摘要：python写的数据包处理工具scapy:1、读取pcap文件：from scapy.all import * buffer=rdpcap(srcfile)2、查看数据包属性名ls(packet),如packet=Ether()/IP()/TCP().3、计算TCP数据长度len=packet[IP].len-(packet.ihl<<2)-(packet.dataofs<<2),三项分别表示IP包总长度，IP首部长，TCP首部长，其中后两项分别以4个字节为单位。4、取TCP的标记位packet[TCP].flags &0x02==0x02 ?如果表达式为真则表 阅读全文

摘要：Show only SMTP (port 25) and ICMP traffic: Show only traffic in the LAN (192.168.x.x), between workstations and servers -- no Internet: TCP buffer full -- Source is instructing Destination to stop sen... 阅读全文

摘要：引用官方网站http://wiki.wireshark.org/CaptureFiltersCapture filters: Capture only traffic to or from IP address 172.18.5.4: Capture traffic to or from a range of IP addresses: Capture traffic from a range o... 阅读全文

摘要：options:-c <packets per file> Splits the packet output to different files based on uniform packet counts with a maximum of <packets per file> each. Each output file will be created with a ... 阅读全文