2014/02/28 Summary of contents demoed at #ssmjp, part 1

I introduced that you can do this by preparing a pcap file with one Ping, one Echo Request, and one Echo Reply.

I wrote about the announcement at ssmjp on my blog http://th0x0472.at.webry.info/201403/article_1.html

First of all, load the library.

import dpkt

Open the pcap file.

>>> p=dpkt.pcap.Reader(open("demo.pcap","r"))
>>> p
<dpkt.pcap.Reader object at 0xfc1f10>

You can get a list of timestamps and packet data tuples with readpkts ().

>>> len(p.readpkts())
2
>>> p.readpkts()
[(1393533576.809375, '\x00:\x9d\xbd5\xcc\x08\x00\'\xca\xd8\xe2\x08\x00E\x00\x00T\x17\xcd@\x00@\x01*\xef\xc0\xa8\x01\x10J}\xeb\xb7\x08\x00\xfc\xa1\x1a;\x00\x01\x88\xa2\x0fS\x00\x00\x00\x00~Y\x0c\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'), (1393533577.117797, '\x08\x00\'\xca\xd8\xe2\x00:\x9d\xbd5\xcc\x08\x00E\x00\x00T\x9c\xfe\x00\x008\x01\xed\xbdJ}\xeb\xb7\xc0\xa8\x01\x10\x00\x00\x04\xa2\x1a;\x00\x01\x88\xa2\x0fS\x00\x00\x00\x00~Y\x0c\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567')]

You can access any packet data like this.

>>> p.readpkts()[0][1]
'\x00:\x9d\xbd5\xcc\x08\x00\'\xca\xd8\xe2\x08\x00E\x00\x00T\x17\xcd@\x00@\x01*\xef\xc0\xa8\x01\x10J}\xeb\xb7\x08\x00\xfc\xa1\x1a;\x00\x01\x88\xa2\x0fS\x00\x00\x00\x00~Y\x0c\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'

Makes packet data an Ethernet class object.

>>> dpkt.ethernet.Ethernet((p.readpkts()[0][1]))
Ethernet(src="\x08\x00'\xca\xd8\xe2", dst='\x00:\x9d\xbd5\xcc', data=IP(src='\xc0\xa8\x01\x10', off=16384, dst='J}\xeb\xb7', sum=10991, len=84, p=1, id=6093, data=ICMP(sum=64673, data=Echo(id=6715, seq=1, data='\x88\xa2\x0fS\x00\x00\x00\x00~Y\x0c\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567'))))
>>> dpkt.ethernet.Ethernet((p.readpkts()[0][1])).data
IP(src='\xc0\xa8\x01\x10', off=16384, dst='J}\xeb\xb7', sum=10991, len=84, p=1, id=6093, data=ICMP(sum=64673, data=Echo(id=6715, seq=1, data='\x88\xa2\x0fS\x00\x00\x00\x00~Y\x0c\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567')))

Take an IP packet and look at the source IP address.

>>> req=dpkt.ethernet.Ethernet((p.readpkts()[0][1])).data
>>> req.src
'\xc0\xa8\x01\x10'

It's hard to see at this rate, but it's easier to see if you use the socket library.

>>> import socket
>>> socket.inet_ntoa(req.src)
'192.168.1.16'

Recommended Posts

2014/02/28 Summary of contents demoed at #ssmjp, part 1
Summary of basic knowledge of PyPy Part 1
Contents of __name__
Numerical summary of data
Kaggle Summary: Redhat (Part 1)
Summary of Tensorflow / Keras
Obtained contents of sosreport
Summary of pyenv usage
Summary of string operations
[Note] Contents of shape [0], shape [1], shape [2]
Kaggle Summary: Redhat (Part 2)
Summary of Python arguments
Summary of logrotate software logrotate
Summary of test method
How to shuffle a part of a Python list (at random.shuffle)
Image crawling summary performed at the speed of a second