scapy.fields

字段:构成数据包部分的基本数据结构.

class scapy.fields.ActionField(fld, action_method, **kargs)

Bases: object

any2i(pkt, val)
class scapy.fields.BCDFloatField(name, default, fmt='H')

Bases: scapy.fields.Field

i2m(pkt, x)
m2i(pkt, x)
class scapy.fields.BitEnumField(name, default, size, enum)

Bases: scapy.fields.BitField, scapy.fields._EnumField

any2i(pkt, x)
i2repr(pkt, x)
i2s
i2s_cb
s2i
s2i_cb
class scapy.fields.BitExtendedField(name, default, extension_bit)

Bases: scapy.fields.Field

位扩展字段

此类字段的字节数可变. 每个字节的定义如下:-7位数据-1位扩展位:

  • 0表示它是该字段的最后一个字节("停止位")

  • 1表示在此之后还有另一个字节("转发位")

要获取实际数据,必须逐字节跳动二进制数据字节,并检查扩展位直到0

addfield(pkt, s, val)
extended2str(x)
extension_bit
getfield(pkt, s)
i2m(pkt, x)
m2i(pkt, x)
prepare_byte(x)
str2extended(x='')
class scapy.fields.BitField(name, default, size)

Bases: scapy.fields.Field

addfield(pkt, s, val)
getfield(pkt, s)
i2len(pkt, x)
randval()
rev
reverse(val)
size
class scapy.fields.BitFieldLenField(name, default, size, length_of=None, count_of=None, adjust=<function BitFieldLenField.<lambda>>)

Bases: scapy.fields.BitField

adjust
count_of
i2m(pkt, x)
length_of
class scapy.fields.BitMultiEnumField(name, default, size, enum, depends_on)

Bases: scapy.fields.BitField, scapy.fields._MultiEnumField

any2i(pkt, x)
depends_on
i2repr(pkt, x)
i2s
i2s_cb
i2s_multi
s2i
s2i_all
s2i_cb
s2i_multi
class scapy.fields.BoundStrLenField(name, default, minlen=0, maxlen=255, fld=None, length_from=None)

Bases: scapy.fields.StrLenField

maxlen
minlen
randval()
class scapy.fields.ByteEnumField(name, default, enum)

Bases: scapy.fields.EnumField

class scapy.fields.ByteEnumKeysField(name, default, enum)

Bases: scapy.fields.ByteEnumField

在模糊时选择有效值的ByteEnumField.

randval()
class scapy.fields.ByteField(name, default)

Bases: scapy.fields.Field

class scapy.fields.CharEnumField(name, default, enum, fmt='1s')

Bases: scapy.fields.EnumField

any2i_one(pkt, x)
class scapy.fields.ConditionalField(fld, cond)

Bases: object

addfield(pkt, s, val)
cond
fld
getfield(pkt, s)
class scapy.fields.DestField(name, default)

Bases: scapy.fields.Field

classmethod bind_addr(layer, addr, **condition)
defaultdst
dst_from_pkt(pkt)
class scapy.fields.DestIP6Field(name, default)

Bases: scapy.fields.IP6Field, scapy.fields.DestField

bindings = {<class 'scapy.layers.inet.UDP'>: [('ff02::fb', {'dport': 5353}), ('ff02::66', {'dport': 2029})], <class 'scapy.contrib.ospf.OSPFv3_Hdr'>: [('ff02::5', {})]}
i2h(pkt, x)
i2m(pkt, x)
class scapy.fields.Emph(fld)

Bases: object

移交要显示的子层

fld
class scapy.fields.EnumField(name, default, enum, fmt='H')

Bases: scapy.fields._EnumField

i2s
i2s_cb
s2i
s2i_cb
class scapy.fields.FCSField(name, default, fmt='H')

Bases: scapy.fields.Field

数据包末尾获取其值的特殊字段(注意:不是层,而是数据包).

