python中的过滤协议
我正在尝试使用用户输入从给定pcap文件中过滤具有协议的特定数据包,然后将数据包移动到新的pcap文件中 到目前为止我制定的代码:python中的过滤协议,python,filter,protocols,wireshark,Python,Filter,Protocols,Wireshark,我正在尝试使用用户输入从给定pcap文件中过滤具有协议的特定数据包,然后将数据包移动到新的pcap文件中 到目前为止我制定的代码: # =================================================== # Imports # =================================================== from scapy.all import * from scapy.utils import PcapWriter """ y
# ===================================================
# Imports
# ===================================================
from scapy.all import *
from scapy.utils import PcapWriter
"""
your going to need to install the modules below
"""
from Tkinter import Tk
from tkFileDialog import askopenfilename
# ===================================================
# Constants
# ===================================================
#OS commands:
#~~~~~~~~~~~~~
if "linux2" in sys.platform:
"""
linux based system clear command
"""
CLEAR_COMMAND = "clear"
elif "win32" in sys.platform:
"""
windows based system clear command
"""
CLEAR_COMMAND = "cls"
elif "cygwin" in sys.platform:
"""
crygwin based clear command
"""
CLEAR_COMMAND = "printf \"\\033c\""
elif "darwin" in sys.platform:
"""
mac OS X based clear command
"""
CLEAR_COMMAND = "printf \'\\33c\\e[3J\'"
#Usage string:
#~~~~~~~~~~~~~~
FILE_STRING = "please choose a pcap file to use"
BROWSE_STRING = "press any key to browser files\n"
BAD_PATH_STRING = "bad file please try agien\n"
BAD_INPUT_STRING = "bad input please try agien\n"
PROTOCOL_STRING = "please enter the protocol you wish to filter\n"
NAME_STRING = "please enter the new pcap file name\n"
# ===================================================
# Code
# ===================================================
def filter_pcap():
"""
filtering from the given pcap file a protocol the user chooce (from any layer in the OSI model)
and than asks for a new pcap file name, than filters the given protocol to a new pcap file
:param none
:return nothing:
"""
path = file_browse()
i = 0
filtertype = raw_input(PROTOCOL_STRING)
name = raw_input(NAME_STRING)
packs = rdpcap(path)
for i in range(len(packs)):
if filtertype in packs[i]:
wrpcap(name +".pcap", packs[i])
def file_browse():
"""
Purpose: It will allow the user to browse files on his computer
than it will check if the path is ok and will return it
:returns - the path to the chosen pcap file
"""
path = "test"
while ".pcap" not in path:
print FILE_STRING
raw_input(BROWSE_STRING)
os.system(CLEAR_COMMAND)
Tk().withdraw()
path = askopenfilename()
if ".pcap" not in path:
print BAD_PATH_STRING
return path
filter_pcap()
现在的问题是,我无法正确过滤数据包
代码需要过滤来自任何层和任何类型的协议
我已检查该线程:
但正如你所看到的,它没有得到回答,用户添加了我在编辑中遇到的问题,如果有人能帮助我,那就太好了
它应该如何工作的示例:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
please enter the protocol you wish to filter
'http'
然后是印刷品:
please enter the new pcap file name
'new'
用户输入为“http”,现在程序将搜索在http协议上运行的每个数据包,并将创建一个名为“new.pcap”的新pcap文件
文件“new.pcap”将包含200个http数据包
现在,它应该与OSI模型上的任何协议一起工作,包括IP、TCP、以太网等协议(ascii模型中的所有协议)
我发现wireshark命令行有选项-R,tshark有.protocols,但它实际上不起作用。。。有人能检查一下吗
编辑:我找到了pyshark,但我不知道如何使用它来编写我不相信scapy有任何功能或方法可以像您所追求的那样支持应用层协议。但是,使用sport和dport作为过滤器就可以做到这一点(前提是您将看到/预期默认端口) 试着这样做:
def filter_pcap(filtertype = None):
..... snip .....
# Static Dict of port to protocol values. Like so:
protocols = {'http': 80, 'ssh': 22, 'telnet': 21}
# Check to see if it is in the list
while filtertype not in protocols:
filtertype = raw_input(PROTOCOL_STRING)
# Name for output file
name = raw_input(NAME_STRING)
# Read Input File
packs = rdpcap(path)
# Filters to only TCP packets
for packet in packs[TCP]:
# Filter only the proto (aka Port) that we want
if protocols[filtertype] in packet.sport or protocols[filtertype] in packet.dport :
# Write to file
wrpcap(name +".pcap", packet)
我不相信scapy有任何功能或方法可以像您所追求的那样支持应用层协议。但是,使用sport和dport作为过滤器就可以做到这一点(前提是您将看到/预期默认端口) 试着这样做:
def filter_pcap(filtertype = None):
..... snip .....
# Static Dict of port to protocol values. Like so:
protocols = {'http': 80, 'ssh': 22, 'telnet': 21}
# Check to see if it is in the list
while filtertype not in protocols:
filtertype = raw_input(PROTOCOL_STRING)
# Name for output file
name = raw_input(NAME_STRING)
# Read Input File
packs = rdpcap(path)
# Filters to only TCP packets
for packet in packs[TCP]:
# Filter only the proto (aka Port) that we want
if protocols[filtertype] in packet.sport or protocols[filtertype] in packet.dport :
# Write to file
wrpcap(name +".pcap", packet)
有没有什么有用的模块我可以用呢?你能提供一个输入和程序应该输出什么的例子吗。我很难理解你的要求。如果用户回答TCP,我希望原始pcap中包含TCP头的所有数据包都会输出到新pcap。是的,正确吗?是的,正确,我添加了一些说明,说明了如果它有帮助的话应该做什么。我添加了编辑器。没有任何有用的模块可以使用吗?你能提供一个输入示例和程序应该输出什么吗。我很难理解你的要求。如果用户回答TCP,我希望原始pcap中包含TCP头的所有数据包都会输出到新pcap。正确吗?是的,正确,我添加了一些说明,说明了如果它有助于我添加了editwait,那么对于像FTP这样有2个端口的协议,我可以做什么?顺便说一句,它不必是scapy,它也可以是另一个模,如果它支持pyshark呢?还是wireshark命令行?你能在pythonwait中使用lets say-R吗?那么对于像FTP这样有两个端口的协议,我能做些什么呢?顺便说一句,它不必是scapy,它也可以是另一个模,如果它支持pyshark呢?还是wireshark命令行?您能在python中使用let-say-R吗