我想用scapy从我的DHCP服务器上的DHCP中继中嗅探DHCP数据包,但我遇到了一个问题,因为我唯一感兴趣的部分是用十六进制写的。
有没有一种方法可以迫使scapy解码这一部分或另一个库来解码?
下面是一个被scapy嗅探的数据包的例子。我想解码的部分是"未知DHCPv6选项"下的"数据":
###[ Ethernet ]###
dst= f4:cf:e2:4c:9c:ed
src= 00:22:bd:f8:35:47
type= 0x86dd
###[ IPv6 ]###
version= 6L
tc= 0L
fl= 0L
plen= 149
nh= UDP
hlim= 255
src= 2001:db8:0:1::ee
dst= 2001:db8:0:1::ed
###[ UDP ]###
sport= dhcpv6_server
dport= dhcpv6_server
len= 149
chksum= 0xd489
###[ DHCPv6 Relay Forward Message (Relay Agent/Server Message) ]###
msgtype= RELAY-FORW
hopcount= 0
linkaddr= 2001:db8:0:1::e6
peeraddr= fe80::f6cf:e2ff:fe11:7ef9
###[ Unknown DHCPv6 OPtion ]###
optcode= RELAY_MSG
optlen= 77
data= 'x01xedt{x00x01x00nx00x03x00x01Bx00x14\Uxb3x00x06x00x04x00x17x00x18x00x08x00x02x00x00x00x19x00)xe2x11~xf9x00x00x0ex10x00x00x15x18x00x1ax00x19x00x00x1c x00x00*00 x01x0bxc80x00x00x00x00x00x00x00x00x00x00x00'
###[ DHCP6 Option - Relay Agent Remote-ID ]###
optcode= OPTION_REMOTE_ID
optlen= 14
enterprisenum= ciscoSystems
remoteid= 'x00x03x08x00x00"xbdxf85G'
###[ DHCP6 Interface-Id Option ]###
optcode= INTERFACE_ID
optlen= 4
ifaceid= 'tx01x00n'
当我执行packet[DHCP6OptUnknown].getfieldval(data)
时,它返回
'x01xedt{x00x01x00nx00x03x00x01Bx00x14\Uxb3x00x06x00x04x00x17x00x18x00x08x00x02x00x00x00x19x00)xe2x11~xf9x00x00x0ex10x00x00x15x18x00x1ax00x19x00x00x1c x00x00*00 x01x0bxc80x00x00x00x00x00x00x00x00x00x00x00'
这是我想要的数据,在里面我想得到服务器发送的Prefix委托。
提前感谢您的帮助!
Ps:对不起我英语不好:)
编辑:打补丁后,DHCP中继数据包如下所示:
###[ Ethernet ]###
dst= 00:22:bd:f8:35:47
src= f4:cf:e2:4c:9c:ed
type= 0x86dd
###[ IPv6 ]###
version= 6L
tc= 0L
fl= 0L
plen= 192
nh= UDP
hlim= 64
src= 2001:db8:0:1::ed
dst= 2001:db8:0:1::ee
###[ UDP ]###
sport= dhcpv6_server
dport= dhcpv6_server
len= 192
chksum= 0x26dc
###[ DHCPv6 Relay Reply Message (Relay Agent/Server Message) ]###
msgtype= RELAY-REPL
hopcount= 0
linkaddr= 2001:db8:0:1::e6
peeraddr= fe80::f6cf:e2ff:fe11:7ef9
###[ DHCP6 Interface-Id Option ]###
optcode= INTERFACE_ID
optlen= 4
ifaceid= 'tx01x00n'
###[ DHCP6 Relay Message Option ]###
optcode= RELAY_MSG
optlen= 138
###[ DHCPv6 Reply Message ]###
msgtype= REPLY
trid= 0x8bcc55
###[ DHCP6 Option - Identity Association for Prefix Delegation ]###
optcode= OPTION_IA_PD
optlen= 41
iaid= 3792797433
T1= 3600
T2= 7200
iapdopt
|###[ DHCP6 Option - IA_PD Prefix option ]###
| optcode= OPTION_IAPREFIX
| optlen= 25
| preflft= 4500
| validlft= 7200
| plen= 48
| prefix= 2001:db8:3000::
| iaprefopts= ''
###[ DHCP6 Client Identifier Option ]###
optcode= CLIENTID
optlen= 10
duid
|###[ DUID - Based on Link-layer Address ]###
| type= Link-layer Address
| hwtype= Ethernet (10Mb)
| lladdr= 42:00:14:xx:xx:xx
###[ DHCP6 Server Identifier Option ]###
optcode= SERVERID
optlen= 14
duid
|###[ DUID - Link-layer address plus time ]###
| type= Link-layer address plus time
| hwtype= Ethernet (10Mb)
| timeval= Tue, 24 Mar 2015 03:09:53 +0000 (1427166593)
| lladdr= f4:cf:e2:4c:9c:ed
###[ DHCP6 Preference Option ]###
optcode= PREFERENCE
optlen= 1
prefval= 255
###[ DHCP6 Option - DNS Recursive Name Server ]###
optcode= DNS Recursive Name Server Option
optlen= 32
dnsservers= [ 2001:db8:401::3, 2001:db8:1::16 ]
###[ DHCP6 Option - Domain Search List option ]###
optcode= Domain Search List option
optlen= 12
dnsdomains= ['foo.net']
经过很多时间,我发现了这个补丁:http://bb.secdev.org/scapy/pull-request/82/dhcpv6-relay-reply-message-relay-agent/diff#chg-scapy/layers/dhcp6.py,它对我有效。所有的数据包都被解码了!