在 python 中发布 accessing/iterating 个复杂的字典对象
Issue accessing/iterating complex dictionary objects in python
因此,我想先说明一下我是 python 的新手...我正在尝试访问复杂对象中的值。在 for 循环中使用 for 循环时,我不断收到类似...
的错误
TypeError: object does not support assignment
或
AtributeError: 'str' object has no attribute 'syn'
...我认为这源于对第 1 connect(packet.s 节中的 scan.results 对象的赋值或 classes 的不正确构造。在方法 connect_scan_exist 的 #2 区域,我们可以看到访问 value.flags.XX 的问题。我认为这是由于我构建字典中使用的支持 class 对象的方式所致。
方法
# determine if a connect scan takes place
def connect_scan_exist(packets):
s = scan()
# 1. 抓取所有 TCP syn
for key, value in packets.items():
# add tcp packets with syn that are not already entered
if ( value.packet_type == 'TCP'
and value.source_ip
and value.destination_ip
and value.destination_port
and value.flags.syn
and value.flags.ack == False
and value.flags.rst == False
and value.flags.fin == False):
s.results[str(value.source_ip) + '|'+ str(value.destination_ip) + '|' + str(value.destination_port)] = connect(packet.source_ip, packet.destination_ip, packet.destination_port, True, packet.timestamp, None, None, None, None)
# 2. 遍历所有 TCP syn 寻找匹配 syn/ack
for skey, svalue in s.results.items():
for key, value in packets.items():
# print(len(value.flags))
if ( value.destination_ip == svalue.source_ip
and value.source_ip == svalue.destination_ip
and value.source_port == svalue.destination_port
# and value.scan_categories.is_null_scan ## <---this one works
and value.flags.syn
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_syn_time
and svalue.destination_synack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack_time = value.timestamp
# 3. 遍历所有 TCP syn 寻找匹配的 ack
for skey, svalue in s.results.items():
for key, value in packets.items():
if ( value.source_ip == svalue.source_ip
and value.destination_ip == svalue.destination_ip
and value.destination_port == svalue.destination_port
and value.flags.syn == False
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_synack_time
and svalue.source_ack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack_time = value.timestamp
# 4. remove all incomplete ? maybe
# 5. analysis
s.scanfound = (True if (len(s.results) > 10) else False)
s.description = 'Very primative observation. Found more than 10 entries starting with TCP Syn'
return s
类
# define connect scan class
class connect(object):
def __init__(self, src_ip=None, dst_ip=None, dst_port=None, src_syn=None, src_syn_time=None, dst_synack=None, dst_synack_time=None,
src_ack=None, src_ack_time=None):
self.source_ip = src_ip
self.destination_ip = dst_ip
self.destination_port = dst_port
self.source_syn = src_syn
self.source_syn_time = src_syn_time
self.destination_synack = dst_synack
self.destination_synack_time = dst_synack_time
self.source_ack = src_ack
self.source_ack_time = src_ack_time
# define half open scan class
class scan(object):
def __init__(self, scan=False, desc=None):
self.scanfound = scan
self.description = desc
self.results = dict()
# define generic packet class
class generic_packet(object):
def __init__(self, packet_type=None, time=None, src_mac=None, src=None, src_port=None, dst_mac=None, dst=None,
dst_port=None, seq=None, ack=None, flags=None, options=None, data=None):
self.packet_type = packet_type
self.timestamp = time
self.scan_categories = scan_type()
self.source_mac = src_mac
self.source_ip = src
self.source_port = src_port
self.destination_mac = dst_mac
self.destination_ip = dst
self.destination_port = dst_port
self.sequence = seq
self.acknowledge = ack
self.flags = flags # tcp_flags(flags)
self.options = options
self.data = data
当 运行 代码看起来 packets 的某些元素是 str,而不是 tcp_flags。
您可以跳过这些元素添加此行 186:
if not isinstance(value.flags, tcp_flags):
continue
或者由于数据包似乎包含 TCP 和 UDP,您可以在步骤 #2 和 #3 中检查 value.packet_type == 'TCP'。该程序在具有 generic_packet.flags = None 的 UDP 数据包上失败,因此该对象在范围内没有 syn、ack 等。
# determine if a connect scan takes place
def connect_scan_exist(packets):
s = scan()
