我正在尝试根据捕获的网络流量-ipcap文件以ipfix格式创建数据。为了从pcap传输数据,我使用了Scapy库和套接字模块中的低级TCP套接字。
客户: 导入套接字
from scapy.all import *
counter = 0
def send_data(packet):
global counter
# Get data payload fron Ether
sock.send(bytes(packet.payload))
counter += 1
print("Packet %d sended" % counter)
if counter >= 22:
sys.exit()
HOST, PORT = "localhost", 4739
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((HOST, PORT))
packets = sniff(offline="capture_traffic.pcap", prn=send_data)
print("Done")
IPFIX模板:
tmpl = ipfix.template.for_specs(261, "flowStartMilliseconds",
"flowEndMilliseconds",
"sourceIPv4Address",
"destinationIPv4Address",
"sourceTransportPort",
"destinationTransportPort",
"protocolIdentifier",
"octetDeltaCount",
"packetDeltaCount")
我的问题是如何使用ipfix模块接收传输的数据并将其解析为ipfix格式。