1. 安装好scapy库
2. 使用scapy库抓包
pkts = sniff(iface="eth0",count=3) 简单的抓取数据包
wrpcap("demo.pcap", pkts) 保存为demo.pcap
3. 解析包
参考:https://github.com/HatBoy/Pcap-Analyzer
先贴结果:
其中的配置文件即为此类,将数值转为对应协议或常用端口对应的功能(在上面的github里可以下载)
0:HOPOPT
1:ICMP
2:IGMP
3:GGP
4:IP
5:ST
7:CBT
8:EGP
9:IGP
10:BBN-RCC-MON
11:NVP-II
12:PUP
13:ARGUS
14:EMCON
15:XNET
16:CHAOS
18:MUX
19:DCN-MEAS
20:HMP
21:PRM
22:XNS-IDP
23:TRUNK-1
24:TRUNK-2
25:LEAF-1
完整代码
#coding:UTF-8
from scapy.all import *
import time
class PcapDecode:
def __init__(self):
# ETHER:读取以太网层协议配置文件
with open('./protocol/ETHER', 'r', encoding='UTF-8') as f:
ethers = f.readlines()
self.ETHER_DICT = dict()
for ether in ethers:
ether = ether.strip().strip('\n').strip('\r').strip('\r\n')
self.ETHER_DICT[int(ether.split(':')[0])] = ether.split(':')[1] # 将配置文件中的信息(0257:Experimental)存入dict
# IP:读取IP层协议配置文件
with open('./protocol/IP', 'r', encoding='UTF-8') as f:
ips = f.readlines()
self.IP_DICT = dict()
for ip in ips:
ip = ip.strip().strip('\n').strip('\r').strip('\r\n')
self.IP_DICT[int(ip.split(':')[0])] = ip.split(':')[1] # 将配置文件中的信息(41:IPv6)存入dic
# PORT:读取应用层协议端口配置文件
with open('./protocol/PORT', 'r', encoding='UTF-8') as f:
ports = f.readlines()
self.PORT_DICT = dict()
for port in ports:
port = port.strip().strip('\n').strip('\r').strip('\r\n')
self.PORT_DICT[int(port.split(':')[0])] = port.split(':'