dpkt tutorial summary

原文:http://www.commercialventvac.com/dpkt.html#mozTocId305148

 

dpkt.ethernet.Ethernet

dpkt.ethernet.Ethernet has attributes 'data', 'dst', 'get_type', 'ip', 'pack', 'pack_hdr', 'set_type', 'src', 'type', 'unpack']

data

Contains the data payload of the ethernet packet.

dst

Contains the destination address of the ethernet packet as a 6 byte strings.

6 Byte Ethernet addresses can be converted to strings in format nn:nn:nn:nn:nn:nn with the function jeffs_dpkt.eth_addr_to_str()

get_type

Returns a class which is something from the Ethernet Type field

(Pdb) print eth._typesw.keys()
[2048, 8192, 34916, 2054, 34827, 33079, 8196, 34525]
(Pdb) print eth._typesw.values()
[<class 'dpkt.ip.IP'>, <class 'dpkt.cdp.CDP'>, <class 'dpkt.pppoe.PPPoE'>, <class 'dpkt.arp.ARP'>, <class 'dpkt.ppp.PPP'>, <class 'dpkt.ipx.IPX'>, <class 'dpkt.dtp.DTP'>, <class 'dpkt.ip6.IP6'>]
(Pdb) print eth.get_type(2048)
<class 'dpkt.ip.IP'>
(Pdb) print eth.get_type(34525)
<class 'dpkt.ip6.IP6'>
(Pdb)

src

Contains the source address of the ethernet packet as a 6 byte string.

type

Returns the Ethernet type.  For example, type 2048 (0x0800) is IPv4 and 34525 (0x86DD) is IPv6.  For a complete list of Ethernet types, refer to http://www.iana.org/assignments/ethernet-numbers

dpkt.ethernet.dpkt

['Error', 'NeedData', 'PackError', 'Packet', 'UnpackError', '_MetaPacket', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '__vis_filter', 'array', 'copy', 'hexdump', 'in_cksum', 'in_cksum_add', 'in_cksum_done', 'itertools', 'socket', 'struct']

dpkt.ethernet.stp
dpkt.ethernet.struct

dpkt.ip

dpkt.pcap.Reader(f)

dpkt.pcap.Reader(f) implements an iterator.  Each iteration returns a tuple which is a timestamp and a buffer.  The timestamp contains a time as a floating point number.  The buffer is a complete packet.  For example:

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import dpkt
import sys


f = open(sys.argv[1])
pcap = dpkt.pcap.Reader(f)
frame_counter = 0
for ts, buf in pcap:
frame_counter += 1
if frame_counter > 1 :
print "%d: %f %f" % ( frame_counter, ts, ts - last_time )
last_time = ts

f.close()

 

你可能感兴趣的:(RIA)