Question

如果你有多个vlan，你怎么能得到一个vlans列表，例如，如果我有这个包...

Layer ETH:
    Destination: 00:99:88:77:66:55 (00:99:88:77:66:55)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Address: 00:99:88:77:66:55 (00:99:88:77:66:55)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1Q Virtual LAN (0x8100)
    Source: 00:11:22:33:44:55 (00:11:22:33:44:55)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Address: 00:11:22:33:44:55 (00:11:22:33:44:55)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer VLAN:
    ...0 .... .... .... = CFI: Canonical (0)
    000. .... .... .... = Priority: Best Effort (default) (0)
    .... 0000 1100 1000 = ID: 200
    Type: 802.1Q Virtual LAN (0x8100)
Layer VLAN:
    Trailer: 8dbdde29
    ...0 .... .... .... = CFI: Canonical (0)
    000. .... .... .... = Priority: Best Effort (default) (0)
    .... 0000 0110 0100 = ID: 100
    Type: IP (0x0800)
Layer IP:
    ....
Layer UDP:
    ....

如果我使用pyshark我只得到内部vlan。

>>> print cap[0]['vlan']
Layer VLAN:
    ...0 .... .... .... = CFI: Canonical (0)
    000. .... .... .... = Priority: Best Effort (default) (0)
    .... 0000 1100 1000 = ID: 200
    Type: 802.1Q Virtual LAN (0x8100)

我希望它与tshark相同：

tshark -r filename.pcap -T fields -e vlan.id

100,200

Answer 1

在github上讨论这个讨论：https://github.com/KimiNewt/pyshark/issues/80

获得双重vlan的简单方法是：

vlan1, vlan2 = pkt[1], pkt[2]

或明确地：

vlan1, vlan2 = pkt.layers[1], pkt.layers[2]

使用pyshark显示双vlan

1 个答案: