python pcapy,使用pcapy impacket的python中的数据包嗅探器

我遇到了类似的问题.我猜没有文档时,最好的文档是源代码！使用python,我们很幸运大部分时间都有源代码.无论如何,我建议您查看ImpactDecoder.py和ImpactPacket.py.第一个方面提供了有关如何解码数据包的一些见解,第二个方面提供了有关实际数据包的类及其方法的信息.例如,ImpactPacket.py和PacketBuffer类具有您可能正在寻找的以下方法：

def set_bytes_from_string(self, data):

"Sets the value of the packet buffer from the string 'data'"

self.__bytes = array.array('B', data)

def get_buffer_as_string(self):

"Returns the packet buffer as a string object"

return self.__bytes.tostring()

def get_bytes(self):

"Returns the packet buffer as an array"

return self.__bytes

def set_bytes(self, bytes):

"Set the packet buffer from an array"

# Make a copy to be safe

self.__bytes = array.array('B', bytes.tolist())

def set_byte(self, index, value):

"Set byte at 'index' to 'value'"

index = self.__validate_index(index, 1)

self.__bytes[index] = value

def get_byte(self, index):

"Return byte at 'index'"

index = self.__validate_index(index, 1)

return self.__bytes[index]

def set_word(self, index, value, order = '!'):

"Set 2-byte word at 'index' to 'value'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 2)

ary = array.array("B", struct.pack(order + 'H', value))

if -2 == index:

self.__bytes[index:] = ary

else:

self.__bytes[index:index+2] = ary

def get_word(self, index, order = '!'):

"Return 2-byte word at 'index'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 2)

if -2 == index:

bytes = self.__bytes[index:]

else:

bytes = self.__bytes[index:index+2]

(value,) = struct.unpack(order + 'H', bytes.tostring())

return value

def set_long(self, index, value, order = '!'):

"Set 4-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 4)

ary = array.array("B", struct.pack(order + 'L', value))

if -4 == index:

self.__bytes[index:] = ary

else:

self.__bytes[index:index+4] = ary

def get_long(self, index, order = '!'):

"Return 4-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 4)

if -4 == index:

bytes = self.__bytes[index:]

else:

bytes = self.__bytes[index:index+4]

(value,) = struct.unpack(order + 'L', bytes.tostring())

return value

def set_long_long(self, index, value, order = '!'):

"Set 8-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 8)

ary = array.array("B", struct.pack(order + 'Q', value))

if -8 == index:

self.__bytes[index:] = ary

else:

self.__bytes[index:index+8] = ary

def get_long_long(self, index, order = '!'):

"Return 8-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'."

index = self.__validate_index(index, 8)

if -8 == index:

bytes = self.__bytes[index:]

else:

bytes = self.__bytes[index:index+8]

(value,) = struct.unpack(order + 'Q', bytes.tostring())

return value

def get_ip_address(self, index):

"Return 4-byte value at 'index' as an IP string"

index = self.__validate_index(index, 4)

if -4 == index:

bytes = self.__bytes[index:]

else:

bytes = self.__bytes[index:index+4]

return socket.inet_ntoa(bytes.tostring())

def set_ip_address(self, index, ip_string):

"Set 4-byte value at 'index' from 'ip_string'"

index = self.__validate_index(index, 4)

raw = socket.inet_aton(ip_string)

(b1,b2,b3,b4) = struct.unpack("BBBB", raw)

self.set_byte(index, b1)

self.set_byte(index + 1, b2)

self.set_byte(index + 2, b3)

self.set_byte(index + 3, b4)

ImpactPacket.py中另一个超级有用的类是ProtocolLayer,它为我们提供了以下方法：

def child(self):

"Return the child of this protocol layer"

return self.__child

def parent(self):

"Return the parent of this protocol layer"

return self.__parent

因此,基本上impacket使用matreshka doll方法,您可以使用子方法和父方法转到要使用的任何层,并可以在任何层上使用PacketBuffer类的任何方法.太酷了吧？此外,特定的层(或数据包)具有其特定的方法,但是如果要查找有关它们的更多信息,则必须挖掘ImpactPacket.py和ImpactDecoder.py.

祝你好运,队友们欢呼！