在 Python 2.6 中解析 PCAP [英] Parsing PCAP in Python 2.6

问题描述

我试图简单地解析数据包捕获中的数据.我已经举了一些例子，看看我是否可以编译，但最终还是会出错.下面是代码.

I am trying to simply parse through data in a packet capture. I've taken examples just to see if I could compile and I end up with an error. Below is the code.

import dpkt
import sys

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data


f.close()

我得到的错误如下:文件inspection.py"，第 15 行，在 tcp = ip.data

The error I get is the following:File "inspection.py", line 15, in tcp = ip.data

AttributeError: 'str' 对象没有属性 'data'

AttributeError: 'str' object has no attribute 'data'

任何帮助将不胜感激.

推荐答案

调用 dpkt.ethernet.Ethernet(buf) 返回一个字符串，因为以太网类无法解包 buf.造成这种情况的一个可能原因是您的 pcap 文件没有将以太网作为其第 2 层协议.您可以将 pcap 加载到 Wireshark 中以确认这一点.

The call to dpkt.ethernet.Ethernet(buf) returned a string because the Ethernet class was unable to unpack buf. A likely cause for this is that your pcap file does not have ethernet as its layer 2 protocol. You can load the pcap into Wireshark to confirm this.

以下脚本尝试检查 pcap 文件的数据链路字段并使用适当的第 2 层 dpkt 类来解码帧:

The following script attempts to check the datalink field of the pcap file and use an appropriate layer 2 dpkt class to decode the frame:

import dpkt
import sys

f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    if pcap.datalink() == dpkt.pcap.DLT_LINUX_SLL:
        l2 = dpkt.sll.SLL(raw_pkt)
    else:
        l2 = dpkt.ethernet.Ethernet(buf)
    ip = l2.data
    tcp = ip.data

这篇关于在 Python 2.6 中解析 PCAP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！