问题
I am trying to search for a hex sequence in the UDP payload (ISAKMP) of a packet. the packet is being loaded from a pcap. If I use show() or show2() then the output is in type bytes which I can't use.
the closest I have come is by using hexdump, but it comes out as 3 colums over multiple lines and I just want the middle column in a nice long string.
I've tried hexlify, encoding and decoding, and .format and I can't get something that makes sense.
thanks for your help
回答1:
You can use hexlify in combination with str. Below is an example with a TCP packet. You can use the same for UDP as well.
>>> pkt = sniff(filter="tcp", count=1)
>>> pkt.show()
0000 Ether / IP / TCP 27.59.126.209:cardbox > 14.139.134.39
ssh A
>>> from binascii import hexlify
>>> pktHex = hexlify(str(pkt[0]))
>>> pktHex
'7446a0afb96508357101e52508004568003483f24000340693ab1b3b7e
10e8b86270c2100167f687368446b8086801001a7a33100000101080a00
e0b1b1dddb5f6'
>>> hexdump(pkt[0])
0000 7446A0AFB96508357101E52508004568 tF...e.5q..%..Eh
0010 003483F24000340693AB1B3B7ED10E8B .4..@.4....;~...
0020 86270C2100167F687368446B80868010 .'.!...hshDk....
0030 01A7A33100000101080A003E0B1B1DDD ...1.......>....
0040 B5F6 ..
Your requirement is hexlify(str(pkt[0])).
来源:https://stackoverflow.com/questions/50513373/searching-for-hex-in-scapy-packet