尝试 scapy。它是一个非常强大的程序,用于数据包检查、操作和创建。
您可以使用它构建您自己的工具。
Try scapy. It is a very powerful program for packet inspection, manipulation and creation.
You can use it to build your own tools.
我尝试过,然后尝试了 pcapy。我选择 pcapy 是因为我的使用类似于我在谷歌上找到的示例。
http://snipplr.com/view/3579/live-packet-capture -in-python-with-pcapy/ (或参见下面复制的相同代码)
import pcapy from impacket.ImpactDecoder import * # list all the network devices pcapy.findalldevs() max_bytes = 1024 promiscuous = False read_timeout = 100 # in milliseconds pc = pcapy.open_live("name of network device to capture from", max_bytes, promiscuous, read_timeout) pc.setfilter('tcp') # callback for received packets def recv_pkts(hdr, data): packet = EthDecoder().decode(data) print packet packet_limit = -1 # infinite pc.loop(packet_limit, recv_pkts) # capture packets
I tried that and then tried pcapy. I choose pcapy because my use was similar to an example which I found googling.
http://snipplr.com/view/3579/live-packet-capture-in-python-with-pcapy/ (or see the same code copied below)
我推荐你使用Pyshark。这是 tshark 的包装。它还支持所有 tshark 过滤器、解码器库……并且易于使用!这是一个很棒的包,用于解析 .pcap 文件和实时捕获
https://pypi.python.org/pypi/ pyshark
示例代码(来自链接):
import pyshark cap = pyshark.FileCapture('/root/log.cap') cap >>> <FileCapture /root/log.cap> print cap[0] Packet (Length: 698) Layer ETH: Destination: BLANKED Source: BLANKED Type: IP (0x0800) Layer IP: Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 684s Identification: 0x254f (9551) Flags: 0x00 Fragment offset: 0 Time to live: 1 Protocol: UDP (17) Header checksum: 0xe148 [correct] Source: BLANKED Destination: BLANKED ... dir(cap[0]) ['__class__', '__contains__', '__delattr__', '__dict__', '__dir__', '__doc__', '__format__', '__getattr__', '__getattribute__', '__getitem__', '__getstate__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setstate__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_packet_string', 'bssgp', 'captured_length', 'eth', 'frame_info', 'gprs-ns', 'highest_layer', 'interface_captured', 'ip', 'layers', 'length', 'number', 'pretty_print', 'sniff_time', 'sniff_timestamp', 'transport_layer', 'udp'] cap[0].layers [<ETH Layer>, <IP Layer>, <UDP Layer>, <GPRS-NS Layer>, <BSSGP Layer>] ....
I recommend you to use Pyshark. this is wrapper for tshark. it also support all of tshark filter, decoder lib, ... and easy to use!This is a great package for parsing .pcap file and also livecapturing
https://pypi.python.org/pypi/pyshark
sample code (from the link):
也可以使用pycapfile。链接到pip:https://pypi.python.org/pypi/pypcapfile< /a>
pycapfile
pip
pycapfile can be also used. Link to pip: https://pypi.python.org/pypi/pypcapfile
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
暂无简介
文章 0 评论 0
接受
发布评论
评论(4)
尝试 scapy。它是一个非常强大的程序,用于数据包检查、操作和创建。
您可以使用它构建您自己的工具。
Try scapy. It is a very powerful program for packet inspection, manipulation and creation.
You can use it to build your own tools.
我尝试过,然后尝试了 pcapy。我选择 pcapy 是因为我的使用类似于我在谷歌上找到的示例。
http://snipplr.com/view/3579/live-packet-capture -in-python-with-pcapy/ (或参见下面复制的相同代码)
I tried that and then tried pcapy. I choose pcapy because my use was similar to an example which I found googling.
http://snipplr.com/view/3579/live-packet-capture-in-python-with-pcapy/ (or see the same code copied below)
我推荐你使用Pyshark。这是 tshark 的包装。它还支持所有 tshark 过滤器、解码器库……并且易于使用!
这是一个很棒的包,用于解析 .pcap 文件和实时捕获
https://pypi.python.org/pypi/ pyshark
示例代码(来自链接):
I recommend you to use Pyshark. this is wrapper for tshark. it also support all of tshark filter, decoder lib, ... and easy to use!
This is a great package for parsing .pcap file and also livecapturing
https://pypi.python.org/pypi/pyshark
sample code (from the link):
也可以使用
pycapfile。链接到pip:https://pypi.python.org/pypi/pypcapfile< /a>pycapfilecan be also used. Link topip: https://pypi.python.org/pypi/pypcapfile