使用 Python 3.9 从 PCAP 文件解析有效负载

问题描述 投票:0回答:0

我对从 PCAP 文件中提取的以下有效载荷有疑问。

msg = '\x00`\x03\x03\x00\x00\x00\x00\x0f\x00\x00\x01*\x00\x01\x7f4\x05\x00\x00\x01\x00^\x7f*c(c{\x0f\x00 I\x08\x00E\x00\x05\x02r\x00\x00\x01\x1170e*c\r\r\x05\x14s5\x01\x14MPCH\x00\x07f1\x08VSomvssd\x00\x00\x00.\x00[1765416: EventgroupStateSubscriptionRenewal]\x00\x00\x00\x00\x0f\x00OnOfferService\x00\x00\x00\x00\x02\x00:\x00#\x00\x00\x00u\x00\x00\x00\x00\x00\x00\x03\x00: \x00\x00\x00\x00P\x00Multicast OfferService received before SubscribeEventgroupAck for Eventgroup 0x\x00B\x00\x01\x00\x01\x00\x00\x00\x00:\x00. Sending StopSubscribeEventgroup and SubscribeEventgroup\x005\x00nMPCH\x00\x07cA\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00nMPCH\x00\x07eA\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00nMPCH\x00\x07g\x14A\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00UMPCH\x00\x07f$A\x01PHEHPMSC\x00\x00\x009\x00State proxy connection ok. Calling state change callback\x005\x00AMPCH\x00\x07f$A\x02PHEHPMSC\x00\x00\x00\x16\x00MSM updated state to:\x00\x00\x00\x00\t\x00Shutdown\x005\x00NMPCH\x00\x07f$A\x01PHEHSVSN\x00\x00\x002\x00Notified about state change. Not in state Running\x005\x00UMPCH\x00\x07f.A\x01PHEHPMSC\x00\x00\x009\x00State proxy connection ok. Calling state change callback\x005\x00AMPCH\x00\x07f.A\x02PHEHPMSC\x00\x00\x00\x16\x00MSM updated state to:\x00\x00\x00\x00\t\x00Shutdown\x005\x00NMPCH\x00\x07f.A\x01PHEHSVSN\x00\x00\x002\x00Notified about state change. Not in state Running\x005\x00MPCH\x00\x07e1\x05EM\x00\x00prlf\x00\x00\x00\r\x00Application \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x005\x00) violated termination timeout in state Terminating.\x005\x00qMPCH\x00\x07e!\x05EM\x00\x00prlf\x00\x00\x00 \x00Forcefully terminate (SIGKILL) \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x00\x03\x00).\x005\x00MPCH\x00\x07eQ\x05EM\x00\x00prlf\x00\x00\x00\t\x00Process \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x00,\x00) terminated and closed all IPC connections\x00\x13G\x05'

我的目标是将其保存到 CSV 文件中。

我遵循了这种方法:

