从pipcapfile中的TCP头部获取ByteArray

Question

我想单独解析TCP包，而不使用PCAPLib自己的数据结构。出于这个原因，我需要获取TCP头的字节阵列。

from pcapfile import savefile 

capfile = open('delta_capture.pcap') 
sf = savefile.load_savefile(capfile) 

for packet in sf.packets: 
    print packet.timestamp 
    print packet.packet 
    print packet.header # Returns a library object, I need the bytearray instead, as I want to use my own data structure and parse. 

capfile.close() 

我试图调试和inspectiong对象结构，但不能看到其中实际字节存储在TCP报头的任何对象。

为变量“包”调试结果截图：

它甚至有可能在这个图书馆这样做呢？

Answer 1

A bytearray的头不能直接访问。标题中的各个字段都被解析，并且整个数据包都可用：

for packet in sf.packets: 
    print(packet.timestamp) 
    print(packet.packet) 

    # show header fields 
    print(packet.header.contents.magic)   # file magic number 
    print(packet.header.contents.major)   # major version number 
    print(packet.header.contents.minor)   # minor version number 
    print(packet.header.contents.tz_off)   # timezone offset 
    print(packet.header.contents.ts_acc)   # timestamp accuracy 
    print(packet.header.contents.snaplen)  # snapshot length 
    print(packet.header.contents.ll_type)  # link layer header type 
    print(packet.header.contents.byteorder)  # byte order specifier 
    print(packet.header.contents.ns_resolution) # nanosecond resolution 

    # show entire packet 
    print(packet.raw())