度 数据包分析 网络层 show2函数

1 个回答

2

马丁,你的理解有点错误…… .show2() 是在组装完成后计算数据包的。而 .show() 并不负责计算长度…… 比如说,关于IP协议……

>>> from scapy.all import IP
>>> bar = IP(dst='4.2.2.2')/"Yo mama is ugly.  So ugly.  Aaahhhhhh my eyes"

.show2() 的结果……

>>> bar.show2()
###[ IP ]###
  version   = 4L
  ihl       = 5L
  tos       = 0x0
  len       = 65
  id        = 1
  flags     =
  frag      = 0L
  ttl       = 64
  proto     = ip
  chksum    = 0x6b45
  src       = 10.109.61.6
  dst       = 4.2.2.2
  \options   \
###[ Raw ]###
     load      = 'Yo mama is ugly.  So ugly.  Aaahhhhhh my eyes'
>>>

.show() 的结果…… 注意到 ihllenchksum 都是 None……

>>> bar.show()
###[ IP ]###
  version   = 4
  ihl       = None  <-------
  tos       = 0x0
  len       = None  <-------
  id        = 1
  flags     =
  frag      = 0
  ttl       = 64
  proto     = ip
  chksum    = None  <-------
  src       = 10.109.61.6
  dst       = 4.2.2.2
  \options   \
###[ Raw ]###
     load      = 'Yo mama is ugly.  So ugly.  Aaahhhhhh my eyes'
>>>
回答于 2025-04-16 由 Python大师
分享 举报

撰写回答