在 Python 2.6 中解析 PCAP
我试图简单地解析数据包捕获中的数据。我举了一些例子只是为了看看是否可以编译,但最终出现了错误。下面是代码。
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
f.close()
我得到的错误如下:File "inspection.py", line 15, in tcp = ip.data
AttributeError: 'str' object has no attribute 'data'
任何帮助将不胜感激。
I am trying to simply parse through data in a packet capture. I've taken examples just to see if I could compile and I end up with an error. Below is the code.
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
f.close()
The error I get is the following:File "inspection.py", line 15, in tcp = ip.data
AttributeError: 'str' object has no attribute 'data'
Any help would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对
dpkt.ethernet.Ethernet(buf)的调用返回了一个字符串,因为以太网类无法解压buf。造成这种情况的可能原因是您的 pcap 文件没有以太网作为其第 2 层协议。您可以将 pcap 加载到 Wireshark 中来确认这一点。以下脚本尝试检查 pcap 文件的数据链路字段并使用适当的第 2 层 dpkt 类来解码帧:
The call to
dpkt.ethernet.Ethernet(buf)returned a string because the Ethernet class was unable to unpackbuf. A likely cause for this is that your pcap file does not have ethernet as its layer 2 protocol. You can load the pcap into Wireshark to confirm this.The following script attempts to check the datalink field of the pcap file and use an appropriate layer 2 dpkt class to decode the frame:
我为解决该问题所做的事情是:
What I did to solve the problem was: