Python和libpcap.查找数据包的源mac地址 [英] Python and libpcap. find source mac address of packet

问题描述

我正在编写python程序以使用pcap构建mac地址缓存.但是python的pcap模块没有好的文档.我发现此页面 http://pylibpcap.sourceforge.net/具有代码示例，并且可以正常运行.

I'm writing python program to build mac-address cache using pcap. But pcap module for python has no good documentation. I have found this page http://pylibpcap.sourceforge.net/ with code example and it works fine.

有人可以修改此示例以使其能够显示每个数据包的源mac地址吗?或指向我可以阅读的文档...

Can anybody modify this example to make it able to show the source mac-address for each packet? Or point me to the documentation where I can read about it ...

已更新

这是一个代码部分，其中剪切了有关mac地址的信息.

Here is a code part where information about mac addresses were cut.

def print_packet(pktlen, data, timestamp):
  if not data:
    return

  if data[12:14]=='\x08\x00':
    decoded=decode_ip_packet(data[14:])
    print '\n%s.%f %s > %s' % (time.strftime('%H:%M',
                                           time.localtime(timestamp)),
                             timestamp % 60,
                             decoded['source_address'],
                             decoded['destination_address'])
    for key in ['version', 'header_len', 'tos', 'total_len', 'id',
                'flags', 'fragment_offset', 'ttl']:
      print '  %s: %d' % (key, decoded[key])
    print '  protocol: %s' % protocols[decoded['protocol']]
    print '  header checksum: %d' % decoded['checksum']
    print '  data:'
    dumphex(decoded['data'])

数据中的前14个八位位组是目标，源mac-addr和以太类型.

First 14 octets in data are destination, source mac-addr and ether type.

    decoded=decode_ip_packet(data[14:])

我需要解析它们以获得此信息.任务完成了.

I need to parse them to get this info. Task is done.

推荐答案

Google以太网帧格式".数据包的前6个八位位组是目标MAC地址，紧随其后的是源MAC地址的6个八位位组.

Google "Ethernet frame formats". The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address.

此 Wikipedia页面可能会有所帮助.

这篇关于Python和libpcap.查找数据包的源mac地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！