Get second layer from PCAP with Python/Scapy -


i'm trying read , enumerate pcap file python when doing seem getting layer 3 data when layer 2 data present:

here's code:

import pprint scapy.all import *  target_cap = 'hello.pcap'  parser = pcapreader(root_dir + target_cap)  i,p in enumerate(parser):     pkt = p.payload     pprint.pprint(pkt)

ie output:

<ip  version=4l ihl=5l tos=0x0 len=52 id=12220 flags=df frag=0l ttl=128 proto=tcp chksum=0x453a src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390497 ack=1497344211 dataofs=5l reserved=0l flags=pa window=65325 chksum=0xe356 urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>> <ip  version=4l ihl=5l tos=0x0 len=50 id=30949 flags= frag=0l ttl=64 proto=tcp chksum=0x7c13 src=192.168.2.25 dst=192.168.2.100 options=[] |<tcp  sport=mbap dport=sddp seq=1497344211 ack=1584390509 dataofs=5l reserved=0l flags=pa window=4096 chksum=0xd17d urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x04\xff\x01\x01\x00' |>>> <ip  version=4l ihl=5l tos=0x0 len=40 id=12226 flags=df frag=0l ttl=128 proto=tcp chksum=0x4540 src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5l reserved=0l flags=a window=65315 chksum=0xe267 urgptr=0 |>> <ip  version=4l ihl=5l tos=0x0 len=52 id=12240 flags=df frag=0l ttl=128 proto=tcp chksum=0x4526 src=192.168.2.100 dst=192.168.2.25 options=[] |<tcp  sport=sddp dport=mbap seq=1584390509 ack=1497344221 dataofs=5l reserved=0l flags=pa window=65315 chksum=0xe34a urgptr=0 options=[] |<raw  load='\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01' |>>> <ip  version=4l ihl=5l tos=0x0 len=40 id=30972 flags= frag=0l ttl=64 proto=tcp chksum=0x7c06 src=192.168.2.25 dst=192.168.2.100 options=[] |<tcp  sport=mbap dport=sddp seq=1497344221 ack=1584390521 dataofs=5l reserved=0l flags=a window=4096 chksum=0xd17f urgptr=0 |<padding  load='\x00\x00\x00\x00\x00\x00' |>>>

in case i'm interested in layer 2 metadata, how can fetch instead?

your code intentionally prints payload of packet, , not headers. means print n+1st layers each time.

also, , unrelated problem, don't need enumerate in sample program.

try instead:

for p in parser:     pprint.pprint(p)

if want examine packet data instead of merely printing it, that's easy, too:

# sample code print ip/mac relationships: p in parser:     if ether in p , ip in p:         print p[ether].dst, p[ip].dst         print p[ether].src, p[ip].src

reference: http://www.secdev.org/projects/scapy/doc/index.html


Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more

Website Login Issue developed in magento -

i have website developed using magento . able login. right now, login failed. infact operations interacts user table failing. need know issue. how figure out? first clear try clear log file second make sure have not upgraded magento and 3rd make sure db accessible in magento -harry p
Read more