以太网帧解析并保存成解析的数据
# -*- coding: UTF-8 -*- import dpkt import collections #有序字典需要的模块 import time import PySimpleGUI as sg import os class Pcap_analyze: def __init__(self, ethpackge): self.ethpackge = ethpackge def pacpfile_del(self, inputfile): fr = open(inputfile , 'rb') self.ethpackge = dpkt.pcap.Reader(fr) outputfile = "can_mirror_count" all_pcap_data = collections.OrderedDict() all_pcap_data_hex = collections.OrderedDict() number = 0 for (ts, buf) in self.ethpackge: try: eth = eth = dpkt.ethernet.Ethernet(buf) if not isinstance(eth.data, dpkt.ip.IP): continue ip = eth.data if not isinstance(ip.data, dpkt.udp.UDP): continue udp_data = eth.data.data if not len(udp_data.data): continue all_pcap_data[ts] = eth.data.data.data all_pcap_data_hex[ts] = eth.data.data.data.hex() number += 1 except Exception as err: print("[error] %s" % err) fr.close() test_ts = 0 a = 0 file1 = open(outputfile+'.csv','w') for ts, app_data in all_pcap_data.items(): counter_number = all_pcap_data_hex[ts][28:32] header = all_pcap_data_hex[ts][0:10] if str(counter_number) != '' and udp_data.sport == 50017 and \ udp_data.dport == 50018 and header == '0000018e00': tmp = int(str(counter_number), 16) - a s1 = str(time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(ts)) ) + " : ," + \ str(header) + "," + str(len(app_data)) + ", counter_number ," + counter_number \ + " " + str(int(str(counter_number), 16)) + "," + str(tmp) +"\n" # print(time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(ts)) ,":",len(app_data),", counter_number %s" % int(str(counter_number), 16) ) file1.write(s1) a = int(str(counter_number), 16) test_ts=ts file1.close() print("总UDP数量 %s" % number) print("\n最后一个包负载的十六进制******\n%s"%all_pcap_data_hex[test_ts]) def windows(self): sg.theme('Light Brown 1') # please make your windows colorful layout = [ [sg.Text('你选择的文件是:',font=("宋体", 10)),sg.Text('',key='text1',size=(50,1),font=("宋体", 10))], [sg.Text('程序运行记录',justification='center')], [sg.Output(size=(70, 20),font=("宋体", 10))], [sg.FileBrowse('打开文件',key='folder',target='text1'), sg.Button('数据处理'), sg.Button('关闭')] ] window = sg.Window('PCAP统计can_mirror : ', layout,font=("宋体", 15),default_element_size=(50,1)) while True: event, values = window.read() if event == '关闭' or event == sg.WIN_CLOSED: # 如果用户关闭窗口或点击`关闭` break if event == '数据处理': if values['folder']: print('{0}正在分析原文件{0}'.format('*'*10)) self.pacpfile_del(values['folder']) print('{0}数据处理完毕{0}'.format('*'*10)) else: print('请先选择文件') window.close() if __name__ == '__main__': deal_data = Pcap_analyze('can_mirror') deal_data.windows()
完整的应用:
功能: 解析pcap报文,解析出需要的payload报文,并分析其中的数据书否丢帧
方法:
1.pacp的解析
2.窗口的创建
使用:
直接调用方法2,通过人机交互界面完成所有操做,无需输入任何参数
如图:
输出:
1.解析的文件
2.最后一帧的报文
3.总的UDP帧数的统计