# 1. grab all TCP syn
for key, value in packets.items():
# add tcp packets with syn that are not already entered
if ( value.packet_type == 'TCP'
and value.source_ip
and value.destination_ip
and value.destination_port
and value.flags.syn
and value.flags.ack == False
and value.flags.rst == False
and value.flags.fin == False):
s.results[str(value.source_ip) + '|'+ str(value.destination_ip) + '|' + str(value.destination_port)] = connect(packet.source_ip, packet.destination_ip, packet.destination_port, True, packet.timestamp, None, None, None, None)
# 2. iterate over all TCP syn looking for matching syn/ack
for skey, svalue in s.results.items():
for key, value in packets.items():
# print(len(value.flags))
if (value.packet_type == 'TCP'
and value.destination_ip == svalue.source_ip
and value.source_ip == svalue.destination_ip
and value.source_port == svalue.destination_port
# and value.scan_categories.is_null_scan ## <---this one works
and value.flags.syn
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_syn_time
and svalue.destination_synack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack_time = value.timestamp
# 3. iterate over all TCP syn looking for matching ack
for skey, svalue in s.results.items():
for key, value in packets.items():
if ( **value.packet_type == 'TCP'**
and value.source_ip == svalue.source_ip
and value.destination_ip == svalue.destination_ip
and value.destination_port == svalue.destination_port
and value.flags.syn == False
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_synack_time
and svalue.source_ack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack_time = value.timestamp
# 4. remove all incomplete ? maybe
# 5. analysis
s.scanfound = (True if (len(s.results) > 10) else False)
s.description = 'Very primative observation. Found more than 10 entries starting with TCP Syn'
return s
因此,我想先说明一下我是 python 的新手...我正在尝试访问复杂对象中的值。在 for 循环中使用 for 循环时,我不断收到类似...
的错误TypeError: object does not support assignment
或
AtributeError: 'str' object has no attribute 'syn'
...我认为这源于对第 1 connect(packet.s 节中的 scan.results 对象的赋值或 classes 的不正确构造。在方法 connect_scan_exist 的 #2 区域,我们可以看到访问 value.flags.XX 的问题。我认为这是由于我构建字典中使用的支持 class 对象的方式所致。
方法
# determine if a connect scan takes place
def connect_scan_exist(packets):
s = scan()
# 1. 抓取所有 TCP syn
for key, value in packets.items():
# add tcp packets with syn that are not already entered
if ( value.packet_type == 'TCP'
and value.source_ip
and value.destination_ip
and value.destination_port
and value.flags.syn
and value.flags.ack == False
and value.flags.rst == False
and value.flags.fin == False):
s.results[str(value.source_ip) + '|'+ str(value.destination_ip) + '|' + str(value.destination_port)] = connect(packet.source_ip, packet.destination_ip, packet.destination_port, True, packet.timestamp, None, None, None, None)
# 2. 遍历所有 TCP syn 寻找匹配 syn/ack
for skey, svalue in s.results.items():
for key, value in packets.items():
# print(len(value.flags))
if ( value.destination_ip == svalue.source_ip
and value.source_ip == svalue.destination_ip
and value.source_port == svalue.destination_port
# and value.scan_categories.is_null_scan ## <---this one works
and value.flags.syn
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_syn_time
and svalue.destination_synack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack_time = value.timestamp
# 3. 遍历所有 TCP syn 寻找匹配的 ack
for skey, svalue in s.results.items():
for key, value in packets.items():
if ( value.source_ip == svalue.source_ip
and value.destination_ip == svalue.destination_ip
and value.destination_port == svalue.destination_port
and value.flags.syn == False
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_synack_time
and svalue.source_ack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack_time = value.timestamp
# 4. remove all incomplete ? maybe
# 5. analysis
s.scanfound = (True if (len(s.results) > 10) else False)
