博主正在编写一个Python程序,利用pcap库构建MAC地址缓存,但发现pcap模块的文档不足。他们找到了一个名为pylibpcap的资源,并提供了代码示例,该示例可以正常工作。然而,他们希望修改代码以展示每个数据包的源MAC地址。解决方案是查找“Ethernet帧格式”的资料,因为前6个八位字节是目的MAC地址,接下来的6个八位字节是源MAC地址。
I'm writing python program to build mac-address cache using pcap. But pcap module for python has no good documentation. I have found this page http://pylibpcap.sourceforge.net/ with code example and it works fine.
Can anybody modify this example to make it able to show the source mac-address for each packet? Or point me to the documentation where I can read about it ...
updated
Here is a code part where information about mac addresses were cut.
def print_packet(pktlen, data, timestamp):
if not data:
return
if data[12:14]=='\x08\x00':
decoded=decode_ip_packet(data[14:])
print '\n%s.%f %s > %s' % (time.strftime('%H:%M',
time.localtime(timestamp)),
timestamp % 60,
decoded['source_address'],
decoded['destination_address'])
for key in ['version', 'header_len', 'tos', 'total_len', 'id',
'flags', 'fragment_offset', 'ttl']:
print ' %s: %d' % (key, decoded[key])
print ' protocol: %s' % protocols[decoded['protocol']]
print ' header checksum: %d' % decoded['checksum']
print ' data:'
dumphex(decoded['data'])
First 14 octets in data are destination, source mac-addr and ether type.
decoded=decode_ip_packet(data[14:])
I need to parse them to get this info. Task is done.
解决方案
Google "Ethernet frame formats". The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address.
扫一扫
808
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
