Scapy 有一个 sendpfast
函数,它使用 tcpreplay 发送数据包。然而,这个函数首先创建一个临时的 pcap 文件,然后调用 tcpreplay 。这增加了太多的延迟。反正有没有绕过它并直接将数据发送到tcpreplay。我知道 tcpreplay 可以从 STDIN 读取数据。
上下文:我想每秒生成大量流量(具有不同的 srcIP)并通过网络发送。一种选择是将所有带有时间戳的流量保存在一个巨大的 pcap 文件中并运行 tcpreplay。另一种选择是每秒发送数据。
最佳答案
不确定避免临时文件是否足够,但仍然有一种方法:
#! /usr/bin/env python
from scapy.all import *
def pkt2pcap(p):
sec = int(p.time)
usec = int(round((p.time-sec)*1000000))
s = str(p)
caplen = len(s)
return struct.pack("IIII", sec, usec, caplen, caplen) + s
# adapted from Scapy's sendpfast
def mysendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None):
"""Send packets at layer 2 using tcpreplay for performance
pps: packets per second
mpbs: MBits per second
realtime: use packet's timestamp, bending time with realtime value
loop: number of times to process the packet list
file_cache: cache packets in RAM instead of reading from disk at each iteration
iface: output interface """
if iface is None:
iface = conf.iface
argv = [conf.prog.tcpreplay, "--intf1=%s" % iface ]
if pps is not None:
argv.append("--pps=%i" % pps)
elif mbps is not None:
argv.append("--mbps=%i" % mbps)
elif realtime is not None:
argv.append("--multiplier=%i" % realtime)
else:
argv.append("--topspeed")
if loop:
argv.append("--loop=%i" % loop)
if file_cache:
argv.append("--enable-file-cache")
argv.append("-")
try:
f = subprocess.Popen(argv, stdin=subprocess.PIPE)
# PCAP header
p = x.next()
f.stdin.write(struct.pack("IHHIIII", 0xa1b2c3d4L,
2, 4, 0, 0, MTU,
conf.l2types[p.__class__]))
# Let's send
f.stdin.write(pkt2pcap(p))
for p in x:
f.stdin.write(pkt2pcap(p))
f.stdin.close()
f.communicate()
except KeyboardInterrupt:
log_interactive.info("Interrupted by user")
except Exception,e:
log_interactive.error("while trying to exec [%s]: %s" % (argv[0],e))
关于python - Scapy 和 tcpreplay : bypass temporary file for performance,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/19760102/