我有一个实验室,我需要为巨大的pcap文件的每个数据包找到协议。我将创建一个字典来保存它们,但我的第一步是使用dpkt来获取信息。看起来像我想要的ip.get_proto但我错过了一些观点。我正在阅读http://www.commercialventvac.com/dpkt.html#mozTocId839997
#!/usr/bin/python
# -*- coding: utf-8 -*-
import dpkt
import socket
import sys
import datetime
import matplotlib.pyplot as ploot
import numpy as arrayNum
from collections import Counter
packets = 0
protocolDist = {}
f = open('bob.pcap')
#f = open('trace1.pcap')
pcap = dpkt.pcap.Reader(f)
print "Maj Version: " , dpkt.pcap.PCAP_VERSION_MAJOR
print "Min Version: " , dpkt.pcap.PCAP_VERSION_MINOR
print "Link Layer " , pcap.datalink()
print "Snap Len: " , pcap.snaplen
# How many packets does the trace contain? Count timestamps
# iterate through packets, we get a timestamp (ts) and packet data buffer (buf)
for ts,buf in pcap:
packets += 1
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
# what is the timestamp of the first packet in the trace?
if packets == 1:
first = ts
print "The first timestamp is %f " % (first)
print ip.get_proto
break
# What is the average packet rate? (packets/second)
# The last time stamp
last = ts
print "The last timestamp is %f " % (ts)
print "The total time is %f " % (last - first)
print "There are %d " % (packets)
#print "The packets/second %f " % (packets/(last-first))
# what is the protocol distribution?
# use dictionary
f.close()
sys.exit(0)
答案 0 :(得分:2)
检查ip.p 它返回与协议号对应的数字。例如,UDP有17。 ot chec
干杯
答案 1 :(得分:0)
如果要获取IP协议号,可以使用
ip.get_proto(ip.p)
此帮助器功能将协议编号转换为协议类。检出https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml以获得IP协议的正式列表。有时以人类可读的格式获取表示很有用。我发现使用__name__来获取字符串很有用。
proto = ip.get_proto(ip.p).__name__
print(proto)
>>> 'TCP'