...
import codecs
import pandas as pd

msg = '\x00`\x03\x03\x00\x00\x00\x00\x0f\x00\x00\x01*\x00\x01\x7f4\x05\x00\x00\x01\x00^\x7f*c(c{\x0f\x00 I\x08\x00E\x00\x05\x02r\x00\x00\x01\x1170e*c\r\r\x05\x14s5\x01\x14MPCH\x00\x07f1\x08VSomvssd\x00\x00\x00.\x00[1765416: EventgroupStateSubscriptionRenewal]\x00\x00\x00\x00\x0f\x00OnOfferService\x00\x00\x00\x00\x02\x00:\x00#\x00\x00\x00u\x00\x00\x00\x00\x00\x00\x03\x00: \x00\x00\x00\x00P\x00Multicast OfferService received before SubscribeEventgroupAck for Eventgroup 0x\x00B\x00\x01\x00\x01\x00\x00\x00\x00:\x00. Sending StopSubscribeEventgroup and SubscribeEventgroup\x005\x00nMPCH\x00\x07cA\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00nMPCH\x00\x07eA\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00nMPCH\x00\x07g\x14A\x01CSADAA\x00\x00\x00\x00\x00R\x00Intel STL Voltage monitoring passed, reset debounce_counter and report checkpoint\x005\x00UMPCH\x00\x07f$A\x01PHEHPMSC\x00\x00\x009\x00State proxy connection ok. Calling state change callback\x005\x00AMPCH\x00\x07f$A\x02PHEHPMSC\x00\x00\x00\x16\x00MSM updated state to:\x00\x00\x00\x00\t\x00Shutdown\x005\x00NMPCH\x00\x07f$A\x01PHEHSVSN\x00\x00\x002\x00Notified about state change. Not in state Running\x005\x00UMPCH\x00\x07f.A\x01PHEHPMSC\x00\x00\x009\x00State proxy connection ok. Calling state change callback\x005\x00AMPCH\x00\x07f.A\x02PHEHPMSC\x00\x00\x00\x16\x00MSM updated state to:\x00\x00\x00\x00\t\x00Shutdown\x005\x00NMPCH\x00\x07f.A\x01PHEHSVSN\x00\x00\x002\x00Notified about state change. Not in state Running\x005\x00MPCH\x00\x07e1\x05EM\x00\x00prlf\x00\x00\x00\r\x00Application \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x005\x00) violated termination timeout in state Terminating.\x005\x00qMPCH\x00\x07e!\x05EM\x00\x00prlf\x00\x00\x00 \x00Forcefully terminate (SIGKILL) \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x00\x03\x00).\x005\x00MPCH\x00\x07eQ\x05EM\x00\x00prlf\x00\x00\x00\t\x00Process \x00\x00\x00\x00\x16\x00sshd_wrapper_instance\x00\x00\x00\x00\x02\x00(\x00#\x00\x00\x00-\x1b\x00\x00\x00\x00,\x00) terminated and closed all IPC connections\x00\x13G\x05'
df = pd.DataFrame()
df['Crash'] = codecs.decode(msg, errors='ignore')
df.to_csv("crash.csv")

当我做 

print(msg)
我得到(正是我想保存在 CSV 文件中的内容):

Application sshd_wrapper_instance(#-5) violated termination timeout in state Terminating.5qMPCHe!EMprlf Forcefully terminate (SIGKILL) sshd_wrapper_instance(#-).5MPCHeQEMprlf  Process sshd_wrapper_instance(#-,) terminated and closed all IPC connectionsG_counter and report checkpoint5nMPCHeACSADAARIntel STL Voltage monitoring passed, reset debounce_counter and report checkpoint5nMPCHgACSADAARIntel STL Voltage monitoring passed, reset debounce_counter and report checkpoint5UMPCHf$APHEHPMSC9State proxy connection ok. Calling state change callback5AMPCHf$APHEHPMSCMSM updated state to: Shutdown5NMPCHf$APHEHSVSN2Notified about state change. Not in state Running5UMPCHf.APHEHPMSC9State proxy connection ok. Calling state change callback5AMPCHf.APHEHPMSCMSM updated state to: Shutdown5NMPCHf.APHEHSVSN2Notified about state change. Not in state Running5MPCHe1EMprlf

与CSV文件完全不同:


s5MPCHf1VSomvssd.[1765416: EventgroupStateSubscriptionRenewal]OnOfferService:#u: PMulticast OfferService received before SubscribeEventgroupAck for Eventgroup 0xB:. Sending StopSubscribeEventgroup and SubscribeEventgroup5nMPCHcACSADAARIntel STL Voltage monitoring passed, reset debounce_counter and report checkpoint5nMPCHeACSADAARIntel STL Voltage monitoring passed, reset debounce_counter and report checkpoint5nMPCHgACSADAARIntel STL Voltage monitoring passed, reset debounce_counter and report checkpoint5UMPCHf$APHEHPMSC9State proxy connection ok. Calling state change callback5AMPCHf$APHEHPMSCMSM updated state to:    Shutdown5NMPCHf$APHEHSVSN2Notified about state change. Not in state Running5UMPCHf.APHEHPMSC9State proxy connection ok. Calling state change callback5AMPCHf.APHEHPMSCMSM updated state to: Shutdown5NMPCHf.APHEHSVSN2Notified about state change. Not in state Running5MPCHe1EMprlf
Application sshd_wrapper_instance(#-5) violated termination timeout in state Terminating.5qMPCHe!EMprlf Forcefully terminate (SIGKILL) sshd_wrapper_instance(#-).5MPCHeQEMprlf  Process sshd_wrapper_instance(#-,) terminated and closed all IPC connectionsG

谢谢你的帮助!

python pandas string byte pcap
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.