如何提取 Scapy 中的原始负载？

Question

有没有办法提取通过原始套接字解析的 Scapy 的原始负载？我可以通过指定 ip[scapy.IP] 和 ip[scapy.TCP] 而不是原始负载来提取 TCP 和 IP 标头。

当我尝试通过指定 ip[raw.load] 来提取原始负载时，它给了我一个错误，提示未找到原始层。

This is an image of the raw load that I want to extract out

import sys
import socket
from scapy.all import *
#from scapy import all as scapy



s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

while 1:
    packet = s.recvfrom(2000);
    packet = packet[0]
    ip = IP(packet)
    print(ip.show())
    #print(str(ip[IP]))
    #print(ip[scapy.IP].src)
    #print(ip[scapy.Raw].load)

我可以使用这段代码在 Scapy TCP 标头中提取源端口号。

import sys
import socket
from scapy.all import *
#from scapy import all as scapy



s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

while 1:
    packet = s.recvfrom(2000);
    packet = packet[0]
    ip = IP(packet)
    print(ip[TCP].sport)

Answer 1

这就是我的做法。 cmets 代表您的代码。我还写了如何使用 scapy 的套接字（跨平台，例如 SOCK_RAW 在 Windows 上不起作用）来完成它

from scapy.all import *
# import socket

#s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s = conf.L3Socket(filter=“tcp”)

# The use of `filter=“tcp”` requires libpcap.
# If you want to do it without it, you can also not set it and use `if TCP in packet:`


while True:
    #packet = s.recvfrom(2000);
    #packet = packet[0]
    #packet = IP(packet)
    packet = s.recv()

    # You don’t have a Raw in every received packet !
    if Raw in packet:
        load = packet[Raw].load