在 Python 2.6 中解析 PCAP [英] Parsing PCAP in Python 2.6
问题描述
我试图简单地解析数据包捕获中的数据.我已经举了一些例子,看看我是否可以编译,但最终还是会出错.下面是代码.
I am trying to simply parse through data in a packet capture. I've taken examples just to see if I could compile and I end up with an error. Below is the code.
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
f.close()
我得到的错误如下:文件inspection.py",第 15 行,在 tcp = ip.data
The error I get is the following:File "inspection.py", line 15, in tcp = ip.data
AttributeError: 'str' 对象没有属性 'data'
AttributeError: 'str' object has no attribute 'data'
任何帮助将不胜感激.
推荐答案
调用 dpkt.ethernet.Ethernet(buf)
返回一个字符串,因为以太网类无法解包 buf代码>.造成这种情况的一个可能原因是您的 pcap 文件没有将以太网作为其第 2 层协议.您可以将 pcap 加载到 Wireshark 中以确认这一点.
The call to dpkt.ethernet.Ethernet(buf)
returned a string because the Ethernet class was unable to unpack buf
. A likely cause for this is that your pcap file does not have ethernet as its layer 2 protocol. You can load the pcap into Wireshark to confirm this.
以下脚本尝试检查 pcap 文件的数据链路字段并使用适当的第 2 层 dpkt 类来解码帧:
The following script attempts to check the datalink field of the pcap file and use an appropriate layer 2 dpkt class to decode the frame:
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
if pcap.datalink() == dpkt.pcap.DLT_LINUX_SLL:
l2 = dpkt.sll.SLL(raw_pkt)
else:
l2 = dpkt.ethernet.Ethernet(buf)
ip = l2.data
tcp = ip.data
这篇关于在 Python 2.6 中解析 PCAP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!