1. 技术文章
  2. How to count ARP reply packet per minute?

How to count ARP reply packet per minute?

元气小坏坏 提交于 2019-12-08 13:39:18

问题


i'm setting up a local topology using GNS3. So there im using HUB, so the scenario is. There is 5 computer in network(computer A,B,C,D,E) And computer A have to count ARP reply packet in the network. for example computer A can detect computer B send ARP reply packet to computer C 1/minute. Let's assume computer A is a analyzer host.

  1. Computer B has an Ip : 192.168.1.2
  2. Computer C has an Ip :192.168.1.3
  3. Computer D has an Ip : 192.168.1.4
  4. Computer E has an Ip : 192.168.1.5

And i use list in dictionary phyton the code is.

from scapy.all import *
reply=[]
reply.append({"src": " ", "dst" :" ","count": 0}]

def count_reply(paket): 
    for itung in reply:
        if itung['src']==paket['src'] and itung['dst']==paket['dst']:
            itung['count']+=1
            break       
        elif itung['src'] != paket['src'] and itung['dst'] != paket['dst']:
            reply.append(paket)
            paket['count']=1

def klasifikasi(pkt):
    # arp request
    if pkt[ARP].op == 2:
        returnpaket = {'src':pkt[ARP].psrc,'dst':pkt[ARP].pdst}
        return count_reply(returnpaket)

sniff(prn=klasifikasi, filter="arp", store=0)
print(reply)

And i tried to send arp reply flooding from computer C to Computer B. The ARP reply packet that sent is 7 packet. i expected the ouput is reply=[{'count':0, 'src':" ", 'dst':" "}, {'count':7, 'src':192.168.1.3, 'dst':192.168.1.2} But the actual output is

I am following the code by using the solution that i asked yesterday here How to remove duplicate item in List? How can i solve it? Please help me this is for my homework. Thank you.


回答1:


The reason for the multiple entries in your result is, that you already have an item in your reply list ({"src": " ", "dst" :" ","count": 0}), which causes your code to always trigger the "elif" part in your loop (function count_reply).

You should check every item in your reply list before making a decision on creating a new entry or updating an existing entry.

For example:

def count_reply(paket):
    if len(reply)==0:
        paket['count'] = 1
        reply.append(paket)
        found = True
    else:
        found = False
        for itung in reply:
            if itung['src']==paket['src'] and itung['dst']==paket['dst']:
                itung['count']+=1
                found = True
                break
    if not found:
        reply.append(paket)
        paket['count']=1


来源:https://stackoverflow.com/questions/53989370/how-to-count-arp-reply-packet-per-minute

标签
python
scapy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!