主要用于FCS

addfield(pkt, s, val)
getfield(pkt, s)
i2repr(pkt, x)
class scapy.fields.Field(name, default, fmt='H')

Bases: object

有关该如何工作的更多信息,请参阅http://www.secdev.org/projects/scapy/files/scapydoc.pdfAdding a New Field

addfield(pkt, s, val)

将内部值添加到字符串

将字段val的网络表示形式(属于pkt层)复制到原始字符串包s ,并返回新的字符串包.

any2i(pkt, x)

尝试了解尽可能多的输入值,并从中获取内部值

copy()
default
do_copy(x)
fmt
getfield(pkt, s)

从字符串中提取内部值

从原始数据包s中提取属于pkt层的字段值.

返回一个由两个元素组成的列表,首先是在删除提取字段之后的原始数据包字符串,其次是内部表示形式的提取字段本身.

h2i(pkt, x)

将人的价值转化为内部价值

holds_packets = 0
i2count(pkt, x)

将内部值转换为FieldLenField可以使用的许多元素. 除列表字段外,始终为1

i2h(pkt, x)

将内部价值转化为人类价值

i2len(pkt, x)

将内部值转换为FieldLenField可以使用的长度

i2m(pkt, x)

将内部价值转换为机器价值

i2repr(pkt, x)

将内部值转换为漂亮的表示形式

islist = 0
ismutable = False
m2i(pkt, x)

将机器价值转换为内部价值

name
owners
randval()

返回一个可变对象,其值既是随机的,也适用于此字段

register_owner(cls)
struct
sz
exception scapy.fields.FieldAttributeException

Bases: scapy.error.Scapy_Exception

class scapy.fields.FieldLenField(name, default, length_of=None, fmt='H', count_of=None, adjust=<function FieldLenField.<lambda>>, fld=None)

Bases: scapy.fields.Field

adjust
count_of
i2m(pkt, x)
length_of
class scapy.fields.FieldListField(name, default, field, length_from=None, count_from=None)

Bases: scapy.fields.Field

addfield(pkt, s, val)
any2i(pkt, x)
count_from
field
getfield(pkt, s)
i2count(pkt, val)
i2len(pkt, val)
i2m(pkt, val)
i2repr(pkt, x)
islist = 1
length_from
exception scapy.fields.FieldValueRangeException

Bases: scapy.error.Scapy_Exception

class scapy.fields.FixedPointField(name, default, size, frac_bits=16)

Bases: scapy.fields.BitField

any2i(pkt, val)
frac_bits
i2h(pkt, val)
i2repr(pkt, val)
class scapy.fields.FlagValue(value, names)

Bases: object

copy()
flagrepr()
multi
names
value
class scapy.fields.FlagValueIter(flagvalue)

Bases: object

next()
slots = ['flagvalue', 'cursor']
class scapy.fields.FlagsField(name, default, size, names)

Bases: scapy.fields.BitField

处理标志类型字段

确保您所有的标志都有标签

Example

>>> from scapy.packet import Packet
>>> class FlagsTest(Packet):
        fields_desc = [FlagsField("flags", 0, 8, ["f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7"])]  # noqa: E501
>>> FlagsTest(flags=9).show2()
###[ FlagsTest ]###
  flags     = f0+f3
>>> FlagsTest(flags=0).show2().strip()
###[ FlagsTest ]###
  flags     =
Parameters
  • 名称 -字段名称

  • 默认 -字段的默认值

  • 大小 –字段中的位数

  • 名称 –每个标记的(列表或字典)标签,最低有效位标签的名称首先被写入#noqa:E501

any2i(pkt, x)
i2h(pkt, x)
i2repr(pkt, x)
ismutable = True
m2i(pkt, x)
multi
names
class scapy.fields.IEEEDoubleField(name, default)

Bases: scapy.fields.Field

class scapy.fields.IEEEFloatField(name, default)

Bases: scapy.fields.Field

class scapy.fields.IP6Field(name, default)

Bases: scapy.fields.Field

any2i(pkt, x)
h2i(pkt, x)
i2m(pkt, x)
i2repr(pkt, x)
m2i(pkt, x)
randval()
class scapy.fields.IP6PrefixField(name, default, wordbytes=1, length_from=None)

Bases: scapy.fields._IPPrefixFieldBase

class scapy.fields.IPField(name, default)

