Created
March 21, 2015 01:16
-
-
Save reedho/7479aea14262a2a558ef to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # derived from: | |
| # https://github.com/mike01/pypacker/blob/master/examples/examples.py | |
| from pypacker import ppcap | |
| from pypacker.layer12 import ethernet | |
| from pypacker.layer3 import ip, icmp, ip6 | |
| from pypacker.layer4 import udp, tcp | |
| with open("/tmp/test.cap", mode='rb') as f: | |
| pcap = ppcap.Reader(f) | |
| for ts, buf in pcap: | |
| # assume all is ethernet DLT :D | |
| eth = ethernet.Ethernet(buf) | |
| if eth[ip.IP] is not None: # ~ isinstance(eth.body_handler, ip.IP): | |
| # IP protocol | |
| o_ip = eth[ip.IP] | |
| if o_ip[tcp.TCP] is not None: | |
| # TCP Proto | |
| print(repr(o_ip[tcp.TCP])) | |
| elif o_ip[udp.UDP] is not None: | |
| # UDP Proto | |
| print(repr(o_ip[udp.UDP])) | |
| elif o_ip[icmp.ICMP] is not None: | |
| # ICMP | |
| print(o_ip[icmp.ICMP]) | |
| else: | |
| # Whats this, possibly part of fragmented packet | |
| print("??? -- %s -> %s -- %s" % (o_ip.src_s, o_ip.dst_s, o_ip)) | |
| elif isinstance(eth.body_handler, ip6.IP6): | |
| # IP6 | |
| print(eth.body_handler) | |
| else: | |
| # ??? | |
| print("Uknown data link layer type -- %s" % buf) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment