用于pcapy / impacket的IPv6解码器
[英]IPv6 decoder for pcapy/impacket
问题描述
I use the pcapy / impacket library to decode network packets in Python. 
我用的是pcapy / impacket库在Python网络数据包进行解码。 It has an IP decoder which knows about the syntax of IPv4 packets but apparently no IPv6 decoder. 它有一个IP解码器,它知道IPv4数据包的语法,但显然没有IPv6解码器。
Does anyone get one? 有人得到吗?
In a private correspondance, the Impacket maintainers say it may be better to start with Scapy 在私人对应关系,在Impacket维护人员说,这可能是更好的开始Scapy的
4 个解决方案
解决方案1
1 2009-07-02 21:15:57
You may want to look into dpkt , yet another packet parsing/building library. 您可能需要研究dpkt ,这是另一个数据包解析/构建库。 It was written by the author of pypcap , a different libpcap wrapper, but it shouldn't be too difficult to get it working with pcapy to see if it's faster for your purposes than Scapy. 它是由pypcap一种libpcap包装器pypcap的作者编写的,但是让它与pcapy一起使用来查看它是否比Scapy更快是不难的。
解决方案2
1 2008-12-22 15:21:28
Scapy, recommended by the Impacket maintainers, has no IPv6 decoding at this time. Impacket维护人员推荐的Scapy目前没有IPv6解码。 But there is an unofficial extension to do so. 但是,这样做有非正式的扩展 。
With this extension, it works: 使用此扩展,它可以工作:
for packet in traffic:
if packet.type == ETH_P_IPV6 or packet.type == ETH_P_IP:
ip = packet.payload
if (ip.version == 4 and ip.proto == UDP_PROTO) or \
(ip.version == 6 and ip.nh == UDP_PROTO):
if ip.dport == DNS_PORT and ip.dst == ns:
all_queries = all_queries + 1
but it is awfully slow for large traces. 但是对于大的痕迹来说,它的速度非常慢。 So, I may have to try Impacket nevertheless or even go back to C. 因此,尽管如此,我可能仍必须尝试Impacket甚至回到C。
解决方案3
-1 2009-06-27 19:43:23
You can use a really useful one-file library from google from 您可以使用Google提供的一个非常有用的单文件库
http://code.google.com/p/ipaddr-py/ http://code.google.com/p/ipaddr-py/
that supports IPv4, IPv6, ip validation, netmask and prefix managements, etc. It's well coded and documented. 支持IPv4,IPv6,IP验证,网络掩码和前缀管理等。
Good luck 祝好运
Emilio 埃米利奥
解决方案4
-1 2008-12-21 12:05:34
I have never used pcapy before, but I do have used libpcap in C projects. 我以前从未使用过pcapy,但是我确实在C项目中使用过libpcap。 As the pcapy page states it is not statically linked to libcap, so you can upgrade to a newer one with IPv6 support. 正如pcapy页面指出的那样,它不是静态链接到libcap的,因此您可以升级到支持IPv6的较新版本。
According to libpcap changelog , version 1.0 released on October 27, 2008, has default IPv6 support (it is supposed to have IPv6 from much longer but it is now default compiled with that option), so you should be able to capture IPv6 traffic with this version. 根据libpcap changelog的信息 ,2008年10月27日发布的1.0版具有默认的IPv6支持(应该具有更长的IPv6,但现在默认情况下已使用该选项编译),因此您应该能够使用此功能捕获IPv6流量版。 Latest pcapy release is from March 27, 2007, so at most it should include a 0.9.8 version of libcap released on September 10, 2007. 最新的pcapy版本是2007年3月27日发布的,因此最多应该包含2007年9月10日发布的0.9.8版本的libcap。
I don't know if that would be enough for you to be able to capture IPv6 traffic since pcapy API would probably requiere some changes to support it, and that's on pcapy developer's roof. 我不知道这是否足以捕获IPv6流量,因为pcapy API可能需要进行一些更改以支持它,而这正是pcapy开发人员的能力。
Update : Apparently pylibpcap , a python wrapper to libpcap, has newer releases than pcapy, so newer libpcap features should be better supported. 更新 :显然pylibpcap是libpcap的python包装器,具有比pcapy更新的版本,因此应该更好地支持新的libpcap功能。
More information about PCAP (libpcap) in general here . 一般在这里有关PCAP(libpcap)的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.