Bases: scapy.fields.Field

any2i(pkt, x)
h2i(pkt, x)
i2m(pkt, x)
i2repr(pkt, x)
m2i(pkt, x)
randval()
resolve(x)
slots = []
class scapy.fields.IPPrefixField(name, default, wordbytes=1, length_from=None)

Bases: scapy.fields._IPPrefixFieldBase

class scapy.fields.IntEnumField(name, default, enum)

Bases: scapy.fields.EnumField

class scapy.fields.IntEnumKeysField(name, default, enum)

Bases: scapy.fields.IntEnumField

IntEnumField在模糊时选择有效值.

randval()
class scapy.fields.IntField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LEFieldLenField(name, default, length_of=None, fmt='<H', count_of=None, adjust=<function LEFieldLenField.<lambda>>, fld=None)

Bases: scapy.fields.FieldLenField

class scapy.fields.LEIntEnumField(name, default, enum)

Bases: scapy.fields.EnumField

class scapy.fields.LEIntField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LELongField(name, default)

Bases: scapy.fields.LongField

class scapy.fields.LEShortEnumField(name, default, enum)

Bases: scapy.fields.EnumField

class scapy.fields.LEShortField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LESignedIntField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LESignedLongField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LESignedShortField(name, default)

Bases: scapy.fields.Field

class scapy.fields.LEThreeBytesField(name, default)

Bases: scapy.fields.ByteField

addfield(pkt, s, val)
getfield(pkt, s)
class scapy.fields.LEX3BytesField(name, default)

Bases: scapy.fields.LEThreeBytesField, scapy.fields.XByteField

i2repr(pkt, x)
class scapy.fields.LSBExtendedField(name, default)

Bases: scapy.fields.BitExtendedField

class scapy.fields.LenField(name, default, fmt='H', adjust=<function LenField.<lambda>>)

Bases: scapy.fields.Field

adjust
i2m(pkt, x)
class scapy.fields.LongField(name, default)

Bases: scapy.fields.Field

class scapy.fields.MACField(name, default)

Bases: scapy.fields.Field

any2i(pkt, x)
i2m(pkt, x)
i2repr(pkt, x)
m2i(pkt, x)
randval()
class scapy.fields.MSBExtendedField(name, default)

Bases: scapy.fields.BitExtendedField

class scapy.fields.MultiEnumField(name, default, enum, depends_on, fmt='H')

Bases: scapy.fields._MultiEnumField, scapy.fields.EnumField

depends_on
i2s_multi
s2i_all
s2i_multi
scapy.fields.MultiFlagsEntry

scapy.fields.MultiFlagEntry别名

class scapy.fields.MultiFlagsField(name, default, size, names, depends_on)

Bases: scapy.fields.BitField

any2i(pkt, x)
depends_on
i2m(pkt, x)
i2repr(pkt, x)
m2i(pkt, x)
multi
names
class scapy.fields.MultipleTypeField(flds, dflt)

Bases: object

MultipleTypeField用于可以由各种Field子类实现的字段,具体取决于数据包的条件.

它使用fldsdflt初始化.

dflt是默认字段类型,当没有条件与当前数据包匹配时使用.

flds是元组的列表( fldcond ),其中fld是字段类型,而cond是"条件"以确定fld是否是应使用的字段类型.

cond是:

  • 一个可调用的cond_pkt ,它接受一个参数(数据包),如果应该使用fld ,则返回True,否则返回False.

  • 一个元组( cond_pktcond_pkt_val ),其中cond_pkt与前面的情况相同, cond_pkt_val是一个可调用的方法,它接受两个参数(数据包和要设置的值),如果应使用fld ,则返回True,否则返回False.

有关使用示例,请参见scapy.layers.l2.ARP(在Scapy中键入" help(ARP)").

addfield(pkt, s, val)
any2i(pkt, val)
dflt
flds
getfield(pkt, s)
h2i(pkt, val)
i2h(pkt, val)
i2len(pkt, val)
i2m(pkt, val)
i2repr(pkt, val)
name
register_owner(cls)
class scapy.fields.NetBIOSNameField(name, default, length=31)

Bases: scapy.fields.StrFixedLenField

i2m(pkt, x)
m2i(pkt, x)
class scapy.fields.OByteField(name, default)

