为了实现流量的特征提取
我使用scapy实现抓包数据的读取
from scapy.all import rdpcap
a = rdpcap('target.pcap')
print(a[3])
但是print的数据却很不人性化如下:
b'\x00\x0c)\n\xf1\r\x00PV\xc0\x00\x08\x08\x00E\x00\x00\xa2Z\t@\x00@\x06\xb8z\xc0\xa8S\x01\xc0\xa8S\x80,]#\x8cH_\xc5\xa4L\xed0=P\x18\x01\x00\xff\x8b\x00\x00POST /getname HTTP/1.1\r\nHOST: 192.168.83.128:9100\r\ncontent-type: application/json\r\ncontent-length: 17\r\n\r\n{"name":"kslaaa"}'
这哪是人看的
所以需要加上一个参数
mysummary,如下
from scapy.all import rdpcap
a = rdpcap('target.pcap')
print(a[3].mysummary)
print出来就是
<bound method Ether.mysummary of <Ether dst=00:0c:29:0a:f1:0d src=00:50:56:c0:00:08 type=0x800 |<IP version=4 ihl=5 tos=0x0 len=162 id=23049 flags=DF frag=0 ttl=64 proto=tcp chksum=0xb87a src=192.168.83.1 dst=192.168.83.128 |<TCP sport=11357 dport=9100 seq=1214236068 ack=1290612797 dataofs=5 reserved=0 flags=PA window=256 chksum=0xff8b urgptr=0 |<Raw load='POST /getname HTTP/1.1\r\nHOST: 192.168.83.128:9100\r\ncontent-type: application/json\r\ncontent-length: 17\r\n\r\n{"name":"kslaaa"}' |>>>>>