Python 带状TZSP封装-实时流量_Python_Logging_Header_Scapy

Python 带状TZSP封装-实时流量

python logging

Python 带状TZSP封装-实时流量,python,logging,header,scapy,Python,Logging,Header,Scapy,我正在创建一个日志服务器，它将传入和传出连接（任何类型）写入TXT文件。一切正常，以下是我的代码： from scapy.all import * import datetime from threading import Thread from Queue import Queue, Empty from scapy.layers.dns import DNS, DNSQR firstime = 0 times = time.time()+86400 def print_summary(pkt

我正在创建一个日志服务器，它将传入和传出连接（任何类型）写入TXT文件。一切正常，以下是我的代码：

from scapy.all import *
import datetime
from threading import Thread
from Queue import Queue, Empty
from scapy.layers.dns import DNS, DNSQR
firstime = 0
times = time.time()+86400
def print_summary(pkt):
    global firstime
    global times
    if IP in pkt:
        ip_src=pkt[IP].src
        ip_dst=pkt[IP].dst
    else:
        ip_src="Null"
        ip_dst="Null"
        mac_src="Null"
        mac_dst="Null"    
    if TCP in pkt:
        tcp_sport=pkt[TCP].sport
        tcp_dport=pkt[TCP].dport
    else:
        tcp_sport="Null"
        tcp_dport="Null"
    if DNSQR in pkt:
        dns = pkt.qd.qname
    else:
        dns = "NULL"
    if Ether in pkt:
        mac_src = pkt[Ether].src
        mac_dst = pkt[Ether].dst
    else:
        mac_src = "Null"
        mac_dst = "Null"  
    Clog = " IP src: " + str(ip_src) +" ,MAC src: " + str(mac_src) + " , IP dst: " + str(ip_dst) +" ,MAC dst: "+str(mac_dst)+" ,TCP sport: " + str(tcp_sport) + ",TCP dport: " + str(tcp_dport) +", Time: " + str(time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(pkt.time))) + " Dns: "+dns
    if(times > pkt.time):
        if(firstime == 0):
            f = open("/root/Desktop/LOG-SERVER/"+time.strftime('%Y-%m-%d %H:%M:', time.localtime(time.time()))+".txt",'a')
            f.write(Clog+"\n")
            f.close()       
        else:
            f.write(Clog+"\n")
            f.close()   
    else:
        f = open("/root/Desktop/LOG-SERVER/"+time.strftime('%Y-%m-%d %H:%M:', time.localtime(time.time()))+".txt",'a')
        f.write(Clog+"\n")
        f.close()       
        times=times+86400
def startsnif():
    sniff(prn=print_summary, store=0)
    # you can filter with something like that
    #if ( ( pkt[IP].src == "192.168.0.1") or ( pkt[IP].dst == "192.168.0.1") ):
     #   print("!")
#def writing(log,indexp):
    #if(indexp == 0):
        #f = open("/root/Desktop/LOG-SERVER/"+time.strftime('%Y-%m-%d %H:%M:', time.localtime(time.time()))+".txt",'a')
        #f.write(log+"\n")
        #f.close()
    #else:
        #f.write(log+"\n")
        #f.close()

thread.start_new_thread(startsnif,());
while 1:
        pass
# or it possible to filter with filter parameter...!
#sniff(filter="ip and host 192.168.0.1",prn=print_summary)

输出为：

IP Src: 192.168.10.1 MAC Src: 54:55:12:FC:2D:CA IP Dst:192.168.10.15 MAC Src: 54:55:12:FC:1F:3A TCP sport: 80 TCP dport: 51233 Time:2015-12-16 13:25:11 DNS:Null(IF available DNS Name)

问题是，该公司通过一种称为TZSP Sniff的技术获得了mikrotics，mikrotics镜像流量，该技术将数据包封装为路由器的IP和目标PC的路由器IP的MAC，目标PC的MAC，我正在搜索，但找不到任何合适的解决方案，但我读到您需要删除数据包的前5个字节

有没有一种方法可以在不保存PCAP的情况下实时剥离TZSP封装，请您解释一下这个过程，因为我对这个东西不熟悉

如果你有任何问题，请问我，我不太擅长解释

谢谢大家!

在检查TZSP数据包头的二进制文件后，TZSP似乎在添加了自己的mac地址后删除了原始mac地址，因此项目结束。谢谢您的帮助