在python-scapy中,我如何根據icmpv6類型進行過濾。例如,如果的ICMPv6類型135(鄰居請求),我怎樣才能過濾使用這種類型的表達式:identify icmpv6 type
if(x == 135):
do this
我想找到X在上述expression.There在Scapy的用於TCP,UDP標籤IPv6,但ICMPv6沒有標籤。例如,要訪問數據包p中的IPv6頭中的源地址參數,我可以使用p [IPv6] .src,因爲標籤IPv6存在於scapy中。但是如何訪問ICMPv6參數?
如果使用scapy或此方法無法完成,請提出替代方法。這個問題很長時間以來一直困擾着我。謝謝。
您應該使用Packet.haslayer('ICMPv6ND_NS') ...
>>> from scapy.all import rdpcap
>>> paks = rdpcap('ipv6.pcap')
>>> for idx, pak in enumerate(paks):
... if pak.haslayer('ICMPv6ND_NS'):
... print "Index %s: %s" % (idx, repr(pak))
...
Index 3: <Ether dst=00:21:a0:50:ce:00 src=00:02:55:7b:b2:f6 type=0x86dd |
<IPv6 version=6L tc=0L fl=0L plen=32 nh=ICMPv6 hlim=255
src=fe80::202:55ff:fe7b:b2f6 dst=fe80::221:a0ff:fe50:ce00 |
<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0x8b54 R=0L S=0L
O=0L res=0x0L tgt=fe80::221:a0ff:fe50:ce00 |<ICMPv6NDOptSrcLLAddr type=1
len=1 lladdr=00:02:55:7b:b2:f6 |>>>>
>>>
僅供參考,這些都是ipv6.pcap包...
[[email protected] ~]$ tshark -r ipv6.pcap
1 0.000000 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
2 1.007475 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
3 2.014461 2000:fc50:1000:100:202:55ff:fe7b:b2f6 -> 2001:420:1101:1::a ICMPv6 Echo request
4 4.997348 fe80::202:55ff:fe7b:b2f6 -> fe80::221:a0ff:fe50:ce00 ICMPv6 Neighbor solicitation
5 4.998613 fe80::221:a0ff:fe50:ce00 -> fe80::202:55ff:fe7b:b2f6 ICMPv6 Neighbor advertisement
[[email protected] ~]$