Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/311.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 如何使用VLAN层读取数据包_Python_Wireshark_Pcap_Vlan - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 如何使用VLAN层读取数据包

Python 如何使用VLAN层读取数据包

python

Python 如何使用VLAN层读取数据包,python,wireshark,pcap,vlan,Python,Wireshark,Pcap,Vlan,我正在用Python编写一个程序来读取和解码.pcap文件中的GOOSE数据包。到目前为止,我已经能够使用Pypcapfile库读取数据包: from pcapfile import savefile file = input("Enter the name of the pcap file: ") try: pcap = open(file, 'rb') except IOError: print("No file with name \"{}\" was found.\n".

我正在用Python编写一个程序来读取和解码.pcap文件中的GOOSE数据包。到目前为止,我已经能够使用Pypcapfile库读取数据包:

from pcapfile import savefile
file = input("Enter the name of the pcap file: ")
try:
    pcap = open(file, 'rb')
except IOError:
    print("No file with name \"{}\" was found.\n".format(file))
    return
capfile = savefile.load_savefile(pcap, verbose=True)
print(capfile)
终端:

Enter the name of the pcap file: goose2.pcap
[+] attempting to load goose2.pcap
[+] found valid header
[+] loaded 8023 packets
[+] finished loading savefile.
b'little'-endian capture file version 2.4
microsecond time resolution
snapshot length: 262144
linklayer type: LINKTYPE_ETHERNET
number of packets: 8023
问题是,当我使用仅包含两个字节的VLAN头的数据包测试代码时,它表示pcap文件有0个数据包:

Enter the name of the pcap file: vlan.pcap
[+] attempting to load vlan.pcap
[+] found valid header
[+] loaded 0 packets
[+] finished loading savefile.
b'big'-endian capture file version 2.4
nanosecond time resolution
snapshot length: 65535
linklayer type: LINKTYPE_ETHERNET
number of packets: 0
我的全部代码都是围绕Pypcapfile库编写的,因此我希望避免从另一个库(如Scapy)开始。我已经尝试添加layers=参数来加载_savefile,但没有成功。有什么办法可以解决这个问题吗?

以下是我在这方面的测试方法。我从wireshark wiki抓取了vlan捕获示例并对其进行解压缩:

$ curl -o vlan.cap.gz 'https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=vlan.cap.gz'
$ gunzip vlan.cap.gz
我们可以使用例如tshark来验证此捕获是否包括VLAN标记的数据包:

$ tshark -r vlan.cap -V
Frame 1: 1518 bytes on wire (12144 bits), 1518 bytes captured (12144 bits)
[...]
Ethernet II, Src: AniCommu_40:ef:24 (00:40:05:40:ef:24), Dst: 3com_9f:b1:f3 (00:60:08:9f:b1:f3)
[...]
    Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 32
    000. .... .... .... = Priority: Best Effort (default) (0)
    ...0 .... .... .... = DEI: Ineligible
    .... 0000 0010 0000 = ID: 32
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 131.151.32.129, Dst: 131.151.32.21
我可以使用pcapfile模块打开此文件:

但pcapfile似乎没有针对VLAN帧的特定解码器

dpkt模块运行良好:

>>> import dpkt
>>> fd = open('vlan.cap', 'rb')
>>> capfile = dpkt.pcap.Reader(fd)
>>> ts, buf = next(capfile)
>>> pkt = dpkt.ethernet.Ethernet(buf)
>>> pkt.vlan_tags
[VLANtag8021Q(pri=0, cfi=0, id=32)]
斯卡皮也一样:

你有什么样的数据可以发布到某处吗?我可以匿名化goose2.pcap,但不能匿名化vlan.pcap。如果这仍然有用,我应该在哪里发布它?我从WireShark页面抓取了vlanp.cap.gz,我无法重现您的问题:pcapfile模块似乎可以读取文件。如果您可以使用该示例文件重现您的问题,这将使诊断更容易。有趣的是,我甚至无法使用load_savefile unknown magic number打开该文件,但在我将扩展名重命名为.pcap之后,它读取的数据包数为:395。我注意到printcapfile输出b'little'-endian就像goose2.pcap一样,而vlan.pcap输出b'big'-endian。注意vlan.cap.gz是gzip压缩的;在尝试打开它之前,您需要将其解压缩为gunzip vlan.cap.gz。太棒了,我将尝试将其集成到我的代码中。非常感谢你的帮助! 
>>> import dpkt
>>> fd = open('vlan.cap', 'rb')
>>> capfile = dpkt.pcap.Reader(fd)
>>> ts, buf = next(capfile)
>>> pkt = dpkt.ethernet.Ethernet(buf)
>>> pkt.vlan_tags
[VLANtag8021Q(pri=0, cfi=0, id=32)]

>>> import scapy.all
>>> capfile = scapy.all.rdpcap('vlan.cap')
>>> capfile[0].vlan
32