python / dpkt：判断数据包是tcp数据包还是udp数据包，

发布于 2024-12-26 22:34:57 字数 434 浏览 2 评论 0原文

我有一个 python 脚本，它使用 dpkt 捕获以太网上的数据包，但我如何区分哪些数据包是 tcp，哪些数据包是 udp。

最终我想要一个在时间间隔期间建立的每个 TCP 连接的数据包列表。

我的代码是：

import dpkt
import pcapy
cap=pcap.open_live('eth0',100000,1,0)
(header,payload)=cap.next()
while header:
    eth=dpkt.ethernet.Ethernet(str(payload))
    ip=eth.data
    tcp=ip.data 
    # i need to know whether it is a tcp or  a udp packet here!!!
    (header,payload)=cap.next()

原文

I have a python scripts that captures the packets on the ethernet using dpkt, but how do i differentiate between which packets are tcp and which ones are for udp.

Eventually i would like to have a list of packets for each tcp connection that was established during the time interval.

my code is:

import dpkt
import pcapy
cap=pcap.open_live('eth0',100000,1,0)
(header,payload)=cap.next()
while header:
    eth=dpkt.ethernet.Ethernet(str(payload))
    ip=eth.data
    tcp=ip.data 
    # i need to know whether it is a tcp or  a udp packet here!!!
    (header,payload)=cap.next()

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

心如狂蝶 2025-01-02 22:34:59

IP 标头包含字段协议。 dpkt 应该允许您获取此值，并使用它您可以猜测 IP 之上的内容。以下是有效协议编号的列表 http://www.iana.org/assignments/protocol-数字/protocol-numbers.xml。
UDP 等于 17，而 TCP 等于 6。

编辑：
我已经检查过这个问题，正如我提到的，dpkg 提供 p 属性来访问 IP 的协议字段。所以你可以再检查一下。但它也会自动解析数据包并将 data 属性设置为代表上层协议（如 UDP 或 TCP）的类的实例。因此，您可以检查 data 属性的类型并识别该协议。

from dpkt.ip import IP, IP_PROTO_UDP
from dpkt.udp import UDP
ip = IP('E\x00\x00"\x00\x00\x00\x00@\x11r\xc0\x01\x02\x03\x04\x01\x02\x03\x04\x00o\x00\xde\x00\x0e\xbf5foobar')
#if ip.p == IP_PROTO_UDP:  # checking for protocol field in ip header
if type(ip.data) == UDP :  # checking of type of data that was recognized by dpkg
    udp = ip.data
    print udp.sport
else:
    print "Not UDP"

IP header contains field protocol. dpkt should allow you to obtain this value and using it you can guess what is on top of IP. Here is a list of valid protocols numbers http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml.
UDP is equal to 17 while TCP is 6.

Edit:
I have checked this issue and as I mentioned dpkg provide p properties to access protocol field of IP. So you can check agains it. But it also automatically parse packet and set data property to instance of class that represent upper protocol like UDP or TCP. So you can check type of data property and you recognize this protocol.

from dpkt.ip import IP, IP_PROTO_UDP
from dpkt.udp import UDP
ip = IP('E\x00\x00"\x00\x00\x00\x00@\x11r\xc0\x01\x02\x03\x04\x01\x02\x03\x04\x00o\x00\xde\x00\x0e\xbf5foobar')
#if ip.p == IP_PROTO_UDP:  # checking for protocol field in ip header
if type(ip.data) == UDP :  # checking of type of data that was recognized by dpkg
    udp = ip.data
    print udp.sport
else:
    print "Not UDP"

回复收藏 0 原文

诗笺 2025-01-02 22:34:59

使用 dpkt 捕获以太网适配器 eth0 上的数据包的 Python 脚本，以及区分IP的TCP和UDP数据包。

import dpkt
import pcapy

cap=pcapy.open_live('eth0',100000,1,0)
(header,payload)=cap.next()

while header:
    eth=dpkt.ethernet.Ethernet(str(payload))

    # Check whether IP packets: to consider only IP packets 
    if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
            continue
            # Skip if it is not an IP packet
    ip=eth.data
    if ip.p==dpkt.ip.IP_PROTO_TCP: # Check for TCP packets
           TCP=ip.data 
           # ADD TCP packets Analysis code here
    elif ip.p==dpkt.ip.IP_PROTO_UDP: # Check for UDP packets
           UDP=ip.data 
           # UDP packets Analysis code here

    (header,payload)=cap.next()

A python script that captures the packets on the ethernet adapter eth0 using dpkt, and differentiates between TCP and UDP packets of the IP.

import dpkt
import pcapy

cap=pcapy.open_live('eth0',100000,1,0)
(header,payload)=cap.next()

while header:
    eth=dpkt.ethernet.Ethernet(str(payload))

    # Check whether IP packets: to consider only IP packets 
    if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
            continue
            # Skip if it is not an IP packet
    ip=eth.data
    if ip.p==dpkt.ip.IP_PROTO_TCP: # Check for TCP packets
           TCP=ip.data 
           # ADD TCP packets Analysis code here
    elif ip.p==dpkt.ip.IP_PROTO_UDP: # Check for UDP packets
           UDP=ip.data 
           # UDP packets Analysis code here

    (header,payload)=cap.next()

回复收藏 0 原文

~没有更多了~