在python中解析pcap文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18256342/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Parsing a pcap file in python
提问by Matthew Spriesterbach
I am trying to parse through a pcap file in python. My goal is to be able to pull out the type of TCP or UDP file it is and the time they start/end. Does anyone have any advice in any certain packages might be useful to use and the documentation for them or advice in general on writing it?
我正在尝试解析 python 中的 pcap 文件。我的目标是能够提取 TCP 或 UDP 文件的类型以及它们开始/结束的时间。有没有人在任何特定的包中提供任何可能有用的建议以及他们的文档或关于编写它的一般建议?
回答by Matt Roberts
I would use python-dpkt. Here is the documentation: http://www.commercialventvac.com/dpkt.html
我会使用python-dpkt。这是文档:http: //www.commercialventvac.com/dpkt.html
This is all I know how to do though sorry.
尽管抱歉,这就是我所知道的一切。
#!/usr/local/bin/python2.7
import dpkt
counter=0
ipcounter=0
tcpcounter=0
udpcounter=0
filename='sampledata.pcap'
for ts, pkt in dpkt.pcap.Reader(open(filename,'r')):
counter+=1
eth=dpkt.ethernet.Ethernet(pkt)
if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
continue
ip=eth.data
ipcounter+=1
if ip.p==dpkt.ip.IP_PROTO_TCP:
tcpcounter+=1
if ip.p==dpkt.ip.IP_PROTO_UDP:
udpcounter+=1
print "Total number of packets in the pcap file: ", counter
print "Total number of ip packets: ", ipcounter
print "Total number of tcp packets: ", tcpcounter
print "Total number of udp packets: ", udpcounter
Update:
更新:
