Get second layer from PCAP with Python/Scapy -


i'm trying read , enumerate pcap file python when doing seem getting layer 3 data when layer 2 data present:

here's code:

import pprint scapy.all import *  target_cap = 'hello.pcap'  parser = pcapreader(root_dir + target_cap)  i,p in enumerate(parser):     pkt = p.payload     pprint.pprint(pkt)

ie output:

<ip  version=4l ihl=5l tos=0x0 len=52 id=12220 flags=df frag=0l ttl=128 proto=tcp chksum=0x453a src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390497 ack=1497344211 dataofs=5l reserved=0l flags=pa window=65325 chksum=0xe356 urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>> <ip  version=4l ihl=5l tos=0x0 len=50 id=30949 flags= frag=0l ttl=64 proto=tcp chksum=0x7c13 src=192.168.2.25 dst=192.168.2.100 options=[] |<tcp  sport=mbap dport=sddp seq=1497344211 ack=1584390509 dataofs=5l reserved=0l flags=pa window=4096 chksum=0xd17d urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x04\xff\x01\x01\x00' |>>> <ip  version=4l ihl=5l tos=0x0 len=40 id=12226 flags=df frag=0l ttl=128 proto=tcp chksum=0x4540 src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5l reserved=0l flags=a window=65315 chksum=0xe267 urgptr=0 |>> <ip  version=4l ihl=5l tos=0x0 len=52 id=12240 flags=df frag=0l ttl=128 proto=tcp chksum=0x4526 src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5l reserved=0l flags=pa window=65315 chksum=0xe34a urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>> <ip  version=4l ihl=5l tos=0x0 len=40 id=30972 flags= frag=0l ttl=64 proto=tcp chksum=0x7c06 src=192.168.2.25 dst=192.168.2.100 options=[] |<tcp  sport=mbap dport=sddp seq=1497344221 ack=1584390521 dataofs=5l reserved=0l flags=a window=4096 chksum=0xd17f urgptr=0 |<padding  load='\x00\x00\x00\x00\x00\x00' |>>>

in case i'm interested in layer 2 metadata, how can fetch instead?

your code intentionally prints payload of packet, , not headers. means print n+1st layers each time.

also, , unrelated problem, don't need enumerate in sample program.

try instead:

for p in parser:     pprint.pprint(p)

if want examine packet data instead of merely printing it, that's easy, too:

# sample code print ip/mac relationships: p in parser:     if ether in p , ip in p:         print p[ether].dst, p[ip].dst         print p[ether].src, p[ip].src

reference: http://www.secdev.org/projects/scapy/doc/index.html


Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

javascript - Bootstrap Popover: iOS Safari strange behaviour -

i looking through twitter bootstrap documentation, , i'm interested in implementing dismissible popover when button clicked. here example bootstrap's docs: http://getbootstrap.com/javascript/#dismiss-on-next-click when press "dismissible popover" button os x safari browser works fine. when access same link above ios safari, button not work. is, popover not dismissed on click. why button not working ios safari? the example linked using data-trigger="focus" attribute. try changing data-trigger="click" . <a tabindex="0" class="btn btn-lg btn-danger" role="button" data-toggle="popover" data-trigger="click" title="dismissible popover" data-content="and here's amazing content. it's engaging. right?">dismissible popover</a>
Read more

spring cloud - How to configure SpringCloud Eureka instance to point to https on non standard port -

i using spring boot/cloud actuator, , annotate application class @enableeurekaclient, applications comes , registers correctly eureka server. however, because configure application run on https, , on port 8444, eureka instance not registered correct protocol, instead using http. example http://localhost:8761/eureka/apps/ gives me <homepageurl>http://localhost:8444/</homepageurl> <statuspageurl>http://localhost:8444/info</statuspageurl> <healthcheckurl>http://localhost:8444/health</healthcheckurl> there no such thing securehomepageurl or securestatuspageurl - securehealthcheckurl exists. check com.netflix.appinfo.eurekainstanceconfig properties transmitted server when eureka client registers. however, having home/status/health page urls not showing https protocol doesn't mean instance isn't registered. matters whether or not secure port enabled. check following properties in client configuration: eureka.instance.se...
Read more