scapy.sessions

会话:嗅探时解码数据包流

class scapy.sessions.DefaultSession(prn=None, store=False, supersession=None, *args, **karg)

Bases: object

默认会话:无流解码

property count
on_packet_received(pkt)

DEV:入口点. sniff()将为每个接收到的数据包(通过过滤器)调用.

property prn
property store
toPacketList()
class scapy.sessions.IPSession(*args, **kwargs)

Bases: scapy.sessions.DefaultSession

对IP数据包进行碎片整理.

用法:>>>嗅探(会话= IPSession)

on_packet_received(pkt)
class scapy.sessions.StringBuffer

Bases: object

StringBuffer是一个对象,用于对在TCP传输期间接收到的数据进行重新排序.

每个TCP片段都包含一个序列号,该序列号(相对于第一个序列号)标记了该片段中包含的数据的索引.

如果丢失了TCP片段,则此类将用零填充丢失的空间.

append(data, seq)
clear()
full()
class scapy.sessions.TCPSession(*args, **kwargs)

Bases: scapy.sessions.IPSession

一个将seq / ack数据包匹配在一起以剖析特殊协议(例如HTTP)的会话.

DEV:在您的Packet类中实现类函数tcp_reassemble

@classmethod
def tcp_reassemble(cls, data, metadata):
    # data = the reassembled data from the same request/flow
    # metadata = empty dictionary, that can be used to store data
    [...]
    # If the packet is available, return it. Otherwise don't.
    # Whenever you return a packet, the buffer will be discarded.
    return pkt
    # Otherwise, maybe store stuff in metadata, and return None,
    # as you need additional data.
    return None

一个(难以理解的)例子可以在scapy / layers / http.py中找到

fmt = 'TCP {IP:%IP.src%}{IPv6:%IPv6.src%}:%r,TCP.sport% > {IP:%IP.dst%}{IPv6:%IPv6.dst%}:%r,TCP.dport%'
on_packet_received(pkt)

连接到Sessions API:解剖的入口点. 如有必要,这将对IP进行碎片整理,然后进行TCP重组.