Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.8k views
in Technique[技术] by (71.8m points)

struct - Converting a sniffed scapy packet to bytes

When sniffing packets with scapy I can save them to a variable

sniffed = sniff(count=1)

Now I would like to see what's inside the packet by doing

print sniffed

or

print str(sniffed)

but all this gives me is something like the following:

??????0?    E4h@@??????????? l??

which isn't quite what I need. So how can I convert a sniffed packet into human readable Binary, or an array of Bytes or something more useful so that I can see what's inside? I have already tried using struct.unpack(format, packet) with formats like "!B", but that does not seem to be the right solution, because the packet can be longer than one Byte or a Short or an Int.


Example for what I'm trying

>>> packet = sniff(count=1)[0]
>>> hexdump(packet)
0000   00 50 56 8E 00 0D 14 CC  20 16 E7 59 08 00 45 00   .PV..... ..Y..E.
0010   00 34 6B AB 40 00 40 06  C6 48 AC 11 8A E2 68 10   .4k.@[email protected].
0020   69 CC B5 47 00 50 E9 85  17 B0 BA EF 29 B2 80 10   i..G.P......)...
0030   01 DD 8D 58 00 00 01 01  08 0A 00 0E A2 C0 03 5D   ...X...........]
0040   9D 1C 
>>> packetByteArray = bytearray(repr(str(packet)))
>>> hex(packetByteArray[0])
'0x27'
>>>

But in the hexdump I can see that the first Byte is actually 0x00 and not 0x27

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You are probably searching for scapy Hexdump(pkt) or hexraw(pkt) or repr(str(pkt)) for string encoded output. Note that sniff returns a list, not a single pkt.

If you want to access serialized packet bytes one by one just serialize the layers str(pkt) to get a python (char/byte)-string.

for b in str(pkt):
    print "char: %s ord/value: %d hex: %x"%(b,ord(b),ord(b))

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...