pcap

问题 I want to iterate through a pcap file packet for packet using python/scapy. The file has multiple protocols. Current the iteration is protocol-specific, so the iteration makes a "jump" if the next packet is from another protocol. I don't know why it goes like this at the moment. I want packet for packet, no matter what protocol. little example: data = 'new.pcap' zz = rdpcap(data) sessions = zz.sessions() for session in sessions: for packet in sessions[session]: eth_src = packet[Ether].src eth

问题 I want to iterate through a pcap file packet for packet using python/scapy. The file has multiple protocols. Current the iteration is protocol-specific, so the iteration makes a "jump" if the next packet is from another protocol. I don't know why it goes like this at the moment. I want packet for packet, no matter what protocol. little example: data = 'new.pcap' zz = rdpcap(data) sessions = zz.sessions() for session in sessions: for packet in sessions[session]: eth_src = packet[Ether].src eth

问题 I want to iterate through a pcap file packet for packet using python/scapy. The file has multiple protocols. Current the iteration is protocol-specific, so the iteration makes a "jump" if the next packet is from another protocol. I don't know why it goes like this at the moment. I want packet for packet, no matter what protocol. little example: data = 'new.pcap' zz = rdpcap(data) sessions = zz.sessions() for session in sessions: for packet in sessions[session]: eth_src = packet[Ether].src eth

问题 I am stuck. I have used PCAP.NET to read .PCAP files and write the packets into a database. Now I can query the database and get packets back that match the constraints. I need a way to write the results to a new .PCAP file. The problem is that, as far as I can tell, the only way to generate a new PCAP file is via the DumpFile which can only be initialized via a PacketCommunicator that is itself tied to a PacketDevice. an example can be seen here: http://pcapdotnet.codeplex.com/wikipage?title

问题 I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it. There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics. How do I analyse a package capture containing SSL-traffic with Python? 回答1: I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records

问题 I have a bunch of tcp dumps, which contain SSL traffic. I'm also provided with the RSA private key to decrypt it. There are a few reasons, why opening them in Wireshark is not really an option, so my goal is to do some statistics on them with Python. So far I've been using Scapy and dpkt for these type of statistics. How do I analyse a package capture containing SSL-traffic with Python? 回答1: I am working on SSL/TLS layers for scapy. Besides providing interfaces for TLSMessages (Records

问题 I'm trying to merge numerous pcap files together for post-processing after capture, however, I need to retain information about the source file of each packet (the file name contains information about the network tap source). This information isn't available anywhere in the packets themselves. My idea is to use the convenience of pcapng which allows adding a frame comment (frame.comment) to a packet and which can be done programmatically using editcap. I could use this to add information from

问题 I’ve written a C program which write a valid PCAP file into a malloc’ed chunk of memory: u_char* myPCAP = writePCAP( ... ); The program works wonderfully, and if I write myPCAP to a file, I can read that file in Wireshark and everything. So I know that everything is working. But now, I want to assign myPCAP a pcap_t* file descriptor and pass that FD to another program. (nDPI, for those who are curious.) How could I do this? I was hoping this would work: pcap_t* pcap = fdopen( ((int*)myPCAP),

问题 I am trying to simply parse through data in a packet capture. I've taken examples just to see if I could compile and I end up with an error. Below is the code. import dpkt import sys f = open('test.pcap') pcap = dpkt.pcap.Reader(f) for ts, buf in pcap: eth = dpkt.ethernet.Ethernet(buf) ip = eth.data tcp = ip.data f.close() The error I get is the following:File "inspection.py", line 15, in tcp = ip.data AttributeError: 'str' object has no attribute 'data' Any help would be appreciated. 回答1:

问题 I'm trying to generate a list of all domain names and their corresponding IP addresses from a pcap file, using dpkt library available here My code is mostly based on this filename = raw_input('Type filename of pcap file (without extention): ') path = 'c:/temp/PcapParser/' + filename + '.pcap' f = open(path, 'rb') pcap = dpkt.pcap.Reader(f) for ts, buf in pcap: #make sure we are dealing with IP traffic try: eth = dpkt.ethernet.Ethernet(buf) except: continue if eth.type != 2048: continue #make