stackoom
  简体   繁体   中英

using python to determine dot1x protocol type in ethernet header

 原文  2015-08-27 02:28:45       python/ protocols/ ethernet/ packet-capture

Question

I'm using python to enumerate information in a dot1x exchange but I'm having trouble parsing the Ethernet protocol. I know the Ethernet type field is two bytes and dot1x uses "888e". I've confirmed "888e" is being passed via Wireshark but I'm getting the below output. Why is it showing "36488" instead of "888e"? 

Destination MAC : 01:80:c2:00:00:03 Source MAC : c2:04:17:9c:f1:03 Protocol : 36488
Destination MAC : 01:80:c2:00:00:03 Source MAC : 08:00:27:83:5b:8b Protocol : 36488
Destination MAC : 01:80:c2:00:00:03 Source MAC : c2:04:17:9c:f1:03 Protocol : 36488
Destination MAC : 01:80:c2:00:00:03 Source MAC : 08:00:27:83:5b:8b Protocol : 36488
Destination MAC : 01:80:c2:00:00:03 Source MAC : c2:04:17:9c:f1:03 Protocol : 36488

My code: 

import socket, sys
from struct import *

#Convert a string of 6 characters of ethernet address into a dash separated hex string
def eth_addr (a) :
    b = "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x" % (ord(a[0]) , ord(a[1]) , ord(a[2]), ord(a[3]), ord(a[4]) , ord(a[5]))
    return b

#create a AF_PACKET type raw socket (thats basically packet level)
#define ETH_P_ALL    0x0003          /* Every packet (be careful!!!) */
try:
    s = socket.socket( socket.AF_PACKET , socket.SOCK_RAW , socket.ntohs(0x0003))
except socket.error , msg:
    print 'Socket could not be created. Error Code : ' + str(msg[0]) + '   Message ' + msg[1]
    sys.exit()

# receive a packet
while True:
    packet = s.recvfrom(65565)

    #packet string from tuple
    packet = packet[0]

    #parse ethernet header
    eth_length = 14

    eth_header = packet[:eth_length]
    eth = unpack('!6s6sH' , eth_header)
    eth_protocol = socket.ntohs(eth[2])
    print 'Destination MAC : ' + eth_addr(packet[0:6]) + ' Source MAC : ' +  eth_addr(packet[6:12]) + ' Protocol : ' + str(eth_protocol)

1 answers

solution1
 0 ACCPTED  2015-08-27 06:38:13

It is just a matter of hexadecimal and decimal representation.

36488 is 8e88 in hexadecimal. Also you are doing a ntohs() translation to get the eth_protocol which basically changes the byte order ie translates 888e to 8e88 .

If you want your program to print hexadecimal number check string formatting specs at Python docs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Ethernet header removal using scapy (python) Determine protocol of the link using Python alternatives How to parse Ethernet Header of pcap file using Python? Python - Not Expecting Data by Unpacking Ethernet Frame Getting 0xc0a8 on Type Expecting 0x800 MAC, ethernet id using python sending ethernet data along with ARP protocol to automobile gateway in Python Determine if a computer is connected to internet via WiFi network or ethernet cable in Python How to determine client certificate type using Python? Using Regular Expression in Python to determine the type of geometry Extract Ethernet, IP header, TCP and payload from socket recv Python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM