Scapy:将s的输出保存到磁盘

2024-04-25 22:36:02 发布

您现在位置:Python中文网/ 问答频道 /正文
4104 3

Scapy中,我想将sr的输出保存到磁盘上,以便以后分析。在

ans, unans = sr(somePackets)

虽然unans对scapy的内置函数wrpcap没有问题,但我似乎无法将ans保存到磁盘。在

^{pr2}$

实际上,它是由sr添加到我最感兴趣的每个包的属性time。在

所以我试着用泡菜,但结果更糟:

>>> pickle.dump(ans, open(locationOnDisk, "w+"))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/pickle.py", line 1370, in dump
    Pickler(file, protocol).dump(obj)
  File "/usr/lib/python2.7/pickle.py", line 224, in dump
    self.save(obj)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 725, in save_inst
    save(stuff)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 649, in save_dict
    self._batch_setitems(obj.iteritems())
  File "/usr/lib/python2.7/pickle.py", line 663, in _batch_setitems
    save(v)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 600, in save_list
    self._batch_appends(iter(obj))
  File "/usr/lib/python2.7/pickle.py", line 615, in _batch_appends
    save(x)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 562, in save_tuple
    save(element)
  File "/usr/lib/python2.7/pickle.py", line 331, in save
    self.save_reduce(obj=obj, *rv)
  File "/usr/lib/python2.7/pickle.py", line 419, in save_reduce
    save(state)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 649, in save_dict
    self._batch_setitems(obj.iteritems())
  File "/usr/lib/python2.7/pickle.py", line 663, in _batch_setitems
    save(v)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 649, in save_dict
    self._batch_setitems(obj.iteritems())
  File "/usr/lib/python2.7/pickle.py", line 663, in _batch_setitems
    save(v)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 725, in save_inst
    save(stuff)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 649, in save_dict
    self._batch_setitems(obj.iteritems())
  File "/usr/lib/python2.7/pickle.py", line 663, in _batch_setitems
    save(v)
  File "/usr/lib/python2.7/pickle.py", line 286, in save
    f(self, obj) # Call unbound method with explicit self
  File "/usr/lib/python2.7/pickle.py", line 748, in save_global
    (obj, module, name))
pickle.PicklingError: Can't pickle <function <lambda> at 0x976c224>: it's not found as scapy.layers.inet.<lambda>

有办法绕过这个吗?在


Tags: inpyselfobjsavelibusrwith
1条回答
网友
1楼 · 发布于 2024-04-25 22:36:02
[13:44:49][root@box:~]$ scapy    
Welcome to Scapy (2.1.0)
>>> sr
<function sr at 0x8cc3614>
>>> ans, unans = sr(IP(dst="www.slashdot.org")/ICMP()/"XXXXXXXXXXX")
Begin emission:
.Finished to send 1 packets.
.*
Received 3 packets, got 1 answers, remaining 0 packets

>>> ans
<Results: TCP:0 UDP:0 ICMP:1 Other:0>
>>> type(ans)
<type 'instance'>
>>> dir(ans)
['__add__', '__doc__', '__getattr__', '__getitem__', '__getslice__', '__init__', '__module__', '__repr__', '_dump_document', '_elt2pkt', '_elt2show', '_elt2sum', 'afterglow', 'conversations', 'diffplot', 'display', 'filter', 'hexdump', 'hexraw', 'listname', 'make_lined_table', 'make_table', 'make_tex_table', 'multiplot', 'nsummary', 'nzpadding', 'padding', 'pdfdump', 'plot', 'psdump', 'rawhexdump', 'replace', 'res', 'sessions', 'show', 'sr', 'stats', 'summary', 'timeskew_graph']

我们知道什么?我们现在知道ans绝对不是包的列表,而是提供元组语义的其他实例对象(__getitem__,等等),因此scapy将拒绝将其转储到捕获文件:

^{pr2}$

正如我在上面的评论中所说,提示在错误消息中。ans不是你想象的那样

>>> type(ans[0])
<type 'tuple'>
>>> len(ans[0])
2
>>> ans[0]
(<IP  frag=0 proto=icmp dst=216.34.181.48 |<ICMP  |<Raw  load='XXXXXXXXXXX' |>>>, <IP  version=4L ihl=5L tos=0x0 len=39 id=51902 flags=DF frag=0L ttl=235 proto=icmp chksum=0xbe0 src=216.34.181.48 dst=10.227.33.1 options=[] |<ICMP  type=echo-reply code=0 chksum=0xee45 id=0x0 seq=0x0 |<Raw  load='XXXXXXXXXXX' |<Padding  load='\x00\x00\x00\x00\x00\x00\x00' |>>>>)
>>> ans[0][0]
<IP  frag=0 proto=icmp dst=216.34.181.48 |<ICMP  |<Raw  load='XXXXXXXXXXX' |>>>
>>> ans[0][1]
<IP  version=4L ihl=5L tos=0x0 len=39 id=51902 flags=DF frag=0L ttl=235 proto=icmp chksum=0xbe0 src=216.34.181.48 dst=10.227.33.1 options=[] |<ICMP  type=echo-reply code=0 chksum=0xee45 id=0x0 seq=0x0 |<Raw  load='XXXXXXXXXXX' |<Padding  load='\x00\x00\x00\x00\x00\x00\x00' |>>>>

我们现在知道什么?ans的每个元素都是一个双元组:

  • 元组的第一个元素是发送的包。在
  • 所接收到的第二元组是所接收到的第二元组元素

因此,假设您在输出中需要两种类型的数据包:

>>> all_packets = [elem[0] for elem in ans] + [elem[1] for elem in ans]
>>> import operator
>>> all_packets.sort(key=operator.attrgetter("time"))
>>> wrpcap("test.cap", all_packets)
/usr/local/lib/python2.7/site-packages/scapy/utils.py:665: DeprecationWarning: 'I' format requires 0 <= number <= 4294967295
  self.f.write(struct.pack(self.endian+"IIII", sec, usec, caplen, wirelen))
>>> exit()

[14:03:09][root@box:~]$ ls -ltra | tail -1
-rw-r r   1 root root       141 2013-02-13 14:02 test.cap

我已经确认该文件在Wireshark中正确打开,所以您应该可以继续使用;我建议进一步测试以确保。然而,结论是:ans并不是你想象的那样。在

相关问题 更多 >

    编程相关推荐