Bases: scapy.fields.ByteField

i2repr(pkt, x)
class scapy.fields.ObservableDict(*args, **kw)

Bases: dict

observe(observer)
update(anotherDict)
class scapy.fields.PacketField(name, default, cls, remain=0)

Bases: scapy.fields.StrField

cls
getfield(pkt, s)
holds_packets = 1
i2m(pkt, i)
m2i(pkt, m)
randval()
class scapy.fields.PacketLenField(name, default, cls, length_from=None)

Bases: scapy.fields.PacketField

getfield(pkt, s)
length_from
class scapy.fields.PacketListField(name, default, cls=None, count_from=None, length_from=None, next_cls_cb=None)

Bases: scapy.fields.PacketField

PacketListField代表可能在另一个Packet字段列表中间出现的一系列Packet实例. 此字段类型也可以用于指示一系列Packet实例具有同级语义而不是父子关系(即,层的堆栈).

addfield(pkt, s, val)
any2i(pkt, x)
count_from
do_copy(x)
getfield(pkt, s)
i2count(pkt, val)
i2len(pkt, val)
islist = 1
length_from
next_cls_cb
class scapy.fields.PadField(fld, align, padwith=None)

Bases: object

在proxified字段之后添加字节,以便从开头开始在指定的对齐方式结束

addfield(pkt, s, val)
getfield(pkt, s)
padlen(flen)
class scapy.fields.ReversePadField(fld, align, padwith=None)

Bases: scapy.fields.PadField

在proxified字段之前添加字节,以便它从指定的对齐方式开始

addfield(pkt, s, val)
getfield(pkt, s)
class scapy.fields.ScalingField(name, default, scaling=1, unit='', offset=0, ndigits=3, fmt='B')

Bases: scapy.fields.Field

处理经过缩放和/或偏移以进行通信的物理值

Example

>>> from scapy.packet import Packet
>>> class ScalingFieldTest(Packet):
        fields_desc = [ScalingField('data', 0, scaling=0.1, offset=-1, unit='mV')]  # noqa: E501
>>> ScalingFieldTest(data=10).show2()
###[ ScalingFieldTest ]###
  data= 10.0 mV
>>> hexdump(ScalingFieldTest(data=10))
0000  6E                                               n
>>> hexdump(ScalingFieldTest(data=b"m"))
0000  6D                                               m
>>> ScalingFieldTest(data=b"m").show2()
###[ ScalingFieldTest ]###
  data= 9.9 mV

在此示例中,bytes(ScalingFieldTest(…))将产生0x6E. 0x6E为110(十进制). 这是通过比例因子和偏移量来计算的. "数据"设置为10,这意味着我们要传输10 mV的物理值. 为了计算必须在总线上发送的值,必须减去偏移量,并且必须通过除以比例因子来应用比例. 字节=(数据-偏移量)/缩放字节=(10-(-1))/ 0.1字节= 110 = 0x6E

如果要强制使用某个内部值,则可以为该字段分配一个字节字符串(data = b" m"). 如果将字节对象的字符串提供给该字段,则不会应用内部值转换

Parameters
  • 名称 -字段名称

  • 默认 -字段的默认值

  • 标度 –内部值转换的标度因子

  • unit –内部值的单位表示形式的字符串

  • offset –在转换过程中偏移内部值的值

  • ndigits –内部转换的小数位数

  • fmt – struct.pack格式,用于从机器表示中解析内部序列并将其序列化.#noqa:E501

any2i(pkt, x)
i2m(pkt, x)
i2repr(pkt, x)
m2i(pkt, x)
ndigits
offset
randval()
scaling
unit
class scapy.fields.SecondsIntField(name, default, use_msec=False, use_micro=False, use_nano=False)

Bases: scapy.fields.IntField

i2repr(pkt, x)
use_micro
use_msec
use_nano
class scapy.fields.ShortEnumField(name, default, enum)

Bases: scapy.fields.EnumField

i2s
i2s_cb
s2i
s2i_cb
class scapy.fields.ShortEnumKeysField(name, default, enum)

Bases: scapy.fields.ShortEnumField

ShortEnumField在模糊时会选择有效值.

randval()
class scapy.fields.ShortField(name, default)

