[英]Parsing ip address with dpkt
I am using dpkt to parse a pcap file, however I am confused about how to extract the destination ip address. 我使用dpkt来解析pcap文件,但是我对如何提取目标IP地址感到困惑。 I am parsing the packets using
eth = dpkt.ethernet.Ethernet(buf)
which returns an ethernet object which looks like the following: 我正在使用
eth = dpkt.ethernet.Ethernet(buf)
解析数据包,它返回一个如下所示的以太网对象:
Ethernet(src='\x00\x1a\xa0kUf', dst='\x00\x13I\xae\x84,', data=IP(src='\xc0\xa8\n\n',
off=16384, dst='C\x17\x030', sum=25129, len=52, p=6, id=51105, data=TCP(seq=9632694,
off_x2=128, ack=3382015884, win=54, sum=65372, flags=17, dport=80, sport=56145)))
I am confused about 2 things. 我对两件事感到困惑。
I tried a solution like Convert "little endian" hex string to IP address in Python , but both dst fields seem to sometimes contain data which seemingly cannot be parsed to an ip address such as _daQ
(how is _daQ parsed to address?) or RT\\x00\\x125\\x02
(what is RT?) or 33\\x00\\x01\\x00\\x03
(what is the 33 at the beginning and why does this look like 5 bytes not 4?) 我在Python中尝试了将转换“little endian”十六进制字符串转换为IP地址的解决方案,但两个dst字段似乎有时包含似乎无法解析为IP地址的数据,例如
_daQ
(如何解析_daQ来解决?)或RT\\x00\\x125\\x02
(什么是RT?)或33\\x00\\x01\\x00\\x03
(开头33是什么,为什么这看起来像5个字节而不是4?)
eth.dst
field will contain the destination MAC address (eg 01:23:45:67:89:ab
), not the destination IP address. eth.dst
字段将包含目标MAC地址(例如01:23:45:67:89:ab
),而不是目标IP地址。 You need the ip.dst field. Try this: 试试这个:
ip_hdr = eth.data
ip_hdr.dst # will contain your destination IP address in BINARY
# adapted from http://www.commercialventvac.com/dpkt.html#mozTocId303989
import socket
dst_ip_addr_str = socket.inet_ntoa(ip_hdr.dst)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.