Python和libpcap.查找数据包的源mac地址 [英] Python and libpcap. find source mac address of packet
问题描述
我正在编写python程序以使用pcap构建mac地址缓存.但是python的pcap模块没有好的文档.我发现此页面 http://pylibpcap.sourceforge.net/具有代码示例,并且可以正常运行.
I'm writing python program to build mac-address cache using pcap. But pcap module for python has no good documentation. I have found this page http://pylibpcap.sourceforge.net/ with code example and it works fine.
有人可以修改此示例以使其能够显示每个数据包的源mac地址吗?或指向我可以阅读的文档...
Can anybody modify this example to make it able to show the source mac-address for each packet? Or point me to the documentation where I can read about it ...
已更新
这是一个代码部分,其中剪切了有关mac地址的信息.
Here is a code part where information about mac addresses were cut.
def print_packet(pktlen, data, timestamp):
if not data:
return
if data[12:14]=='\x08\x00':
decoded=decode_ip_packet(data[14:])
print '\n%s.%f %s > %s' % (time.strftime('%H:%M',
time.localtime(timestamp)),
timestamp % 60,
decoded['source_address'],
decoded['destination_address'])
for key in ['version', 'header_len', 'tos', 'total_len', 'id',
'flags', 'fragment_offset', 'ttl']:
print ' %s: %d' % (key, decoded[key])
print ' protocol: %s' % protocols[decoded['protocol']]
print ' header checksum: %d' % decoded['checksum']
print ' data:'
dumphex(decoded['data'])
数据中的前14个八位位组是目标,源mac-addr和以太类型.
First 14 octets in data are destination, source mac-addr and ether type.
decoded=decode_ip_packet(data[14:])
我需要解析它们以获得此信息.任务完成了.
I need to parse them to get this info. Task is done.
推荐答案
Google以太网帧格式".数据包的前6个八位位组是目标MAC地址,紧随其后的是源MAC地址的6个八位位组.
Google "Ethernet frame formats". The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address.
此 Wikipedia页面可能会有所帮助.
这篇关于Python和libpcap.查找数据包的源mac地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!