Bases: scapy.fields.Field

class scapy.fields.SignedByteField(name, default)

Bases: scapy.fields.Field

class scapy.fields.SignedIntEnumField(name, default, enum)

Bases: scapy.fields.EnumField

class scapy.fields.SignedIntField(name, default)

Bases: scapy.fields.Field

class scapy.fields.SignedLongField(name, default)

Bases: scapy.fields.Field

class scapy.fields.SignedShortField(name, default)

Bases: scapy.fields.Field

class scapy.fields.SourceIP6Field(name, dstname)

Bases: scapy.fields.IP6Field

dstname
i2h(pkt, x)
i2m(pkt, x)
class scapy.fields.SourceIPField(name, dstname)

Bases: scapy.fields.IPField

dstname
i2h(pkt, x)
i2m(pkt, x)
class scapy.fields.StrField(name, default, fmt='H', remain=0)

Bases: scapy.fields.Field

addfield(pkt, s, val)
any2i(pkt, x)
getfield(pkt, s)
i2len(pkt, x)
i2m(pkt, x)
i2repr(pkt, x)
randval()
remain
class scapy.fields.StrFixedLenEnumField(name, default, length=None, enum=None, length_from=None)

Bases: scapy.fields.StrFixedLenField

enum
i2repr(pkt, v)
class scapy.fields.StrFixedLenField(name, default, length=None, length_from=None)

Bases: scapy.fields.StrField

addfield(pkt, s, val)
getfield(pkt, s)
i2repr(pkt, v)
length_from
randval()
class scapy.fields.StrLenField(name, default, fld=None, length_from=None, max_length=None)

Bases: scapy.fields.StrField

getfield(pkt, s)
length_from
max_length
randval()
class scapy.fields.StrLenFieldUtf16(name, default, fld=None, length_from=None, max_length=None)

Bases: scapy.fields.StrLenField

h2i(pkt, x)
i2h(pkt, x)
class scapy.fields.StrNullField(name, default, fmt='H', remain=0)

Bases: scapy.fields.StrField

addfield(pkt, s, val)
getfield(pkt, s)
randval()
class scapy.fields.StrStopField(name, default, stop, additional=0)

Bases: scapy.fields.StrField

additional
getfield(pkt, s)
randval()
stop
class scapy.fields.ThreeBytesField(name, default)

Bases: scapy.fields.ByteField

addfield(pkt, s, val)
getfield(pkt, s)
class scapy.fields.UTCTimeField(name, default, use_msec=False, use_micro=False, use_nano=False, epoch=None, strf='%a, %d %b %Y %H:%M:%S %z')

Bases: scapy.fields.IntField

delta
epoch
i2m(pkt, x)
i2repr(pkt, x)
strf
use_micro
use_msec
use_nano
class scapy.fields.UUIDField(name, default, uuid_fmt=0)

Bases: scapy.fields.Field

UUID存储的字段,包装Python的uuid.UUID类型.

该字段的内部存储格式为Python标准库中的uuid.UUID .

此字段类型有三种格式( uuid_fmt ):

  • FORMAT_BE (默认值):根据RFC 4122,UUID为大端字节顺序的六个字段.

    DHCPv6(RFC 6355)和大多数网络协议都使用此格式.

  • FORMAT_LE :UUID是六个字段,其中time_lowtime_midtime_high_version以小尾数字节顺序排列. 这不会更改RFC 4122中字段的排列方式.

    Microsoft的COM / OLE库使用此格式.

  • FORMAT_REV :UUID是一个以小尾数字节顺序排列的单个128位整数. 这将更改字段的排列 .

    This format is used by Bluetooth Low Energy.

注意:您应该在此处使用常量.

此字段的"人工编码"支持多种不同的输入格式,并适当包装Python的uuid.UUID库:

  • 给定一个bytearray,byte或16字节的str,此类以有线格式解码UUID.

  • 给定一个字节uuid.UUID ,字节或其他长度的str, uuid.UUID委派给uuid.UUID Python标准库. 它支持许多不同的编码选项–有关更多详细信息,请参见Python标准库文档.

  • 给定一个int或long,假定为要传递给uuid.UUID的128位整数.

