Python-scapy数据包大小差异
我正在发送和接收带有模块scapy的数据包Python-scapy数据包大小差异,python,size,packet,scapy,packet-sniffers,Python,Size,Packet,Scapy,Packet Sniffers,我正在发送和接收带有模块scapy的数据包 a = sr(IP(src="192.168.1.100",dst="8.8.4.4")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,qd=DNSQR(qname="google.com",qtype="ALL",qclass="IN"),ar=DNSRROPT(rclass=3000)),timeout=1) 如果我显示命令和响应的数据包大小: #command size print len(a[0][0][0
a = sr(IP(src="192.168.1.100",dst="8.8.4.4")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,qd=DNSQR(qname="google.com",qtype="ALL",qclass="IN"),ar=DNSRROPT(rclass=3000)),timeout=1)
如果我显示命令和响应的数据包大小:
#command size
print len(a[0][0][0])
>67
#response size
print len(a[0][0][1])
>496
但如果我用Wireshark捕获数据包,它会显示数据包长度:
command: 83 bytes
response: 512 bytes
所以我们知道在Wireshark中,命令和响应的额外大小为16字节
83-67 =16
512-496 =16
我想知道(只是为了教育目的)Wireshark额外捕获的16字节是多少?有人对网络有很深的“诀窍”,可以告诉我发生了什么
编辑:
a[0]的输出。摘要()
:
a[0][0][0]的输出。show()
:
a[0]的输出。show()
:
###[IP]###
版本=4L
ihl=5L
tos=0x0
len=**496**
id=41777
标志=
frag=0升
ttl=56
proto=udp
chksum=0xfb3
src=8.8.4.4
dst=192.168.1.100
\选择权\
###[UDP]###
运动=领域
dport=41454
len=476
chksum=0x2fef
###[域名系统]###
id=0
qr=1L
操作码=查询
aa=0升
tc=0升
rd=1L
ra=1L
z=0升
ad=0升
cd=0升
rcode=ok
qdcount=1
安count=19
nscount=0
arcount=1
\量子点\
|###[域名系统问题记录]###
|qname='google.com'
|qtype=ALL
|qclass=IN
\一个\
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.102'
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.113'
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.139'
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.100'
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.138'
|###[DNS资源记录]###
|rrname='google.com'
|类型=A
|rclass=IN
|ttl=299
|rdlen=4
|rdata='74.125.68.101'
|###[DNS资源记录]###
|rrname='google.com'
|类型=AAAA
|rclass=IN
|ttl=299
|rdlen=16
|rdata='2404:6800:4003:c02::65'
|###[DNS资源记录]###
|rrname='google.com'
|类型=NS
|rclass=IN
|ttl=21599
|rdlen=16
|rdata='ns2.google.com'
|###[DNS资源记录]###
|rrname='google.com'
|类型=MX
|rclass=IN
|ttl=599
|rdlen=17
|rdata='\x00\x14\x04alt1\x05aspmx\x01l\xc0\x0c'
|###[DNS资源记录]###
|rrname='google.com'
|类型=SOA
|rclass=IN
|ttl=59
|rdlen=34
|rdata='\xc0\xa4\tdns admin\xc0\x0c\x07\xbe\xf2\xb0\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00
当您使用数据包的.len
属性时,在您的情况下,该属性恰好是IP
层的len
字段的值。它不包含以太层(14字节)
您应该使用len()
(就像您在示例中所做的那样)来获取数据包长度。此外,还应指定第2层(因此,使用srp()
而不是sr()
):
你应该发布a[0].summary()
的输出,让人们了解这里发生了什么。我编辑了这篇文章。是的,这是一个很好的答案!但是仍然缺少2个字节。。Ether()
下是否有一个层占用这两个字节?不,我不这么认为。您可以使用tshark-tpdml
来准确理解Wireshark看到的内容。
IP / UDP / DNS Qry "google.com" ==> IP / UDP / DNS Ans "74.125.68.102"
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = **67**
id = 1
flags =
frag = 0
ttl = 64
proto = udp
chksum = None
src = 192.168.1.100
dst = 8.8.4.4
\options \
###[ UDP ]###
sport = 41454
dport = domain
len = None
chksum = None
###[ DNS ]###
id = 0
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 1
\qd \
|###[ DNS Question Record ]###
| qname = 'google.com'
| qtype = ALL
| qclass = IN
an = None
ns = None
\ar \
|###[ DNS OPT Resource Record ]###
| rrname = '.'
| type = OPT
| rclass = 3000
| extrcode = 0
| version = 0
| z = D0
| rdlen = None
| \rdata \
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = **496**
id = 41777
flags =
frag = 0L
ttl = 56
proto = udp
chksum = 0xfb3
src = 8.8.4.4
dst = 192.168.1.100
\options \
###[ UDP ]###
sport = domain
dport = 41454
len = 476
chksum = 0x2fef
###[ DNS ]###
id = 0
qr = 1L
opcode = QUERY
aa = 0L
tc = 0L
rd = 1L
ra = 1L
z = 0L
ad = 0L
cd = 0L
rcode = ok
qdcount = 1
ancount = 19
nscount = 0
arcount = 1
\qd \
|###[ DNS Question Record ]###
| qname = 'google.com.'
| qtype = ALL
| qclass = IN
\an \
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.102'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.113'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.139'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.100'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.138'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.101'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = AAAA
| rclass = IN
| ttl = 299
| rdlen = 16
| rdata = '2404:6800:4003:c02::65'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns2.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 17
| rdata = '\x00\x14\x04alt1\x05aspmx\x01l\xc0\x0c'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = SOA
| rclass = IN
| ttl = 59
| rdlen = 34
| rdata = '\xc0\xa4\tdns-admin\xc0\x0c\x07\xbe\xf2\xb0\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00<'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x00(\x04alt3\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 4
| rdata = '\x00\n\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = 257
| rclass = IN
| ttl = 21599
| rdlen = 19
| rdata = '\x00\x05issuesymantec.com'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns3.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x00\x1e\x04alt2\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns1.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x002\x04alt4\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = TXT
| rclass = IN
| ttl = 3599
| rdlen = 36
| rdata = 'v=spf1 include:_spf.google.com ~all'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns4.google.com.'
ns = None
\ar \
|###[ DNS OPT Resource Record ]###
| rrname = '.'
| type = OPT
| rclass = 512
| extrcode = 0
| version = 0
| z = D0
| rdlen = 0
| \rdata \
a = srp(Ether() / IP(src="192.168.1.100",dst="8.8.4.4") /
UDP(sport=RandShort(),dport=53) /
DNS(rd=1,qd=DNSQR(qname="google.com",qtype="ALL",qclass="IN"),
ar=DNSRROPT(rclass=3000)),
timeout=1)
print len(a[0][0][0]), len(a[0][0][1])