def parsePacket(s):
d = {}
# http://www.tcpdump.org/linktypes.html
llHeaders = {
0: 4,
1: 14,
108: 4,
228: 0
}
if pcapObj.datalink() in llHeaders:
s = s[llHeaders[pcapObj.datalink()]:]
else:
stats['unknown L2 protocol'] += 1
d['version'] = (ord(s[0]) & 0xf0) >> 4
d['header_len'] = ord(s[0]) & 0x0f
d['tos'] = ord(s[1])
d['total_len'] = socket.ntohs(struct.unpack('H', s[2:4])[0])
d['id'] = socket.ntohs(struct.unpack('H', s[4:6])[0])
d['flags'] = (ord(s[6]) & 0xe0) >> 5
d['fragment_offset'] = socket.ntohs(struct.unpack('H', s[6:8])[0] & 0x1f)
d['ttl'] = ord(s[8])
d['protocol'] = ord(s[9])
d['checksum'] = socket.ntohs(struct.unpack('H', s[10:12])[0])
d['source_address'] = pcap.ntoa(struct.unpack('i', s[12:16])[0])
d['destination_address'] = pcap.ntoa(struct.unpack('i', s[16:20])[0])
if d['header_len'] > 5:
d['options'] = s[20:4 * (d['header_len'] - 5)]
else:
d['options'] = None
s = s[4 * d['header_len']:]
if d['protocol'] == 17:
d['source_port'] = socket.ntohs(struct.unpack('H', s[0:2])[0])
d['destination_port'] = socket.ntohs(struct.unpack('H', s[2:4])[0])
s = s[8:]
stats['UDP packets'] += 1
d['data'] = s
stats['IP packets'] += 1
return d
评论列表
文章目录
