python读取pcap文件.docx_第1页
python读取pcap文件.docx_第2页
python读取pcap文件.docx_第3页
python读取pcap文件.docx_第4页
python读取pcap文件.docx_第5页
已阅读5页,还剩3页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

首先从最简单的以太网层开始。我们知道,目前常用的以太网帧结构有两种,一个是IEEE802.3,一个是Ethernet II,两者的区别也很清楚,就是在目的Mac地址和源Mac地址好后面的两个字节是代表长度还是类型。EtherType 是以太帧里的一个字段,用来指明应用于帧数据字段的协议。根据 IEEE802.3,Length/EtherType 字段是两个八字节的字段,含义两者取一,这取决于其数值。在量化评估中,字段中的第一个八位字节是最重要的。而当字段值大于等于十进制值 1536 (即十六进制为 0600)时, EtherType 字段表示为 MAC 客户机协议(EtherType 解释)的种类。该字段的长度和 EtherType 详解是互斥的。Ethertype(十六进制)协议0x0000 - 0x05DCIEEE 802.3 长度0x0101 0x01FF实验0x0600XEROX NS IDP0x0660 0x0661DLOG0x0800网际协议(IP)0x0801X.75 Internet0x0802NBS Internet0x0803ECMA Internet0x0804Chaosnet0x0805X.25 Level 30x0806地址解析协议(ARP : Address Resolution Protocol)0x0808帧中继 ARP (Frame Relay ARP) RFC17010x6559原始帧中继(Raw Frame Relay) RFC17010x8035动态 DARP(DRARP:Dynamic RARP)反向地址解析协议(RARP:Reverse Address Resolution Protocol)0x8037Novell Netware IPX0x809BEtherTalk0x80D5IBM SNA Services over Ethernet0x 80F 3AppleTalk 地址解析协议(AARP:AppleTalk Address Resolution Protocol)0x8100以太网自动保护开关(EAPS:Ethernet Automatic Protection Switching)0x8137因特网包交换(IPX:Internet Packet Exchange)0x 814C简单网络管理协议(SNMP:Simple Network Management Protocol)0x86DD网际协议v6 (IPv6,Internet Protocol version 6)0x880B点对点协议(PPP:Point-to-Point Protocol)0x 880C通用交换管理协议(GSMP:General Switch Management Protocol)0x8847多协议标签交换(单播) MPLS:Multi-Protocol Label Switching )0x8848多协议标签交换(组播)(MPLS, Multi-Protocol Label Switching )0x8863以太网上的 PPP(发现阶段)(PPPoE:PPP Over Ethernet )0x8864以太网上的 PPP(PPP 会话阶段) (PPPoE,PPP Over Ethernet)0x88BB轻量级访问点协议(LWAPP:Light Weight Access Point Protocol)0x88CC链接层发现协议(LLDP:Link Layer Discovery Protocol)0x8E88局域网上的 EAP(EAPOL:EAP over LAN)0x9000配置测试协议(Loopback)0x9100VLAN 标签协议标识符(VLAN Tag Protocol Identifier)0x9200VLAN 标签协议标识符(VLAN Tag Protocol Identifier)0xFFFF保留 在python中我是用一个字典来实现的:EtherType = 0x0600:XEROX NS IDP, 0x0660:DLOG, 0x0661:DLOG, 0x0800:IP, 0x0801:X.75, 0x0802:NBS, 0x0803:ECMA, 0x0804:Chaosnet, 0x0805:X.25, 0x0806:ARP, 0x0808:Frame Relay ARP, 0x6559:Raw Frame Relay, 0x8035:RARP, 0x8037:Novell Netware IPX, 0x809B:Ether Talk, 0x80d5:IBM SNA Service over Ethernet, 0x80f3:AARP, 0x8100:EAPS, 0x8137:IPX, 0x814c:SNMP, 0x86dd:IPv6, 0x880b:PPP, 0x880c:GSMP, 0x8847:MPLS(unicase), 0x8848:MPLS(multicast), 0x8863:PPPoE(Discovery stage), 0x8864:PPPoE(ppp session stage), 0x88bb:LWAPP, 0x88cc:LLDP, 0x8e88:EAP over LAN, 0x9000:Loopback, 0x9100:VLAN Tag PI, 0x9200:VLAN Tag PI, 0xffff:Reservations 然后根据二进制字符来分解:# framedata.py# !/usr/bin/pythonclass Protocol(object): def _init_(self): pass# transform like x01x0e0xb0 to 0x010eb0 def str_to_hex(self,strs): hex_data = for i in range(len(strs): tem = ord(strsi) tem = hex(tem) if len(tem)=3: tem = tem.replace(0x,0x0) tem = tem.replace(0x,) hex_data = hex_data+tem return 0x+hex_data class Ethernet(Protocol): def _init_(self,datastr=None): self.dst = None self.src = None self.ethertype = None self.len = None self.type = None self.datastr = datastr def decode(self): tem = self.str_to_hex(self.datastr0:6) self.dst = tem2:4+:+tem4:6+:+tem6:8+:+tem8:10+:+tem10:12+:+tem12:14 tem = self.str_to_hex(self.datastr6:12) self.src = tem2:4+:+tem4:6+:+tem6:8+:+tem8:10+:+tem10:12+:+tem12:14 self.unknow = self.str_to_hex(self.datastr12:14) tem = int(self.unknow,16) dststr = Destination: +self.dst srcstr = Source : +self.src if tem=1536: self.ethertype=Eternet II self.type = EtherTypeself.unknow typestr = Type: +self.type+(+self.unknow+) return self.ethertype, dststr,srcstr,typestr其中父类Protocol还在初级探索阶段,没有成型,以后会根据需要完善。测试:# !/usr/bin/pythonfrom readpcapfile import *from framedata import *data =rdpcap(C:Python25codepcapPcapReaderpcaptest_ether.pcap)for i in range(len(data): strs = datai1 test = Ethernet(strs) Ether_data = test.decode() print Ether_data结果类似于:Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)IEEE 802.3 Ethernet, Destination: 01:00:0c:cc:cc:cd, Source : 00:0a:8a:1f:55:11, Length: 50Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: ARP(0x0806)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: 00:0f:e2:d7:ef:f9, Source : 00:12:3f:92:b0:41, Type: IP(0x0800)Eternet II, Destination: ff:ff:ff:ff:ff:ff, Source : 00:0e:a6:27:07:ab, Type
人人文库> 全部分类> 教育资料 > 课设设计

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论