2

我有一个实验室,我需要为一个巨大的 pcap 文件的每个数据包找到协议。我将制作一本字典来保存它们,但我的第一步只是使用 dpkt 提取信息。看起来 ip.get_proto 是我想要的,但我错过了一些要点。我正在阅读http://www.commercialventvac.com/dpkt.html#mozTocId839997 

#!/usr/bin/python
# -*- coding: utf-8 -*-

import dpkt
import socket
import sys
import datetime

import matplotlib.pyplot as ploot 
import numpy as arrayNum 
from collections import Counter 

packets = 0 

protocolDist = {}  

f = open('bob.pcap')
#f = open('trace1.pcap')
pcap = dpkt.pcap.Reader(f) 

print "Maj Version:  " , dpkt.pcap.PCAP_VERSION_MAJOR  
print "Min Version:  " , dpkt.pcap.PCAP_VERSION_MINOR 
print "Link Layer "    , pcap.datalink() 
print "Snap Len:    "  , pcap.snaplen 

# How many packets does the trace contain? Count timestamps

# iterate through packets, we get a timestamp (ts) and packet data buffer (buf)
for ts,buf in pcap:
    packets += 1
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
  # what is the timestamp of the first packet in the trace?
    if packets == 1:
        first = ts 
        print "The first timestamp is %f " % (first)    
        print ip.get_proto
        break 

# What is the average packet rate? (packets/second)     
# The last time stamp
last = ts
print "The last timestamp is %f " % (ts) 
print "The total time is %f " % (last - first)
print "There are %d " % (packets)
#print "The packets/second %f " % (packets/(last-first))    


# what is the protocol distribution?
# use dictionary 

f.close()
sys.exit(0)
4

2 回答 2

4

检查 ip.p 它返回一个与协议号对应的数字。例如,UDP 有 17. ot chec

干杯

于 2015-05-27T23:06:33.427 回答
3

如果要获取ip协议号,可以使用

ip.get_proto(ip.p)

此帮助函数将协议编号转换为协议类。查看https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml以获取 IP 协议的官方列表。有时以人类可读的格式获取表示很有用。__name__我发现用来获取字符串很有用。

proto = ip.get_proto(ip.p).__name__
print(proto)
>>> 'TCP'
于 2018-11-23T11:34:54.030 回答