Scapy 解析tcpdump

[root@bogon ~]#  tcpdump -i enahisic2i3 ether src  44:A1:91:A4:9B:EB  -env -X  -A -w test.pap
tcpdump: listening on enahisic2i3, link-type EN10MB (Ethernet), capture size 262144 bytes
^C3 packets captured
12 packets received by filter
0 packets dropped by kernel
18 packets dropped by interface
[root@bogon ~]# scapy
INFO: Can't import matplotlib. Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
WARNING: IPython not available. Using standard Python shell instead.
AutoCompletion, History are disabled.
                                      
                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.3
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | Craft packets like I craft my beer.
       scccccp///pSP///p          p//Y   |               -- Jean De Clerck
      sY/////////y  caa           S//P   |
       cayCyayP//Ya              pY/Ya
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
                                      
>>> packets = rdpcap("test.pap")
>>> packets[0]
<Ether  dst=48:57:02:64:ea:1e src=44:a1:91:a4:9b:eb type=ARP |<ARP  hwtype=0x1 ptype=IPv4 hwlen=6 plen=4 op=is-at hwsrc=44:a1:91:a4:9b:eb psrc=10.10.103.229 hwdst=48:57:02:64:ea:1e pdst=10.10.103.81 |<Padding  load='x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00' |>>>
>>> 
>>> packets[1]
<Ether  dst=48:57:02:64:ea:1e src=44:a1:91:a4:9b:eb type=IPv4 |<IP  version=4 ihl=5 tos=0x0 len=1500 id=12345 flags=MF frag=0 ttl=64 proto=udp chksum=0x418e src=10.10.103.229 dst=10.10.103.81 |<UDP  sport=krb524 dport=krb524 len=1480 chksum=0x9c09 |<Raw  load='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc' |>>>>
>>> packets[2]
<Ether  dst=48:57:02:64:ea:1e src=44:a1:91:a4:9b:eb type=IPv4 |<IP  version=4 ihl=13 tos=0x0 len=76 id=12345 flags= frag=185 ttl=64 proto=udp chksum=0x5e65 src=10.10.103.229 dst=10.10.103.81 options=[<IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>, <IPOption_EOL  copy_flag=0 optclass=control option=end_of_list |>] |<Raw  load='cccccccccccccccccccccccc' |>>>
>>>