s.description = 'Very primative observation. Found more than 10 entries starting with TCP Syn'
return s
类
# define connect scan class
class connect(object):
def __init__(self, src_ip=None, dst_ip=None, dst_port=None, src_syn=None, src_syn_time=None, dst_synack=None, dst_synack_time=None,
src_ack=None, src_ack_time=None):
self.source_ip = src_ip
self.destination_ip = dst_ip
self.destination_port = dst_port
self.source_syn = src_syn
self.source_syn_time = src_syn_time
self.destination_synack = dst_synack
self.destination_synack_time = dst_synack_time
self.source_ack = src_ack
self.source_ack_time = src_ack_time
# define half open scan class
class scan(object):
def __init__(self, scan=False, desc=None):
self.scanfound = scan
self.description = desc
self.results = dict()
# define generic packet class
class generic_packet(object):
def __init__(self, packet_type=None, time=None, src_mac=None, src=None, src_port=None, dst_mac=None, dst=None,
dst_port=None, seq=None, ack=None, flags=None, options=None, data=None):
self.packet_type = packet_type
self.timestamp = time
self.scan_categories = scan_type()
self.source_mac = src_mac
self.source_ip = src
self.source_port = src_port
self.destination_mac = dst_mac
self.destination_ip = dst
self.destination_port = dst_port
self.sequence = seq
self.acknowledge = ack
self.flags = flags # tcp_flags(flags)
self.options = options
self.data = data
当 运行 代码看起来 packets 的某些元素是 str,而不是 tcp_flags。
您可以跳过这些元素添加此行 186:
if not isinstance(value.flags, tcp_flags):
continue
或者由于数据包似乎包含 TCP 和 UDP,您可以在步骤 #2 和 #3 中检查 value.packet_type == 'TCP'。该程序在具有 generic_packet.flags = None 的 UDP 数据包上失败,因此该对象在范围内没有 syn、ack 等。
# determine if a connect scan takes place
def connect_scan_exist(packets):
s = scan()
# 1. grab all TCP syn
for key, value in packets.items():
# add tcp packets with syn that are not already entered
if ( value.packet_type == 'TCP'
and value.source_ip
and value.destination_ip
and value.destination_port
and value.flags.syn
and value.flags.ack == False
and value.flags.rst == False
and value.flags.fin == False):
s.results[str(value.source_ip) + '|'+ str(value.destination_ip) + '|' + str(value.destination_port)] = connect(packet.source_ip, packet.destination_ip, packet.destination_port, True, packet.timestamp, None, None, None, None)
# 2. iterate over all TCP syn looking for matching syn/ack
for skey, svalue in s.results.items():
for key, value in packets.items():
# print(len(value.flags))
if (value.packet_type == 'TCP'
and value.destination_ip == svalue.source_ip
and value.source_ip == svalue.destination_ip
and value.source_port == svalue.destination_port
# and value.scan_categories.is_null_scan ## <---this one works
and value.flags.syn
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_syn_time
and svalue.destination_synack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].destination_synack_time = value.timestamp
# 3. iterate over all TCP syn looking for matching ack
for skey, svalue in s.results.items():
for key, value in packets.items():
if ( **value.packet_type == 'TCP'**
and value.source_ip == svalue.source_ip
and value.destination_ip == svalue.destination_ip
and value.destination_port == svalue.destination_port
and value.flags.syn == False
and value.flags.ack
and value.flags.rst == False
and value.flags.fin == False
and value.timestamp > svalue.source_synack_time
and svalue.source_ack is None):
# update scan result with cooresponding syn/ack
s.results[str(value.source_ip) + '|' +
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack = True
s.results[str(value.source_ip) + '|'+
str(value.destination_ip) + '|' +
str(value.destination_port)].source_ack_time = value.timestamp
# 4. remove all incomplete ? maybe
# 5. analysis
s.scanfound = (True if (len(s.results) > 10) else False)
s.description = 'Very primative observation. Found more than 10 entries starting with TCP Syn'
return s