如何使用 Scapy (pcapwriter) 在 FIFO 中写入 Pcap 数据包
How to write Pcap packets in FIFO using Scapy (pcapwriter)
我是法国人,如果我的英语不完美,请见谅!
在开始之前,如果你想尝试我的代码,你可以在这里下载一个 pcap 示例文件:https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap
我成功打开 pcap 文件,读取数据包并将它们写入另一个文件,代码如下:
# Python 3.6
# Scapy 2.4.3
from scapy.utils import PcapReader, PcapWriter
import time
i_pcap_filepath = "inputfile.pcap" # pcap to read
o_filepath = "outputfile.pcap" # pcap to write
i_open_file = PcapReader(i_pcap_filepath) # opened file to read
o_open_file = PcapWriter(o_filepath, append=True) # opened file to write
while 1:
# I will have EOF exception but anyway
time.sleep(1) # in order to see packet
packet = i_open_file.read_packet() # read a packet in file
o_open_file.write(packet) # write it
所以现在我想写入 FIFO 并在实时 Wireshark 中查看结果 window。
为此,我只是创建了一个 FIFO :
$ mkfifo /my/project/location/fifo.fifo
并在其上启动 Wireshark 应用程序:$ wireshark -k -i /my/project/location/fifo.fifo
我在 Python 脚本中更改了文件路径:o_filepath = "fifo.fifo" # fifo to write
但是我遇到了一个崩溃......这是回溯:
Traceback (most recent call last):
File "fifo.py", line 25, in <module>
o_open_file = PcapWriter(o_pcap_filepath, append=True)
File "/home/localuser/.local/lib/python3.6/site-packages/scapy/utils.py", line 1264, in __init__
self.f = [open, gzip.open][gz](filename, append and "ab" or "wb", gz and 9 or bufsz) # noqa: E501
OSError: [Errno 29] Illegal seek
Wireshark 也给我一个错误(“打开过程中管道魔法文件结束”):wireshark error
我不明白为什么,也不知道该怎么办。不能使用 scapy.utils 库写入 FIFO 吗?那怎么办呢?
感谢您的支持,
Nicos44k
晚上很有用,因为我今天早上解决了我的问题!
昨天我没有理解回溯,但它实际上给了我一个很大的提示:我们有一个查找问题。
等等...FIFO 文件中没有查找!!!
所以我们不能将“append”参数设置为true。
我改变了:o_open_file = PcapWriter(o_filepath)
错误消失了。
但是,实时数据包没有显示...
为了解决这个问题,我需要强制 FIFO 刷新:o_open_file.flush()
请记住,您可以在此处下载 pcap 示例文件:https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap
所以这是完整的代码:
# Python 3.6
# Scapy 2.4.3
from scapy.utils import PcapReader, PcapWriter
import time
i_pcap_filepath = "inputfile.pcap" # pcap to read
o_filepath = "fifo.fifo" # pcap to write
i_open_file = PcapReader(i_pcap_filepath) # opened file to read
o_open_file = PcapWriter(o_filepath) # opened file to write
while 1:
# I will have EOF exception but anyway
time.sleep(1) # in order to see packet
packet = i_open_file.read_packet() # read a packet in file
o_open_file.write(packet) # write it
o_open_file.flush() # force buffered data to be written to the file
祝你有美好的一天!
Nicos44k
我是法国人,如果我的英语不完美,请见谅!
在开始之前,如果你想尝试我的代码,你可以在这里下载一个 pcap 示例文件:https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap
我成功打开 pcap 文件,读取数据包并将它们写入另一个文件,代码如下:
# Python 3.6
# Scapy 2.4.3
from scapy.utils import PcapReader, PcapWriter
import time
i_pcap_filepath = "inputfile.pcap" # pcap to read
o_filepath = "outputfile.pcap" # pcap to write
i_open_file = PcapReader(i_pcap_filepath) # opened file to read
o_open_file = PcapWriter(o_filepath, append=True) # opened file to write
while 1:
# I will have EOF exception but anyway
time.sleep(1) # in order to see packet
packet = i_open_file.read_packet() # read a packet in file
o_open_file.write(packet) # write it
所以现在我想写入 FIFO 并在实时 Wireshark 中查看结果 window。
为此,我只是创建了一个 FIFO :
$ mkfifo /my/project/location/fifo.fifo
并在其上启动 Wireshark 应用程序:$ wireshark -k -i /my/project/location/fifo.fifo
我在 Python 脚本中更改了文件路径:o_filepath = "fifo.fifo" # fifo to write
但是我遇到了一个崩溃......这是回溯:
Traceback (most recent call last):
File "fifo.py", line 25, in <module>
o_open_file = PcapWriter(o_pcap_filepath, append=True)
File "/home/localuser/.local/lib/python3.6/site-packages/scapy/utils.py", line 1264, in __init__
self.f = [open, gzip.open][gz](filename, append and "ab" or "wb", gz and 9 or bufsz) # noqa: E501
OSError: [Errno 29] Illegal seek
Wireshark 也给我一个错误(“打开过程中管道魔法文件结束”):wireshark error
我不明白为什么,也不知道该怎么办。不能使用 scapy.utils 库写入 FIFO 吗?那怎么办呢?
感谢您的支持,
Nicos44k
晚上很有用,因为我今天早上解决了我的问题!
昨天我没有理解回溯,但它实际上给了我一个很大的提示:我们有一个查找问题。
等等...FIFO 文件中没有查找!!!
所以我们不能将“append”参数设置为true。
我改变了:o_open_file = PcapWriter(o_filepath)
错误消失了。
但是,实时数据包没有显示...
为了解决这个问题,我需要强制 FIFO 刷新:o_open_file.flush()
请记住,您可以在此处下载 pcap 示例文件:https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap
所以这是完整的代码:
# Python 3.6
# Scapy 2.4.3
from scapy.utils import PcapReader, PcapWriter
import time
i_pcap_filepath = "inputfile.pcap" # pcap to read
o_filepath = "fifo.fifo" # pcap to write
i_open_file = PcapReader(i_pcap_filepath) # opened file to read
o_open_file = PcapWriter(o_filepath) # opened file to write
while 1:
# I will have EOF exception but anyway
time.sleep(1) # in order to see packet
packet = i_open_file.read_packet() # read a packet in file
o_open_file.write(packet) # write it
o_open_file.flush() # force buffered data to be written to the file
祝你有美好的一天!
Nicos44k