dpkt tutorial summary
原文:http://www.commercialventvac.com/dpkt.html#mozTocId305148
dpkt.ethernet.Ethernet
dpkt.ethernet.Ethernet has attributes 'data', 'dst', 'get_type', 'ip', 'pack', 'pack_hdr', 'set_type', 'src', 'type', 'unpack']
data
Contains the data payload of the ethernet packet.
dst
Contains the destination address of the ethernet packet as a 6 byte strings.
6 Byte Ethernet addresses can be converted to strings in format nn:nn:nn:nn:nn:nn with the function jeffs_dpkt.eth_addr_to_str()
get_type
Returns a class which is something from the Ethernet Type field
(Pdb) print eth._typesw.keys()
[2048, 8192, 34916, 2054, 34827, 33079, 8196, 34525]
(Pdb) print eth._typesw.values()
[<class 'dpkt.ip.IP'>, <class 'dpkt.cdp.CDP'>, <class 'dpkt.pppoe.PPPoE'>, <class 'dpkt.arp.ARP'>, <class 'dpkt.ppp.PPP'>, <class 'dpkt.ipx.IPX'>, <class 'dpkt.dtp.DTP'>, <class 'dpkt.ip6.IP6'>]
(Pdb) print eth.get_type(2048)
<class 'dpkt.ip.IP'>
(Pdb) print eth.get_type(34525)
<class 'dpkt.ip6.IP6'>
(Pdb)
src
Contains the source address of the ethernet packet as a 6 byte string.
type
Returns the Ethernet type. For example, type 2048 (0x0800) is IPv4 and 34525 (0x86DD) is IPv6. For a complete list of Ethernet types, refer to http://www.iana.org/assignments/ethernet-numbers
dpkt.ethernet.dpkt
['Error', 'NeedData', 'PackError', 'Packet', 'UnpackError', '_MetaPacket', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '__vis_filter', 'array', 'copy', 'hexdump', 'in_cksum', 'in_cksum_add', 'in_cksum_done', 'itertools', 'socket', 'struct']
dpkt.ethernet.stp
dpkt.ethernet.struct
dpkt.ip
dpkt.pcap.Reader(f)
dpkt.pcap.Reader(f) implements an iterator. Each iteration returns a tuple which is a timestamp and a buffer. The timestamp contains a time as a floating point number. The buffer is a complete packet. For example:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import dpkt
import sys
f = open(sys.argv[1])
pcap = dpkt.pcap.Reader(f)
frame_counter = 0
for ts, buf in pcap:
frame_counter += 1
if frame_counter > 1 :
print "%d: %f %f" % ( frame_counter, ts, ts - last_time )
last_time = ts
f.close()