  • 给定一个元组:

    • Tuples of 11 integers are treated as having the last 6 integers forming the node field, and are merged before being passed as a tuple of 6 integers to uuid.UUID.

    • 否则,该元组将作为fields参数直接传递给uuid.UUID ,而无需进行修改.

      uuid.UUID期望包含6个整数的元组.

传递其他类型(例如uuid.UUID ).

FORMATS = (0, 1, 2)
FORMAT_BE = 0
FORMAT_LE = 1
FORMAT_REV = 2
any2i(pkt, x)
i2m(pkt, x)
m2i(pkt, x)
static randval()
uuid_fmt
class scapy.fields.X3BytesField(name, default)

Bases: scapy.fields.ThreeBytesField, scapy.fields.XByteField

i2repr(pkt, x)
class scapy.fields.XBitField(name, default, size)

Bases: scapy.fields.BitField

i2repr(pkt, x)
class scapy.fields.XByteEnumField(name, default, enum)

Bases: scapy.fields.ByteEnumField

i2repr_one(pkt, x)
class scapy.fields.XByteField(name, default)

Bases: scapy.fields.ByteField

i2repr(pkt, x)
class scapy.fields.XIntField(name, default)

Bases: scapy.fields.IntField

i2repr(pkt, x)
class scapy.fields.XLEIntField(name, default)

Bases: scapy.fields.LEIntField, scapy.fields.XIntField

i2repr(pkt, x)
class scapy.fields.XLELongField(name, default)

Bases: scapy.fields.LELongField, scapy.fields.XLongField

i2repr(pkt, x)
class scapy.fields.XLEShortField(name, default)

Bases: scapy.fields.LEShortField, scapy.fields.XShortField

i2repr(pkt, x)
class scapy.fields.XLEStrLenField(name, default, fld=None, length_from=None, max_length=None)

Bases: scapy.fields.XStrLenField

i2m(pkt, x)
m2i(pkt, x)
class scapy.fields.XLongField(name, default)

Bases: scapy.fields.LongField

i2repr(pkt, x)
class scapy.fields.XShortEnumField(name, default, enum)

Bases: scapy.fields.ShortEnumField

i2repr_one(pkt, x)
class scapy.fields.XShortField(name, default)

Bases: scapy.fields.ShortField

i2repr(pkt, x)
class scapy.fields.XStrField(name, default, fmt='H', remain=0)

Bases: scapy.fields.StrField

将值打印为十六进制的StrField.

i2repr(pkt, x)
class scapy.fields.XStrFixedLenField(name, default, length=None, length_from=None)

Bases: scapy.fields._XStrLenField, scapy.fields.StrFixedLenField

StrFixedLenField,该值以十六进制打印.

class scapy.fields.XStrLenField(name, default, fld=None, length_from=None, max_length=None)

Bases: scapy.fields._XStrLenField, scapy.fields.StrLenField

StrLenField,该值打印为十六进制.

class scapy.fields.YesNoByteField(name, default, config=None, *args, **kargs)

Bases: scapy.fields.ByteField

基于字节的标志字段,基于给定的关联显示其编号表示

In its default configuration the following representation is generated:

x == 0:'否'x!= 0:'是'

在更复杂的用例中(例如,是/否/无效),可以使用config属性进行配置. 键值,键范围和键值集关联将用于生成值表示形式.

  • 范围由包含最后一个值的元组(<first-val>,<last-value>)给出.

  • 单值元组被视为标量.

  • 列表定义了一组应与给定键关联的(可能是非连续的)值.

与密钥无关的所有值都将显示为无符号字节类型的数目.

例如:

config = {
    'no' : 0,
    'foo' : (1,22),
    'yes' : 23,
    'bar' : [24,25, 42, 48, 87, 253]
}

生成以下表示形式:

x == 0 : 'no'
x == 15: 'foo'
x == 23: 'yes'
x == 42: 'bar'
x == 43: 43

另一个示例,使用config属性还可以还原stock-yes-no-behavior:

config = {
        'yes' : 0,
        'no' : (1,255)
}

将生成以下值表示形式:

x == 0 : 'yes'
x != 0 : 'no'
eval_fn
i2repr(pkt, x)