scapy.contrib.sebek

Sebek:用于在蜜罐上收集数据的内核模块.

class scapy.contrib.sebek.SebekHead

Bases: scapy.packet.Packet

aliastypes
fields_desc
SebekHead字段

magic

XIntField

13684944

version

ShortField

1

type

ShortEnumField

0

counter

IntField

0

time_sec

IntField

0

time_usec

IntField

0

mysummary()
payload_guess

可能的子层: SebekV1SebekV2SockSebekV2SebekV3SockSebekV3

class scapy.contrib.sebek.SebekV1

Bases: scapy.packet.Packet

aliastypes
fields_desc
SebekV1场

pid

IntField

0

uid

IntField

0

fd

IntField

0

cmd

StrFixedLenField

b''

data_length

FieldLenField

None

data

StrLenField

b''

mysummary()
class scapy.contrib.sebek.SebekV2

Bases: scapy.contrib.sebek.SebekV3

aliastypes
fields_desc
SebekV2场

parent_pid

IntField

0

pid

IntField

0

uid

IntField

0

fd

IntField

0

inode

IntField

0

cmd

StrFixedLenField

b''

data_length

FieldLenField

None

data

StrLenField

b''

mysummary()
class scapy.contrib.sebek.SebekV2Sock

Bases: scapy.contrib.sebek.SebekV3Sock

aliastypes
fields_desc
SebekV2Sock场

parent_pid

IntField

0

pid

IntField

0

uid

IntField

0

fd

IntField

0

inode

IntField

0

cmd

StrFixedLenField

b''

data_length

IntField

15

dip

IPField

'127.0.0.1'

dport

ShortField

0

sip

IPField

'127.0.0.1'

sport

ShortField

0

call

ShortEnumField

0

proto

ByteEnumField

0

mysummary()
class scapy.contrib.sebek.SebekV3

Bases: scapy.packet.Packet

aliastypes
fields_desc
SebekV3场

parent_pid

IntField

0

pid

IntField

0

uid

IntField

0

fd

IntField

0

inode

IntField

0

cmd

StrFixedLenField

b''

data_length

FieldLenField

None

data

StrLenField

b''

mysummary()
class scapy.contrib.sebek.SebekV3Sock

Bases: scapy.packet.Packet

aliastypes
fields_desc
SebekV3Sock场

parent_pid

IntField

0

pid

IntField

0

uid

IntField

0

fd

IntField

0

inode

IntField

0

cmd

StrFixedLenField

b''

data_length

IntField

15

dip

IPField

'127.0.0.1'

dport

ShortField

0

sip

IPField

'127.0.0.1'

sport

ShortField

0

call

ShortEnumField

0

proto

ByteEnumField

0

mysummary()