pcap帧内容到Erlang中的字符

我有以下格式的pcap帧内容：

[{frame,1,
    {1491,213,861700},
    87,87,false,
    <<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,18,
      106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,0,0,2,
      0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,97,108,0,
      0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>},
 {ethernet,<<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,
         18,106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,
         0,0,2,0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,
         97,108,0,0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>}]

线鲨式包解剖 很久以前，我在处理pcap数据，并编写代码来解码各种常见的数据包类型

您可以使用

enet\u codec:decode（eth，PktData，[{decode\u types，all}]）

将pcap帧中的数据转换为可读数据包：

Data = [{frame,1,
         {1491,213,861700},
         87,87,false,
         <<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,18,
           106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,0,0,2,
           0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,97,108,0,
           0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>},
        {ethernet,<<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,
                    18,106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,
                    0,0,2,0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,
                    97,108,0,0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>}].

rr("include/enet_types.hrl"). % Load record definitions into the shell
PktData = element(7, hd(Data)). % Grab the ethernet frame binary
rp(enet_codec:decode(eth, element(7, hd(Data)), [{decode_types, all}])). % Decode and print

#eth{src = "00:50:56:C0:00:08",dst = "01:00:5E:00:00:FB",
     type = ipv4,
     data = #ipv4{vsn = 4,hlen = 5,diffserv = 0,totlen = 73,
                  id = 17452,flags = [],frag_offset = 0,ttl = 255,proto = udp,
                  hdr_csum = correct,
                  src = <<172,16,216,1>>,
                  dst = <<224,0,0,251>>,
                  options = [],
                  data = #udp{src_port = <<"mdns">>,dst_port = <<"mdns">>,
                              length = 53,
                              csum = {incorrect,35598},
                              data = [{dns_header,0,0,0,0,0,0,0,0,0},
                                      [{dns_query,"_ipp._tcp.local",ptr,in},
                                       {dns_query,"_ipps._ipps._tcp.local",ptr,in}],
                                      [],[],[]]}}}

线鲨式包解剖 很久以前，我在处理pcap数据，并编写代码来解码各种常见的数据包类型

您可以使用

enet\u codec:decode（eth，PktData，[{decode\u types，all}]）

将pcap帧中的数据转换为可读数据包：

Data = [{frame,1,
         {1491,213,861700},
         87,87,false,
         <<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,18,
           106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,0,0,2,
           0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,97,108,0,
           0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>},
        {ethernet,<<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,
                    18,106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,
                    0,0,2,0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,
                    97,108,0,0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>}].

rr("include/enet_types.hrl"). % Load record definitions into the shell
PktData = element(7, hd(Data)). % Grab the ethernet frame binary
rp(enet_codec:decode(eth, element(7, hd(Data)), [{decode_types, all}])). % Decode and print

#eth{src = "00:50:56:C0:00:08",dst = "01:00:5E:00:00:FB",
     type = ipv4,
     data = #ipv4{vsn = 4,hlen = 5,diffserv = 0,totlen = 73,
                  id = 17452,flags = [],frag_offset = 0,ttl = 255,proto = udp,
                  hdr_csum = correct,
                  src = <<172,16,216,1>>,
                  dst = <<224,0,0,251>>,
                  options = [],
                  data = #udp{src_port = <<"mdns">>,dst_port = <<"mdns">>,
                              length = 53,
                              csum = {incorrect,35598},
                              data = [{dns_header,0,0,0,0,0,0,0,0,0},
                                      [{dns_query,"_ipp._tcp.local",ptr,in},
                                       {dns_query,"_ipps._ipps._tcp.local",ptr,in}],
                                      [],[],[]]}}}

---

将二进制整数保留列表转换为实表示方式Wireshark表示的方式--发布您想要的结果如何？将二进制整数保留列表转换为实表示方式Wireshark表示的方式--发布您想要的结果如何？谢谢您的回答。但是，我无法将其完全转换为以下格式（如Wireshark）。0x0000:45000049 442c 0000 ff11 126a ac10 d801 E..ID….j。。。。0x0010:e000 00fb 14e9 14e9 0035 8b0e 0000……5。。。。。。0x0020:0002 0000 0000 045f 6970 7004 5f74……。\u ipp.\u 0x0030:6370 056c 6f63 616c 0000 0C000 0105 5f69 cp.local……\u i 0x0040:7070 73c0 1100 0C000 01 pps……哦-您想要原始字节的十六进制转储还是什么

enet\u if\u dump:hextblock（PktData）

执行偏移和十六进制打印位。您可以扩展该代码，在每行十六进制之后打印ascii版本，以获得您在注释中提到的格式。谢谢您的回答。但是，我无法将其完全转换为以下格式（如Wireshark）。0x0000:45000049 442c 0000 ff11 126a ac10 d801 E..ID….j。。。。0x0010:e000 00fb 14e9 14e9 0035 8b0e 0000……5。。。。。。0x0020:0002 0000 0000 045f 6970 7004 5f74……。\u ipp.\u 0x0030:6370 056c 6f63 616c 0000 0C000 0105 5f69 cp.local……\u i 0x0040:7070 73c0 1100 0C000 01 pps……哦-您想要原始字节的十六进制转储还是什么

enet\u if\u dump:hextblock（PktData）

执行偏移和十六进制打印位。您可以扩展该代码，在每行十六进制之后打印ascii版本，以获得您在注释中提到的格式。

Pkt = <<1,0,94,0,0,251,0,80,86,192,0,8,8,0,69,0,0,73,68,44,0,0,255,17,
        18,106,172,16,216,1,224,0,0,251,20,233,20,233,0,53,139,14,0,0,0,
        0,0,2,0,0,0,0,0,0,4,95,105,112,112,4,95,116,99,112,5,108,111,99,
        97,108,0,0,12,0,1,5,95,105,112,112,115,192,17,0,12,0,1>>.

% This gives you a giant iolist with the formatted Wireshark style hexdump.
enet_if_dump:hexdump(Pkt).
% To inspect it you need to then do something like:
io:format("~s~n", [enet_if_dump:hexdump(Pkt)]). % which produces:

0x0000:  0100 5e00 00fb 0050 56c0 0008 0800 4500 ..^....PV.....E.
0x0010:  0049 442c 0000 ff11 126a ac10 d801 e000 .ID,.....j......
0x0020:  00fb 14e9 14e9 0035 8b0e 0000 0000 0002 .......5........
0x0030:  0000 0000 0000 045f 6970 7004 5f74 6370 ......._ipp._tcp
0x0040:  056c 6f63 616c 0000 0c00 0105 5f69 7070 .local......_ipp
0x0050:  73c0 1100 0c00 1                        s......