3
私はscapyモジュールでパケットを送受信しています。Python - scapyパケットサイズの差
a = sr(IP(src="192.168.1.100",dst="8.8.4.4")/UDP(sport=RandShort(),dport=53)/DNS(rd=1,qd=DNSQR(qname="google.com",qtype="ALL",qclass="IN"),ar=DNSRROPT(rclass=3000)),timeout=1)
私は、コマンドと応答のパケットサイズを表示した場合:
#command size
print len(a[0][0][0])
>67
#response size
print len(a[0][0][1])
>496
をしかし、私はWiresharkを持つパケットをキャプチャした場合、それは私にパケット長を示しています
command: 83 bytes
response: 512 bytes
Wiresharkではコマンドとレスポンスに16バイトの追加サイズがあることを知っています。
Wiresharkで取り込まれた追加の16バイトは何かを知りたい(教育上の理由から)誰かがネットワーキングで深い「ノウハウ」を持ち、何が起こるか教えてくれますか?
EDIT:a[0].summary()の
出力:
IP/UDP/DNS Qry "google.com" ==> IP/UDP/DNS Ans "74.125.68.102"
a[0][0][0].show()の出力:
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = **67**
id = 1
flags =
frag = 0
ttl = 64
proto = udp
chksum = None
src = 192.168.1.100
dst = 8.8.4.4
\options \
###[ UDP ]###
sport = 41454
dport = domain
len = None
chksum = None
###[ DNS ]###
id = 0
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 1
\qd \
|###[ DNS Question Record ]###
| qname = 'google.com'
| qtype = ALL
| qclass = IN
an = None
ns = None
\ar \
|###[ DNS OPT Resource Record ]###
| rrname = '.'
| type = OPT
| rclass = 3000
| extrcode = 0
| version = 0
| z = D0
| rdlen = None
| \rdata \
a[0].show()の出力:
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = **496**
id = 41777
flags =
frag = 0L
ttl = 56
proto = udp
chksum = 0xfb3
src = 8.8.4.4
dst = 192.168.1.100
\options \
###[ UDP ]###
sport = domain
dport = 41454
len = 476
chksum = 0x2fef
###[ DNS ]###
id = 0
qr = 1L
opcode = QUERY
aa = 0L
tc = 0L
rd = 1L
ra = 1L
z = 0L
ad = 0L
cd = 0L
rcode = ok
qdcount = 1
ancount = 19
nscount = 0
arcount = 1
\qd \
|###[ DNS Question Record ]###
| qname = 'google.com.'
| qtype = ALL
| qclass = IN
\an \
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.102'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.113'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.139'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.100'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.138'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = A
| rclass = IN
| ttl = 299
| rdlen = 4
| rdata = '74.125.68.101'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = AAAA
| rclass = IN
| ttl = 299
| rdlen = 16
| rdata = '2404:6800:4003:c02::65'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns2.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 17
| rdata = '\x00\x14\x04alt1\x05aspmx\x01l\xc0\x0c'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = SOA
| rclass = IN
| ttl = 59
| rdlen = 34
| rdata = '\xc0\xa4\tdns-admin\xc0\x0c\x07\xbe\xf2\xb0\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00<'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x00(\x04alt3\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 4
| rdata = '\x00\n\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = 257
| rclass = IN
| ttl = 21599
| rdlen = 19
| rdata = '\x00\x05issuesymantec.com'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns3.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x00\x1e\x04alt2\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns1.google.com.'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = MX
| rclass = IN
| ttl = 599
| rdlen = 9
| rdata = '\x002\x04alt4\xc0\xbd'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = TXT
| rclass = IN
| ttl = 3599
| rdlen = 36
| rdata = 'v=spf1 include:_spf.google.com ~all'
|###[ DNS Resource Record ]###
| rrname = 'google.com.'
| type = NS
| rclass = IN
| ttl = 21599
| rdlen = 16
| rdata = 'ns4.google.com.'
ns = None
\ar \
|###[ DNS OPT Resource Record ]###
| rrname = '.'
| type = OPT
| rclass = 512
| extrcode = 0
| version = 0
| z = D0
| rdlen = 0
| \rdata \
あなたは、人々がここで起こっているかを理解できるようにする[0] .summary 'の出力を()'掲載すべきです。 – Pierre
私は投稿を編集しました。 – 13loodH4t