scapy module to analyze packets
Scapy is a powerful interactive packet processing program written in python, which can be used to send, sniff, parse and forge network packets, and is often used in network attacks and tests. ----(Introduction copied from the Internet...)
https://scapy.readthedocs.io/en/latest/usage.html#starting-scapy official documentation
pip install scapy just install scapy
from scapy.all import *
a = rdpcap("data.pcap") #读取本地数据包
>>> a
<data.pcap: TCP:7068 UDP:326 ICMP:2120 Other:107>
a.summary() #displays a list of summaries of each packet,这个太多了| Command | Effect |
|---|---|
| summary() | displays a list of summaries of each packet |
| nsummary () | same as previous, with the packet number |
| conversations() | displays a graph of conversations |
| show() | displays the preferred representation (usually nsummary()) |
| filter() | returns a packet list filtered with a lambda function |
| hexdump() | returns a hexdump of all packets |
| hexraw() | returns a hexdump of the Raw layer of all packets |
| padding() | returns a hexdump of packets with padding |
| nzpadding() | returns a hexdump of packets with non-zero padding |
| plot() | plots a lambda function applied to the packet list |
| make table() | displays a table according to a lambda function |
Take a look at the renderings
Similar to the list type in python, it can be accessed using subscripts, and the length can be calculated using len, but the data is neither a list nor a string. If str operation is required, str(dpkg)
If the pyx module is installed, the analysis results can be converted to image format (pyx only supports python3)
| dpkt.psdump () | draws a PostScript diagram with explained dissection |
|---|---|
| dpkt.pdfdump () | draws a PDF with explained dissection |