如题所述,分享一个使用python的scapy包来提取pcap文件中TCP包的标志位的代码。
from scapy.all import *
FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
URG = 0x20
ECE = 0x40
CWR = 0x80
caida = "/home/zongyi/traces/CAIDA.equinix-nyc.dirA.20180315-125910.UTC.anon.pcap"
limit = 5000
count = 0
def func(pkt):
global count, limit
srcip, dstip, proto, sport, dport = None, None, None, None, None
if pkt.haslayer(IP):
srcip = pkt[IP].src
dstip = pkt[IP].dst
proto = pkt[IP].proto
if pkt.haslayer(TCP):
sport = pkt[TCP].sport
dport = pkt[TCP].dport
if pkt[TCP].flags & FIN:
print count, "FIN flag is activated"
if pkt[TCP].flags & RST:
print count, "RST flag is activated"
if pkt[TCP].flags & SYN: