发出从 pcap 文件读取数据包的问题。 dpkt 模块。什么给?
我正在运行以下测试脚本来尝试从我下载的示例 .pcap 文件中读取数据包。看来不会跑了我拥有所有模块,但似乎没有示例正在运行。
import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file("test1.pcap", "rb"))
for ts, data in pcapReader:
ether = dpkt.ethernet.Ethernet(data)
if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
ip = ether.data
src = socket.inet_ntoa(ip.src)
dst = socket.inet_ntoa(ip.dst)
print "%s -> %s" % (src, dst)
由于某种原因,这没有被正确解释。运行它时,我得到
KeyError: 138
module body in test.py at line 4
function __init__ in pcap.py at line 105
Program exited.
这是为什么?怎么了?我的安装有问题吗?我在 Mac 上使用 Python 2.6
I am running the following test script to try to read packets from a sample .pcap file I have downloaded. It won't seem to run. I have all of the modules, but no examples seem to be running.
import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file("test1.pcap", "rb"))
for ts, data in pcapReader:
ether = dpkt.ethernet.Ethernet(data)
if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
ip = ether.data
src = socket.inet_ntoa(ip.src)
dst = socket.inet_ntoa(ip.dst)
print "%s -> %s" % (src, dst)
For some reason, this is not being interpreted properly. When running it, I get
KeyError: 138
module body in test.py at line 4
function __init__ in pcap.py at line 105
Program exited.
Why is this? What's wrong? Is there an issue with my installation? I'm using Python 2.6 on a mac
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
做
而不是:
Do
Instead of:
dpkt.pcap 模块的第 105 行使用 pcap 文件的链接类型来访问链接类型映射的字典:
dltoff 字典是在模块顶部定义的,它不包含键 138,因此您会看到异常。
根据 tcpdump 的链接类型页面,LINKTYPE_APPLE_IP_OVER_IEEE1394 的链接类型值为 138。如果这不是您期望的链接类型,则 pacp 文件可能已损坏。否则,您可以尝试更新 dltoff 字典并添加 138 的条目。根据其数据包结构 其标头长度为 18 字节。因此,在 dkpt/pcap.py 的第 40 行后添加以下指令应该可行:
Line 105 of dpkt.pcap module is using the pcap file's link type to access a dictionary of link type mappings:
The dltoff dictionary is defined at the top of the module and it does not contain the key 138, hence the exception you are seeing.
According to tcpdump's link types page a value of 138 is the link type for LINKTYPE_APPLE_IP_OVER_IEEE1394. If this is not the link type you expect then the pacp file may be corrupt. Otherwise you could try updating the dltoff dictionary and add an entry for 138. According to its packet structure its header is 18 bytes long. So adding the following instructions after line 40 of dkpt/pcap.py should work:
好吧,你似乎缺乏帮助......我不知道什么是膝盖骨,所以我所能做的就是尽力帮助你自助。建议:
(1) 你看过 pcap.py 的第 105 行吗?我猜想“KeyError:138”意味着它正在尝试访问字典,但字典没有 138(或“138”)作为键。包含138的变量是什么?数据包中的一个字节?
(2) 考虑询问 pcap 的作者/维护者。
(3) 考虑为 pcap 提供 URL。
Well you seem to be short of assistance ... I don't know a pcap from a kneecap, so all I can do is try to help you help yourself. Suggestions:
(1) Have you had a look at line 105 of pcap.py? I guess that the "KeyError: 138" means that it is trying to access a dictionary, but the dictionary doesn't have 138 (or "138") as a key. What is the variable containing 138? A byte from a packet?
(2) Consider asking the author/maintainer of pcap.
(3) Consider providing a URL for pcap.
我也遇到了类似的问题,但是我是KEY ERROR 192。
我发现我的
dkpt/pcap.py不完整,是一个很旧的版本。所以我卸载了当前的软件包
使用pip安装最新的
终于解决了问题,祝你好运!
I also encountered similar problems, but I was KEY ERROR 192.
I found that my
dkpt/pcap.pyis not complete and is a very old version.So I uninstalled the current package
Use pip to intall the latest
And that finally solved the problem, good luck to you!