当前位置: 文江博客话题详情

如何使用Scapy替换PCAP文件中的IP地址

发布于 2025-02-07 06:21:58 字数 696 浏览 2 评论 0原文

我想用 scapy

PCAP文件(例如eth0.pcap)包含Wireshark的捕获。 我的消息不是代码,它显示了2个IP地址之间的数据流。我想用另外2个地址替换原始2个地址。

之前给出的示例

message1: 192.168.10.10-->192.168.20.20

message2: 192.168.20.20-->192.168.10.10

我想替换文件中的所有软件包:

  • 192.168.10.10(第一个软件包的源),带有8.8.8.8.8
  • 192.168.20.20.20 < /code>(第一个软件包的目的地)带有1.1.1.1

,以后有:

message1: 172.10.10.10-->172.10.20.20

message2: 172.10.20.20-->172.10.10.10

我该如何处理?

原文

I want to replace the IP addresses in a given PCAP file with Scapy.

The PCAP file (e.g. eth0.pcap) contains captures by Wireshark.
My message is not code, it shows the data flow between 2 IP addresses. I want to replace the original 2 addresses with another 2 addresses.

Example

Given before:

message1: 192.168.10.10-->192.168.20.20

message2: 192.168.20.20-->192.168.10.10

I want to replace for all packages within the file:

  • 192.168.10.10 (source of first package) with 8.8.8.8
  • and 192.168.20.20 (destination of first package) with 1.1.1.1

So that afterwards there are:

message1: 172.10.10.10-->172.10.20.20

message2: 172.10.20.20-->172.10.10.10

How can I do this with?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

折戟 2025-02-14 06:21:58

hc_dev的答案引导我实现了解决方案。
我试图理解它并使其在我的问题中起作用。

以下是我的代码:

from scapy.all import *
from scapy.utils import PcapWriter

packets = rdpcap('ftp.pcap')
new_cap = PcapWriter("ftp_new.pcap")
srcIp=packets[0][IP].src
dstIP=packets[0][IP].dst

#define new ip address I want use
ip1='8.8.8.8'
ip2='1.1.1.1'

#replace orinigal address
for p in packets:
    if(p[IP].src == srcIp):
        p[IP].src = ip1
    elif(p[IP].src == dstIP):
        p[IP].src = ip2
    if(p[IP].dst == srcIp):
        p[IP].dst = ip1
    elif(p[IP].dst == dstIP):
        p[IP].dst = ip2
    new_cap.write(p)

wrpcap("ftp_new.pcap", packets)

hc_dev's answer guided me towards the solution.
I tried to understand it and make it work in my issue.

Below is my code:

from scapy.all import *
from scapy.utils import PcapWriter

packets = rdpcap('ftp.pcap')
new_cap = PcapWriter("ftp_new.pcap")
srcIp=packets[0][IP].src
dstIP=packets[0][IP].dst

#define new ip address I want use
ip1='8.8.8.8'
ip2='1.1.1.1'

#replace orinigal address
for p in packets:
    if(p[IP].src == srcIp):
        p[IP].src = ip1
    elif(p[IP].src == dstIP):
        p[IP].src = ip2
    if(p[IP].dst == srcIp):
        p[IP].dst = ip1
    elif(p[IP].dst == dstIP):
        p[IP].dst = ip2
    new_cap.write(p)

wrpcap("ftp_new.pcap", packets)
回复 原文
握住我的手 2025-02-14 06:21:58

因此,您想修改数据包捕获输出,例如 pcap文件格式
libpcap 库使用此格式将捕获的数据包记录为文件。

Scapy可以读写PCAP文件,请参阅 for pcap for pcap

读,写,打印,替换

以替换本文件中的IP地址,您必须使用rdpcap()函数将其数据包读为对象模型。

然后,您可以打印每个数据包的IP地址(需要替换)。

或者,您也可以在内存中的对象模型中替换IP。
然后使用wrpcap()函数写入完整的模型。

打印IP地址的示例

我使用了示例PCAP文件 dhcp.pcap 来自

from scapy.all import *

# load the PCAP file using rdpcap
packets = rdpcap('dhcp.pcap')

# Let's iterate through every packet
for packet in packets:
    source_ip = packet.getlayer(IP).src
    destination_ip = packet.getlayer(IP).dst
    print(f"{source_ip} --> {destination_ip}")

# TODO: replace in model and write to PCAP file using wrpcap

另请参见

更新:

如何在您的情况下替换

精制 dractageldk的解决方案 有一些简化和调试的打印机:

  • 无需单独的导入(<代码) >全部
  • 无需写作),只需使用wrpcap编写读取模型,
  • 请使用字符串的replace> replace> replace function plot dique(tuple) )通过 undack-operator 传递给功能。 *作为前缀产生2个单独的参数( key value
  • 使用iter在dict的项目上处理所有替代品(此处2个条目),其中可以通过下一个项目函数
from scapy.all import *

