用scapy中的函数解码Python更新列表值
我在使用scapy中的一个函数用scapy中的函数解码Python更新列表值,python,scapy,rtp,Python,Scapy,Rtp,我在使用scapy中的一个函数 RTP(pl[0]['UDP'].有效负载)。时间戳 这是可行的,在本例中,返回2983999523 我想将此值设置为0 RTP(pl[0]['UDP'].payload)。时间戳=0 这不管用。。。我假设这与我如何使用函数设置列表值有关?这可能吗 有什么想法吗?RTP()是一个函数,它可能返回一个具有参数时间戳的类。理论上,这应该可以改变该参数: foo = RTP(pl[0]['UDP'].payload) foo.timesamp > 298
RTP(pl[0]['UDP'].有效负载)。时间戳
这是可行的,在本例中,返回2983999523
我想将此值设置为0
RTP(pl[0]['UDP'].payload)。时间戳=0
这不管用。。。我假设这与我如何使用函数设置列表值有关?这可能吗
有什么想法吗?RTP()
是一个函数,它可能返回一个具有参数时间戳的类。理论上,这应该可以改变该参数:
foo = RTP(pl[0]['UDP'].payload)
foo.timesamp
> 2983999523
foo.timestamp = 0
foo.timesamp
> 0
我不知道这在这种情况下是否有用,因为我不知道您试图用timestamp=0
做什么,但也许您可以根据自己的目的调整它
编辑-要扩展该功能,请执行以下操作:
def RTP2(obj):
result = RPT(obj)
result.timestamp = 0
return result
我真的不明白scapython库是如何处理层的
发布我的操作RTP标题的完整代码,因为它需要大量的尝试和错误以及非常小的信息来排序。。。这是一个黑客,但它的工作,可能会帮助别人
### Python 2.7 Script by Neil Bernard neil@themoog.org
## This script is for editing RTP header information in PCAP files to manipulate RTP timestamp and SSRC
## for testing hardware transport stream devices and testing SMPTE 2022-2 handling
## There is some error checking for scapy network layers but try to keep capture as clean as possible
## also try to keep captures under 260Mb for performance, can take a good 20mins on an intel i7 / 16GB ram
#### Basic Scapy Tutorial
# *https://www.youtube.com/watch?v=ADDYo6CgeQY
#### Scapy cheat sheet
# https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf
#### Scapy RTP Library https://fossies.org/linux/scapy/scapy/layers/rtp.py
# import scapy
from scapy.all import rdpcap
from scapy.all import wrpcap
from scapy.all import RTP
from scapy.all import *
infile = "test_rtp.pcap"
outfile = "modified_" + infile
dest_port = 2000 # usefull to make sure you only action packets that are RTP
# load packet capture
print "Loading Packet Capture Keep <200Mb - Might take a few mins....."
pl = rdpcap(infile)
print "Loading complete!"
# print number of packets
print(len(pl))
# # print rtp timestamp
# print(RTP(pl[0][UDP].payload).timestamp)
numberofpckts = len(pl)
print numberofpckts
for pkt in range(numberofpckts):
# You cant use the [RTP] layer on a list index so you have to put it in a
# variable first. Also need to make sure its a UDP packet with .haslayer(UDP):
# https://stackoverflow.com/questions/48763072/scapy-getting-trailer-field-in-the-dissector
if pl[pkt].haslayer(UDP):
packet = pl[pkt][UDP]
else:
print "Probably Not a UDP / RTP Packet# {0}".format(pkt)
# You need to do the line below to force RTP detection and manipulation
# https://stackoverflow.com/questions/44724186/decode-rtp-over-udp-with-scapy
if pl[pkt].haslayer(UDP):
if packet["UDP"].dport==2000: # Make sure its actually RTP
packet["UDP"].payload = RTP(packet["Raw"].load)
#### un-commment and change lines below to manipulate headers
# packet[RTP].version = 0
# packet[RTP].padding = 0
# packet[RTP].extension = 0
# packet[RTP].numsync = 0
# packet[RTP].marker = 0
# packet[RTP].payload_type = 0
# packet[RTP].sequence = 0
# packet[RTP].timestamp = 0
packet[RTP].sourcesync = 0
# packet[RTP].sync = 0
### Calculate UDP Checksum or they will now be wrong!
#https://scapy.readthedocs.io/en/latest/functions.html
checksum_scapy_original = packet[UDP].chksum
# set up and calculate some stuff
packet[UDP].chksum = None ## Need to set chksum to None before starting recalc
packetchk = IP(raw(packet)) # Build packet (automatically done when sending)
checksum_scapy = packet[UDP].chksum
packet_raw = raw(packetchk)
udp_raw = packet_raw[20:]
# in4_chksum is used to automatically build a pseudo-header
chksum = in4_chksum(socket.IPPROTO_UDP, packetchk[IP], udp_raw) # For more infos, call "help(in4_chksum)"
# Set the new checksum in the packet
packet[UDP].chksum = checksum_scapy # <<<< Make sure you use the variable in checksum_scapy
# needed below to test layers before printing newts/newsourcesync etc to console
if pl[pkt].haslayer(UDP):
newts = RTP(pl[pkt][UDP].payload).timestamp
newsourcesync = RTP(pl[pkt][UDP].payload).sourcesync
else:
newts = 999
newsourcesync = 999
print("Changing packet {0} of {3} to new timestamp {1} SSRC {2} Old UDP chksum {4} >> New UDP chksum ???").format(pkt+1,newts,newsourcesync,numberofpckts,hex(checksum_scapy_original))
else:
print "Probably Not a UDP / RTP Packet# {0}".format(pkt)
# Write out new capture file
wrpcap(outfile, pl)
尼尔·伯纳德的Python 2.7脚本neil@themoog.org
##此脚本用于编辑PCAP文件中的RTP头信息,以操作RTP时间戳和SSRC
##用于测试硬件传输流设备和测试SMPTE 2022-2处理
##对scapy网络层进行一些错误检查,但请尽可能保持捕获干净
##另外,为了提高性能,请尽量将捕获保持在260Mb以下,在intel i7/16GB ram上可能需要20分钟
####基本Scapy教程
# *https://www.youtube.com/watch?v=ADDYo6CgeQY
####Scapy备忘单
# https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf
####scapyrtp库https://fossies.org/linux/scapy/scapy/layers/rtp.py
#进口服装
从scapy.all导入rdpcap
从scapy.all导入wrpcap
从scapy.all导入RTP
从斯卡皮来的,都是进口货*
infle=“test\u rtp.pcap”
outfile=“修改的”+填充
dest_port=2000#用于确保只使用RTP操作数据包
#负载包捕获
打印“加载数据包捕获保持>新建UDP chksum?”)。格式(pkt+1、newts、newsourcesync、numberofpckts、十六进制(校验和(原始))
其他:
打印“可能不是UDP/RTP数据包#{0}”。格式(pkt)
#写出新的捕获文件
wrpcap(输出文件,pl)
谢谢你,伙计。。。我是超级分层的,所以我想我需要再考虑一下。。。。但基本上我试图替换函数返回到RTP数据包中的值。。。我想我需要扩展这个函数?啊,我明白了。我用函数的扩展更新了答案。谢谢,我不确定我是否完全理解。。。。。但是我要玩一玩。RTP2(pl[0]['UDP'].payload)
只返回与'RTP(pl[0]['UDP'].payload)相同的对象,但时间戳设置为0