scapy不解析GTP层

Question

我想使用scapy从我拥有的pcap文件中解析我的GTP数据包。我能够使用scapy来解析普通的UDP/TCP数据包。例如，如果我的包是udppacket，那么

udppacket[3]

显示udp数据包的数据部分。对于GTP数据包，它在udp层之后有更多层，数据位于最后一层内。因此，如果我的gtp包是gtppacket，那么

gtppacket[4]

出现错误IndexError : layer 4 not found。实际上，如果我使用

gtppacket[3]

然后我可以看到数据以及来自其他层的其他信息。那么，有没有办法遍历gtppacket的第三层，只访问我感兴趣的部分呢？我需要从第三层提取的数据总是位于固定偏移量之后。以下是十六进制转储(Gtppacket3)的输出。

0000   30 FF 00 B6 F8 8E EA 50  45 00 00 B6 04 D2 40 00   0......PE.....@.
0010   7E 11 6D F1 C0 A8 05 02  C0 A8 03 21 22 B8 15 B3   ~.m........!"...
0020   00 A2 3C C2 00 00 00 09  00 00 00 00 00 00 00 00   ..<.............
0030   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0040   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0050   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0060   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0070   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0080   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0090   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00a0   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00b0   00 00 00 00 00 00 00 00  00 00 00 00 00 00         ..............

从09开始的数据才是我真正想要提取的。我对其他数据不感兴趣。另一个想法是将此输出保存为一个字符数组，然后使用正确的偏移量进行访问。但我不知道是否有更好的想法来提取我想要的东西。

Answer 1

Scapy支持gtp库。嘿，你可以使用gtp库来做这些事情。将十六进制字符串复制到类似a= '30FF00B6F88EEA50450000B604D240007E116DF1C0A80502C0A8032122B815B300A23CC200000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000‘的变量中

导入scapy模块

从scapy.layers.gtp导入*

通过给出原始十六进制来解码gtp报头

GTPHeader(a) Out8：>>