# rdpcap loads in our pcap file
packets = rdpcap('dhcp.pcap')

# define search
first_src_ip = packets[0][IP].src
first_dst_ip = packets[0][IP].dst

# define new ip address to use as replacement
ip_replacement = {f"{first_src_ip}" : '8.8.8.8', f"{first_dst_ip}" : '1.1.1.1'}
print(f"replacement: {ip_replacement}")

# Let's iterate through every packet
for i, packet in enumerate(packets):
    source_ip = packet.getlayer(IP).src
    destination_ip = packet.getlayer(IP).dst
    print(f"[{i:3}] original: {source_ip} --> {destination_ip}")

    # replace in model
    replacement = iter(ip_replacement.items())
    source_ip = source_ip.replace(*next(replacement))
    destination_ip = destination_ip.replace(*next(replacement))
    print(f"[{i:3}] replaced: {source_ip} --> {destination_ip}")


wrpcap("dhcp_replaced.pcap", packets)

打印下一个项目:

replacement: {'0.0.0.0': '8.8.8.8', '255.255.255.255': '1.1.1.1'}
[  0] original: 0.0.0.0 --> 255.255.255.255
[  0] replaced: 8.8.8.8 --> 1.1.1.1
[  1] original: 192.168.0.1 --> 192.168.0.10
[  1] replaced: 192.168.0.1 --> 192.168.0.10
[  2] original: 0.0.0.0 --> 255.255.255.255
[  2] replaced: 8.8.8.8 --> 1.1.1.1
[  3] original: 192.168.0.1 --> 192.168.0.10
[  3] replaced: 192.168.0.1 --> 192.168.0.10

So you want to modify packet capture output, like in PCAP file format.
This format is used by libpcap library to record captured packets to a file.

Scapy can read and write PCAP files, see the Scapy docs for PCAP.

Read, write, print, replace

To replace the IP addresses within this file, you have to read its packets into an object-model using the rdpcap() function.

Then you can print the IP addresses for each packet (with desired replacement).

Or you can also replace the IP within the object-model in memory.
Then write the complete model back using the wrpcap() function.

Example to print IP addresses

I used the example PCAP file dhcp.pcap from PCAP to Mermaid parser on GitHub:

from scapy.all import *

# load the PCAP file using rdpcap
packets = rdpcap('dhcp.pcap')

# Let's iterate through every packet
for packet in packets:
    source_ip = packet.getlayer(IP).src
    destination_ip = packet.getlayer(IP).dst
    print(f"{source_ip} --> {destination_ip}")

# TODO: replace in model and write to PCAP file using wrpcap

See also

Update:

How to replace in your case

Refined talentldk's solution with some simplification and debug-prints:

  • no separate import needed (all imports all)
  • no writer needed, just use wrpcap to write the read model
  • use a replacement-dict with string's replace function where dict entry (a tuple) is passed to function using the unpack-operator * as prefix resulting in 2 separate arguments (key is replaced by value)
  • use iter over the dict's items to process all replacements (here 2 entries) where the next item can be drawn by next function
from scapy.all import *

# rdpcap loads in our pcap file
packets = rdpcap('dhcp.pcap')

# define search
first_src_ip = packets[0][IP].src
first_dst_ip = packets[0][IP].dst

# define new ip address to use as replacement
ip_replacement = {f"{first_src_ip}" : '8.8.8.8', f"{first_dst_ip}" : '1.1.1.1'}
print(f"replacement: {ip_replacement}")

# Let's iterate through every packet
for i, packet in enumerate(packets):
    source_ip = packet.getlayer(IP).src
    destination_ip = packet.getlayer(IP).dst
    print(f"[{i:3}] original: {source_ip} --> {destination_ip}")

    # replace in model
    replacement = iter(ip_replacement.items())
    source_ip = source_ip.replace(*next(replacement))
    destination_ip = destination_ip.replace(*next(replacement))
    print(f"[{i:3}] replaced: {source_ip} --> {destination_ip}")


wrpcap("dhcp_replaced.pcap", packets)

Prints:

replacement: {'0.0.0.0': '8.8.8.8', '255.255.255.255': '1.1.1.1'}
[  0] original: 0.0.0.0 --> 255.255.255.255
[  0] replaced: 8.8.8.8 --> 1.1.1.1
[  1] original: 192.168.0.1 --> 192.168.0.10
[  1] replaced: 192.168.0.1 --> 192.168.0.10
[  2] original: 0.0.0.0 --> 255.255.255.255
[  2] replaced: 8.8.8.8 --> 1.1.1.1
[  3] original: 192.168.0.1 --> 192.168.0.10
[  3] replaced: 192.168.0.1 --> 192.168.0.10
回复 原文
~没有更多了~

关于作者

可是我不能没有你

暂无简介

文章
评论
522 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

882123719

文章 0 评论 0

朦胧时间

文章 0 评论 0

alipaysp_DQOPIT9H5Y

文章 0 评论 0

眼藏柔

文章 0 评论 0

微信用户

文章 0 评论 0

寻梦旅人

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文