为什么在 scapy packet.payload.proto == 17 是 UDP 而 packet.payload.proto ==6 是 TCP?
Why in scapy packet.payload.proto == 17 is UDP and packet.payload.proto ==6 TCP?
我在 github 中看到了这段代码。
我不明白为什么 packet.payload.proto == 17 是 UDP 而 packet.payload.proto ==6 TCP。
数据包 = scapy.all.rdpcap('data/dns.cap')
对于数据包中的数据包:
打印(' - - - - - ')
打印('src_mac: {0}'.格式(packet.src))
打印('dst_mac: {0}'.格式(packet.dst))
ip = packet.payload
print('src_ip: {0}'.format(ip.src))
print('dst_ip: {0}'.format(ip.dst))
if ip.proto == 17:
udp = ip.payload
print('udp_sport: {0}'.format(udp.sport))
print('udp_dport: {0}'.format(udp.dport))
if ip.proto == 6:
tcp = ip.payload
print('tcp_sport: {0}'.format(tcp.sport))
print('tcp_dport: {0}'.format(tcp.dport))
print('----------\n')
...
6 TCP Transmission Control [RFC793]
...
17 UDP User Datagram [RFC768][Jon_Postel]
...
Ignacio 提供的答案是正确的。 RFC 和 IANA 指定了这些值。
至于什么是有效载荷,那是相对于您所谈论的数据包(更具体地说是 PDU)层而言的。
举个例子:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | TCP | HTTP |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
HTTP是TCP的载荷,(TCP+HTTP)是IP的载荷。
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | TCP | Payload |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
和
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | Payload |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://en.wikipedia.org/wiki/IPv4#Header显示一个IP的布局header。协议是这些领域之一。当协议 (ip.proto) 为 6 时,根据 RFC,IP 流量的有效负载为 TCP。当它是 17 时,负载是 UDP。
某些协议(如 IP)有一个字段,用于枚举其 child 负载的类型。其他人没有。
我在 github 中看到了这段代码。 我不明白为什么 packet.payload.proto == 17 是 UDP 而 packet.payload.proto ==6 TCP。
数据包 = scapy.all.rdpcap('data/dns.cap')
对于数据包中的数据包: 打印(' - - - - - ') 打印('src_mac: {0}'.格式(packet.src)) 打印('dst_mac: {0}'.格式(packet.dst))
ip = packet.payload
print('src_ip: {0}'.format(ip.src))
print('dst_ip: {0}'.format(ip.dst))
if ip.proto == 17:
udp = ip.payload
print('udp_sport: {0}'.format(udp.sport))
print('udp_dport: {0}'.format(udp.dport))
if ip.proto == 6:
tcp = ip.payload
print('tcp_sport: {0}'.format(tcp.sport))
print('tcp_dport: {0}'.format(tcp.dport))
print('----------\n')
... 6 TCP Transmission Control [RFC793] ... 17 UDP User Datagram [RFC768][Jon_Postel] ...
Ignacio 提供的答案是正确的。 RFC 和 IANA 指定了这些值。
至于什么是有效载荷,那是相对于您所谈论的数据包(更具体地说是 PDU)层而言的。
举个例子:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | TCP | HTTP |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
HTTP是TCP的载荷,(TCP+HTTP)是IP的载荷。
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | TCP | Payload |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
和
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| IP | Payload |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://en.wikipedia.org/wiki/IPv4#Header显示一个IP的布局header。协议是这些领域之一。当协议 (ip.proto) 为 6 时,根据 RFC,IP 流量的有效负载为 TCP。当它是 17 时,负载是 UDP。
某些协议(如 IP)有一个字段,用于枚举其 child 负载的类型。其他人没有。