Fatal编程技术网
  • python/
  • python中的过滤协议

python中的过滤协议

python filter

python中的过滤协议,python,filter,protocols,wireshark,Python,Filter,Protocols,Wireshark,我正在尝试使用用户输入从给定pcap文件中过滤具有协议的特定数据包,然后将数据包移动到新的pcap文件中 到目前为止我制定的代码: # =================================================== # Imports # =================================================== from scapy.all import * from scapy.utils import PcapWriter """ y

我正在尝试使用用户输入从给定pcap文件中过滤具有协议的特定数据包,然后将数据包移动到新的pcap文件中

到目前为止我制定的代码:

# ===================================================
# Imports
# ===================================================


from scapy.all import *
from scapy.utils import PcapWriter
"""
your going to need to install the modules below
"""
from Tkinter import Tk
from tkFileDialog import askopenfilename

# ===================================================
# Constants
# ===================================================


#OS commands:
#~~~~~~~~~~~~~

if "linux2" in sys.platform:
    """
    linux based system clear command
    """
    CLEAR_COMMAND = "clear"
elif "win32" in sys.platform:
    """
    windows based system clear command
    """
    CLEAR_COMMAND = "cls"
elif "cygwin" in sys.platform:
    """
    crygwin based clear command
    """
    CLEAR_COMMAND = "printf \"\\033c\""
elif "darwin" in sys.platform:
    """
    mac OS X based clear command
    """
    CLEAR_COMMAND = "printf \'\\33c\\e[3J\'"

#Usage string:
#~~~~~~~~~~~~~~


FILE_STRING = "please choose a pcap file to use"
BROWSE_STRING = "press any key to browser files\n"
BAD_PATH_STRING = "bad file please try agien\n"
BAD_INPUT_STRING = "bad input please try agien\n"
PROTOCOL_STRING = "please enter the protocol you wish to filter\n"
NAME_STRING = "please enter the new pcap file name\n"



# ===================================================
# Code
# ===================================================


def filter_pcap():
    """
    filtering from the given pcap file a protocol the user chooce (from any layer in the OSI model)
    and than asks for a new pcap file name, than filters the given protocol to a new pcap file
    :param none
    :return nothing:
    """
    path = file_browse()
    i = 0
    filtertype = raw_input(PROTOCOL_STRING)
    name = raw_input(NAME_STRING)
    packs = rdpcap(path)
    for i in range(len(packs)):
        if filtertype in packs[i]:
           wrpcap(name +".pcap", packs[i])





def file_browse():


    """
    Purpose: It will allow the user to browse files on his computer
    than it will check if the path is ok and will return it

    :returns - the path to the chosen pcap file
    """
    path = "test"
    while ".pcap" not in path:
        print FILE_STRING
        raw_input(BROWSE_STRING)
        os.system(CLEAR_COMMAND)
        Tk().withdraw()
        path = askopenfilename()
        if ".pcap" not in path:
            print BAD_PATH_STRING
    return path

filter_pcap()
现在的问题是,我无法正确过滤数据包

代码需要过滤来自任何层和任何类型的协议

我已检查该线程:

但正如你所看到的,它没有得到回答,用户添加了我在编辑中遇到的问题,如果有人能帮助我,那就太好了

它应该如何工作的示例: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 假设我使用文件“sniff”作为我的第一个pcap文件,它有489个数据包,其中200个数据包是http数据包
    • 现在有了这张照片:

    please enter the protocol you wish to filter
'http'
    然后是印刷品:

    please enter the new pcap file name
'new'
    用户输入为“http”,现在程序将搜索在http协议上运行的每个数据包,并将创建一个名为“new.pcap”的新pcap文件

    文件“new.pcap”将包含200个http数据包

    现在,它应该与OSI模型上的任何协议一起工作,包括IP、TCP、以太网等协议(ascii模型中的所有协议)

    我发现wireshark命令行有选项-R,tshark有.protocols,但它实际上不起作用。。。有人能检查一下吗

    编辑:我找到了pyshark,但我不知道如何使用它来编写

    我不相信scapy有任何功能或方法可以像您所追求的那样支持应用层协议。但是,使用sport和dport作为过滤器就可以做到这一点(前提是您将看到/预期默认端口)

    试着这样做:

    def filter_pcap(filtertype = None):
    ..... snip .....
    # Static Dict of port to protocol values. Like so:
    protocols = {'http': 80, 'ssh': 22, 'telnet': 21} 

    # Check to see if it is in the list
    while filtertype not in protocols:
        filtertype = raw_input(PROTOCOL_STRING) 

    # Name for output file
    name = raw_input(NAME_STRING)

    # Read Input File
    packs = rdpcap(path)

    # Filters to only TCP packets
    for packet in packs[TCP]:

        # Filter only the proto (aka Port) that we want
        if protocols[filtertype] in packet.sport or protocols[filtertype] in packet.dport :

            # Write to file
            wrpcap(name +".pcap", packet)
    我不相信scapy有任何功能或方法可以像您所追求的那样支持应用层协议。但是,使用sport和dport作为过滤器就可以做到这一点(前提是您将看到/预期默认端口)

    试着这样做:

    def filter_pcap(filtertype = None):
    ..... snip .....
    # Static Dict of port to protocol values. Like so:
    protocols = {'http': 80, 'ssh': 22, 'telnet': 21} 

    # Check to see if it is in the list
    while filtertype not in protocols:
        filtertype = raw_input(PROTOCOL_STRING) 

    # Name for output file
    name = raw_input(NAME_STRING)

    # Read Input File
    packs = rdpcap(path)

    # Filters to only TCP packets
    for packet in packs[TCP]:

        # Filter only the proto (aka Port) that we want
        if protocols[filtertype] in packet.sport or protocols[filtertype] in packet.dport :

            # Write to file
            wrpcap(name +".pcap", packet)
    有没有什么有用的模块我可以用呢?你能提供一个输入和程序应该输出什么的例子吗。我很难理解你的要求。如果用户回答TCP,我希望原始pcap中包含TCP头的所有数据包都会输出到新pcap。是的,正确吗?是的,正确,我添加了一些说明,说明了如果它有帮助的话应该做什么。我添加了编辑器。没有任何有用的模块可以使用吗?你能提供一个输入示例和程序应该输出什么吗。我很难理解你的要求。如果用户回答TCP,我希望原始pcap中包含TCP头的所有数据包都会输出到新pcap。正确吗?是的,正确,我添加了一些说明,说明了如果它有助于我添加了editwait,那么对于像FTP这样有2个端口的协议,我可以做什么?顺便说一句,它不必是scapy,它也可以是另一个模,如果它支持pyshark呢?还是wireshark命令行?你能在pythonwait中使用lets say-R吗?那么对于像FTP这样有两个端口的协议,我能做些什么呢?顺便说一句,它不必是scapy,它也可以是另一个模,如果它支持pyshark呢?还是wireshark命令行?您能在python中使用let-say-R吗