如何使用 Wireshark scapy 打开 pcap 文件?
How to open a pcap file with Wireshark scapy?
我写了一个 python V3 脚本,可以嗅探 10 个包,写一个日志并在 Wireshark 中打开日志。但不知何故,它一直在 /tmp
中打开一个空日志
我的代码:
#!/usr/bin/env python3
import sys
from scapy.all import *
x = sniff(count=10)
wrpcap('log', x, append=False)
wireshark('log')
输出:
WARNING: No route found for IPv6 destination :: (no default route?). This affects only IPv6
WARNING: PcapWriter: unknown LL type for str. Using type 1 (Ethernet)
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
它应该打开日志而不是变量,但我不知道如何打开。
scapy 文档 (https://readthedocs.org/projects/scapy/downloads/pdf/latest/) 说:
With a filename (passed as a string), this loads the given file in Wireshark. This needs to be in a
format that Wireshark supports.
有谁知道如何在 Wireshark 中打开 pcap 日志?
我通过 CTRL + 单击 wireshark('log') 找到了 wireshark() 方法。
def wireshark(pktlist, *args):
"""Run wireshark on a list of packets"""
fname = get_temp_file()
wrpcap(fname, pktlist)
subprocess.Popen([conf.prog.wireshark, "-r", fname] + list(args))
它似乎总是创建一个临时文件,因为该方法需要接收变量列表,然后打开临时文件。
我可以通过在我的代码中直接使用 subprocess.Popen([conf.prog.wireshark, "-r", fname] + list(args) 而不是使用“wireshark('log')”来修复它。
工作代码:
#!/usr/bin/env python3
import sys
from scapy.all import *
x = sniff(count=10)
wrpcap('log', x, append=False)
subprocess.Popen([conf.prog.wireshark, "-r", 'log'])
我写了一个 python V3 脚本,可以嗅探 10 个包,写一个日志并在 Wireshark 中打开日志。但不知何故,它一直在 /tmp
中打开一个空日志我的代码:
#!/usr/bin/env python3
import sys
from scapy.all import *
x = sniff(count=10)
wrpcap('log', x, append=False)
wireshark('log')
输出:
WARNING: No route found for IPv6 destination :: (no default route?). This affects only IPv6
WARNING: PcapWriter: unknown LL type for str. Using type 1 (Ethernet)
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
ERROR: 'str' object has no attribute 'sent_time'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
它应该打开日志而不是变量,但我不知道如何打开。
scapy 文档 (https://readthedocs.org/projects/scapy/downloads/pdf/latest/) 说:
With a filename (passed as a string), this loads the given file in Wireshark. This needs to be in a format that Wireshark supports.
有谁知道如何在 Wireshark 中打开 pcap 日志?
我通过 CTRL + 单击 wireshark('log') 找到了 wireshark() 方法。
def wireshark(pktlist, *args):
"""Run wireshark on a list of packets"""
fname = get_temp_file()
wrpcap(fname, pktlist)
subprocess.Popen([conf.prog.wireshark, "-r", fname] + list(args))
它似乎总是创建一个临时文件,因为该方法需要接收变量列表,然后打开临时文件。
我可以通过在我的代码中直接使用 subprocess.Popen([conf.prog.wireshark, "-r", fname] + list(args) 而不是使用“wireshark('log')”来修复它。
工作代码:
#!/usr/bin/env python3
import sys
from scapy.all import *
x = sniff(count=10)
wrpcap('log', x, append=False)
subprocess.Popen([conf.prog.wireshark, "-r", 'log'])