0

我有一个数据包,它显示是一种 vlan。我正在使用 dpkt 1.6 版本来提取字段。但是似乎不支持 vlan 类型。当条件应用为

eth = dpkt.ethernet.Ethernet(header_sampled_packet)
print eth.type

它显示类型为 0X0800,即 IP 类型,但实际上需要为 0X8100。

dpkt 不支持 VLAN 吗?还是更高版本支持。如何通过 dpkt 提取字段或是否有任何其他软件包?

我有带有 vlan 的十六进制流。这是 sflow 十六进制数据

00000005000000010a650102000000000095dd92bf1affe80000000500000001000000bc00074bfc00000028000003e81c80d0600000000000000028000f427f00000002000003e90000001000000431000000000000043100000000000000010000007c0000000100000070000000040000006c0025453a7b190064403a0f808100043108004500005a6bd84000fa11045dd501b201d5ddb37c06a506a5004600000002c5f6afc2ff0300214500003451c640003f061526d5ddbc3e5f8ce32fd13a005067004f0b8f56e39f801003eb87e400000101080a00751a0c33ebcd1c00000001000000d00011ddb8000f427f000003e845ca16c000000000000f427f000f424100000002000003e900000010000004300000000000000430000000000000000100000090000000010000058e00000004000000800064403a0f800025453a7b198100043008004500057816ca0000ff118f4fd5ddb37ad501b20106a506a5056400000202006864e60000ff0300214500055088d040003c06180a0a656c0f0aec176e1f90cfd4549878de7741e8b15010008cf2cb00005f1d9e252497a9ad4f5177e946e0175a4e1f34f8fb3b23fab47431f98ce600000001000000d0035637a8000f4280000003e88f02c86000000000000f4280000f424100000002000003e900000010000000cc00000000000000cc00000000000000010000009000000001000005e60000000400000080508789675d28a89d21971e7f810000cc0800450005d0493040003e068ddfd5ddbb1f56a678750050c326df1677527f3c59be8010013eae6600000101080a27d68472228438260f766cf2f6459ed6e28ae43b295340eac2a431eba2e48098b4e8b10918971aa5593c8dbe62f26cc9b18ec691c22f2dadf7324928501e6a1e8bbd00000001000000d0035637a9000f4280000003e88f02cc4800000000000f4280000f424100000002000003e900000010000000cc00000000000000cc00000000000000010000009000000001000005f2000000040000008040a677378fc3a89d21971e7f810000cc0800450005dca38340003e06df31d5ddbb1f5cedc67c0050ea01581379a34213ba0a50100112206100009dfe8abf109fcd304dfb7ad984bfb507e38b711a60b35d574e25f87e691bbc1d4a2f267869e7e1ef5689386e7427ef6ae7eeb2e9eef63ca9240ade82a77ea96119930745114000000001000000bc0011ddb9000f427f000003e845ca1aa800000000000f427f000f45c400000002000003e9000000100000029a000000000000029a00000000000000010000007c0000000100000070000000040000006c0025453aab190025453a7b198100029a08004500005a5a5b4000f91116dad501b201d5ddb37c06a506a5004600000002c5f6afc2ff03002145000034f34740003f063a5ad5ddbc3eb24fc9b6e0cd0050abfe7603706ab2e3801003eb716300000101080a00751a63badaf72b0000003c001c730000
4

2 回答 2

0

进入 dptk.ethernet.py 文件后,我发现 def _unpack_data(self, buf): 已经提取了 vlan 信息。

if self.type == ETH_TYPE_8021Q:
    self.tag, self.type = struct.unpack('>HH', buf[:4])
    buf = buf[4:]

我不擅长 dpkt 但我认为 self.tag 是 vlan ID 而 type 是 self.data 的类型

在我的代码中,我这样做了:

for ts, buf in pcap:
    try:
        eth = dpkt.ethernet.Ethernet(buf)
        ip = eth.data
        if eth.type == dpkt.ethernet.ETH_TYPE_PPPoE_DISC or eth.type == dpkt.ethernet.ETH_TYPE_PPPoE:
            ip = dpkt.pppoe.PPPoE(eth.data)
        if hasattr(eth, 'tag'):
            print("eth tag = %s" %(eth.tag))
    except Exception as dpkterr:
        print("Dpkt exception: %s" %(dpkterr))

这似乎有效。

于 2016-07-21T01:48:45.140 回答
0

拥有带有 vlan 标签的数据包意味着数据包中至少有 2 个 eth_type 字段。第一个表示 vlan 标签 - “802.1Q Virtual LAN (0x8100)”,第二个表示底层,在您的情况下 - “IPv4 (0x0800)”。

在较新的 dpkt 版本(1.8.8、1.9.2)中,开发人员选择将第一个标签保存为数据包的主要标签eth.type,但他们还将所有底层标签类型存储在一个列表中 - eth.vlan_tags

所以在你的情况下你会发现eth.vlan_tags[0].type == dpkt.ethernet.ETH_TYPE_IP

于 2019-12-30T18:12:07.823 回答