Python Scapy 数据包嗅探器在每个嗅探到的数据包上触发一个动作
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28292224/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Scapy packet sniffer triggering an action up on each sniffed packet
提问by RatDon
I'm using scapywith pythonto sniff live traffic.
我正在使用scapywithpython来嗅探实时流量。
capture=sniff(iface="<My Interface>", filter="tcp")
But this sniffs each packet and adds it to the list capturewhich can be processed later.
但这会嗅探每个数据包并将其添加到capture稍后可以处理的列表中。
I want to process a packet and display few fields of the packet, as soon as it's sniffed. i.e. upon sniffing a packet, it'll trigger a function where I can analyse that packet. And this would continue for few packets.
我想处理一个数据包并在它被嗅探后显示该数据包的几个字段。即在嗅探数据包时,它会触发一个功能,我可以在其中分析该数据包。这将持续几个数据包。
I've the function ready which I'm using with the captured packet list. But I'm unable to use it for each live packet.
我已经准备好与捕获的数据包列表一起使用的功能。但我无法为每个实时数据包使用它。
How to achieve that? Is it possible with scapyor do I need to install any other package?
如何做到这一点?是否可以scapy或我需要安装任何其他软件包?
采纳答案by RatDon
The parameters to the sniff function should be like the below code.:
sniff 函数的参数应该像下面的代码:
from scapy.all import *
def pkt_callback(pkt):
pkt.show() # debug statement
sniff(iface="<My Interface>", prn=pkt_callback, filter="tcp", store=0)
store=0says not to store any packet received and prnsays send the pktto pkt_callback.
store=0说不要存储收到的任何数据包,并prn说发送pkt到pkt_callback。
As mentioned by Yoel, if only one action is required, lambdacan be used with prninstead of a new function like in this case:
正如Yoel所提到的,如果只需要一个动作,lambda可以使用 withprn而不是像在这种情况下的新函数:
sniff(iface="<My Interface>", prn = lambda x: x.show(), filter="tcp", store=0)
回答by Yoel
This can be done with the prnargument of the snifffunction. Scapy's tutorial has a simple example here. Scapy's official API documentationspecifies:
这可以通过函数的prn参数来完成sniff。Scapy的教程在这里有一个简单的例子。Scapy的官方 API 文档规定:
sniff(prn=None, lfilter=None, count=0, store=1, offline=None, L2socket=None, timeout=None)...
prn: function to apply to each packet. If something is returned, it is displayed. For instance you can useprn = lambda x: x.summary().
...
sniff(prn=None, lfilter=None, count=0, store=1, offline=None, L2socket=None, timeout=None)...
prn: 应用于每个数据包的函数。如果有东西返回,它会显示出来。例如,您可以使用prn = lambda x: x.summary().
...
EDIT:
The accepted answerclaims that the storeargument must be set to 0for the prncallback to be invoked. However, setting store=0doesn't have any such effect. Scapy's own examplesdon't set store=0and the official API documentationdoesn't mention any such requirement. In fact, inspecting Scapy's source code reveals no connection whatsoever between the storeand prnarguments. Here is an excerpt of the relevant code block:
编辑:
接受的答案声称store必须将参数设置0为prn要调用的回调。但是,设置store=0没有任何这样的效果。Scapy自己的示例没有设置store=0,官方 API 文档也没有提到任何此类要求。事实上,检查Scapy的源代码显示store和prn参数之间没有任何联系。以下是相关代码块的摘录:
...
if store:
lst.append(p)
c += 1
if prn:
r = prn(p)
if r is not None:
print r
...
Executing a few simple test cases supports this finding as well.
执行一些简单的测试用例也支持这一发现。
