如何从txt文件中提取数据包?
How can I extract packets from txt file?
我有一个 trace.txt 文件,它由数据包组成,我想从中提取每个数据包。
文件如下:
IP (tos 0x0, ttl 64, id 42387, offset 0, flags [none], proto UDP (17), length 364)
10.30.23.135.17500 > 255.255.255.255.17500: UDP, length 336
IP (tos 0x0, ttl 64, id 35677, offset 0, flags [none], proto UDP (17), length 364)
10.30.23.135.17500 > 10.30.31.255.17500: UDP, length 336
IP (tos 0x0, ttl 128, id 28996, offset 0, flags [none], proto UDP (17), length 78)
10.30.12.151.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 128, id 10723, offset 0, flags [none], proto UDP (17), length 78)
10.30.11.184.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 1, id 16034, offset 0, flags [none], proto UDP (17), length 50)
10.30.17.171.53709 > 224.0.0.252.5355: UDP, length 22
IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 44)
10.30.12.163.50558 > 10.30.15.255.8612: UDP, length 16
IP (tos 0x0, ttl 1, id 17167, offset 0, flags [none], proto UDP (17), length 44)
10.30.12.163.50183 > 224.0.0.1.8612: UDP, length 16
.
.
.
如何将它们分类为 SYN 或 ACK 数据包?以及如何判断一个数据包是否属于网站的IP地址?
简而言之,你需要
- 打开文件
- 将文本拆分成数据包
- 检查python的
in
包中是否有想要的字符串。
在此示例中,我们将搜索字符串 SYN、ACK 和 google IP。
import re
def get_packets(filename):
with open(filename) as f:
text = f.read()
# Based on the sample file, packet continuations are over multiple lines
# So split packets based on starting with a newline and then non-space char
text_packets = re.findall(r'\n\S[\s\S]*(?=\n\S)', text)
print("Packets found are", text_packets)
def find_info(text_packets):
# Keep track of the ith packet to print that number
ith = 1
# Let's use one of google's IP for the example
google_ip = "172.217.1.142"
for tp in text_packets:
if "SYN" in tp:
print(ith, "packet contains SYN")
if "ACK" in tp:
print(ith, "packet contains ACK")
if google_ip in tp:
print("Traffic to google found")
ith += 1
def main():
text_packets = get_packets("temp")
find_info(text_packets)
我有一个 trace.txt 文件,它由数据包组成,我想从中提取每个数据包。 文件如下:
IP (tos 0x0, ttl 64, id 42387, offset 0, flags [none], proto UDP (17), length 364)
10.30.23.135.17500 > 255.255.255.255.17500: UDP, length 336
IP (tos 0x0, ttl 64, id 35677, offset 0, flags [none], proto UDP (17), length 364)
10.30.23.135.17500 > 10.30.31.255.17500: UDP, length 336
IP (tos 0x0, ttl 128, id 28996, offset 0, flags [none], proto UDP (17), length 78)
10.30.12.151.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 128, id 10723, offset 0, flags [none], proto UDP (17), length 78)
10.30.11.184.137 > 10.30.15.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
IP (tos 0x0, ttl 1, id 16034, offset 0, flags [none], proto UDP (17), length 50)
10.30.17.171.53709 > 224.0.0.252.5355: UDP, length 22
IP (tos 0x0, ttl 64, id 60954, offset 0, flags [none], proto UDP (17), length 44)
10.30.12.163.50558 > 10.30.15.255.8612: UDP, length 16
IP (tos 0x0, ttl 1, id 17167, offset 0, flags [none], proto UDP (17), length 44)
10.30.12.163.50183 > 224.0.0.1.8612: UDP, length 16
.
.
.
如何将它们分类为 SYN 或 ACK 数据包?以及如何判断一个数据包是否属于网站的IP地址?
简而言之,你需要
- 打开文件
- 将文本拆分成数据包
- 检查python的
in
包中是否有想要的字符串。
在此示例中,我们将搜索字符串 SYN、ACK 和 google IP。
import re
def get_packets(filename):
with open(filename) as f:
text = f.read()
# Based on the sample file, packet continuations are over multiple lines
# So split packets based on starting with a newline and then non-space char
text_packets = re.findall(r'\n\S[\s\S]*(?=\n\S)', text)
print("Packets found are", text_packets)
def find_info(text_packets):
# Keep track of the ith packet to print that number
ith = 1
# Let's use one of google's IP for the example
google_ip = "172.217.1.142"
for tp in text_packets:
if "SYN" in tp:
print(ith, "packet contains SYN")
if "ACK" in tp:
print(ith, "packet contains ACK")
if google_ip in tp:
print("Traffic to google found")
ith += 1
def main():
text_packets = get_packets("temp")
find_info(text_packets)