18 Apr 2006 00:44
Re: Acces port number instead of its protocol interpretation
Philippe Biondi <phil <at> secdev.org>
2006-04-17 22:44:00 GMT
2006-04-17 22:44:00 GMT
Hi!
On Mon, 17 Apr 2006, Marek Jawurek wrote:
> first of all, scapy is great software.
thnx!
> My question: How can I access the portnumber of received TCP packets. I
> always get the protocol interpretation from /etc/services a la "www" for
> example.
It depends on how you get it :
>>> a=IP()/TCP(dport=123)
>>> a
<IP frag=0 proto=TCP |<TCP dport=ntp |>>
>>> a.dport
123
>>> a.sprintf("%TCP.dport% == %ir,TCP.dport%")
'ntp == 123'
--
--
Philippe Biondi <phil <at> secdev.org> SecDev.org
Computer Security/R&D http://www.secdev.org
PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
---------------------------------------------------------------------
Desinscription: envoyez un message a: scapy.ml-unsubscribe <at> secdev.org
Pour obtenir de l'aide, ecrivez a: scapy.ml-help <at> secdev.org
RSS Feed