scapy.contrib.dce_rpc

DCE / RPC的基本解剖器. 对于所有数据包和建筑来说都不可靠

class scapy.contrib.dce_rpc.DceRpc

Bases: scapy.packet.Packet

DCE / RPC数据包

aliastypes
fields_desc
DceRpc字段

version

ByteField

4

type

ByteEnumField

0

flags1

FlagsField (8位)

<Flag 0 ()>

flags2

FlagsField (8位)

<Flag 0 ()>

endianness

BitEnumField (4位)

0

encoding

BitEnumField (4位)

0

float

ByteEnumField

0

DataRepr_reserved

ByteField

0

serial_high

XByteField

0

object_uuid

EndiannessField

None

interface_uuid

EndiannessField

None

activity

EndiannessField

None

boot_time

EndiannessField

0

interface_version

EndiannessField

1

sequence_num

EndiannessField

0

opnum

EndiannessField

0

interface_hint

EndiannessField

65535

activity_hint

EndiannessField

65535

frag_len

EndiannessField

None

frag_num

EndiannessField

0

auth

ByteEnumField

0

serial_low

XByteField

0

payload_guess

可能的子层: DceRpcPayload

class scapy.contrib.dce_rpc.DceRpcPayload

Bases: scapy.packet.Packet

虚拟类,使用dispatch_hook查找有效负载类

aliastypes
classmethod dispatch_hook(_pkt, _underlayer=None, *args, **kargs)

dispatch_hook在不同的已注册有效载荷之间进行选择

classmethod register_possible_payload(pay)

从可能的DCE / RPC端点调用以将其注册为可能的有效负载的方法

class scapy.contrib.dce_rpc.EndiannessField(fld, endianess_from)

Bases: object

更改子字段的字节序的字段

addfield(pkt, buf, val)

将具有字节序的字段添加到缓冲区

endianess_from
fld
getfield(pkt, buf)

以字节序检索字段

set_endianess(pkt)

将字节序添加到格式

scapy.contrib.dce_rpc.dce_rpc_endianess(pkt)

确定给定DCE / RPC数据包的正确字节序符号