发表新帖
发表新帖

Parsing pcap files with dpkt (Python)

前端 未结
关注
3 1078
春和景丽
春和景丽 2021-01-05 14:15

I\'m trying to parse a previously-captured trace for HTTP headers using the dpkt module: 

import dpkt
import sys

f=file(sys.argv[1],\"rb\")
pcap=dpkt.pcap.R
3条回答
  • 遥遥无期
    遥遥无期 (楼主)
    2021-01-05 14:24

    In your python code, before assignment ip=eth.data check it that whether the Ethernet type is IP or not. If the Ethernet type is not ip do nothing to that packet. And check whether IP protocol is TCP protocol

            To Check
               1. IP packet or not
               2. TCP protocol or not

    modified your program code 

     
............            
      eth=dpkt.ethernet.Ethernet(buf)          
      ip=eth.data  
      tcp=ip.data      
      ........

    as 

        
............         
     eth=dpkt.ethernet.Ethernet(buf)  
     if eth.type!=2048: #For ipv4, dpkt.ethernet.Ethernet(buf).type =2048        
           continue         
     ip=eth.data
     if ip.p!=6:
           continue
     tcp=ip.data        
     .......

    and see whether there is any error issue.

    with regard,
    Irengbam Tilokchan Singh

    0 讨论(0)
 看不清?
提交回复
热议问题