Reputation: 19
Parsing PCAP in Python 2.6
I am trying to simply parse through data in a packet capture. I've taken examples just to see if I could compile and I end up with an error. Below is the code.
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
f.close()
The error I get is the following:File "inspection.py", line 15, in tcp = ip.data
AttributeError: 'str' object has no attribute 'data'
Any help would be appreciated.
Upvotes: 2
Views: 6228
Answers (2)
Reputation: 1
What I did to solve the problem was:
if ip.p == 6:
tcp = dpkt.tcp.TCP(ip.data)
Upvotes: 0
Reputation: 51
The call to dpkt.ethernet.Ethernet(buf) returned a string because the Ethernet class was unable to unpack buf. A likely cause for this is that your pcap file does not have ethernet as its layer 2 protocol. You can load the pcap into Wireshark to confirm this.
The following script attempts to check the datalink field of the pcap file and use an appropriate layer 2 dpkt class to decode the frame:
import dpkt
import sys
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
if pcap.datalink() == dpkt.pcap.DLT_LINUX_SLL:
l2 = dpkt.sll.SLL(raw_pkt)
else:
l2 = dpkt.ethernet.Ethernet(buf)
ip = l2.data
tcp = ip.data
Upvotes: 3
Related Questions
- creating a pcap file using python
- parse pcap file with scapy
- Using Python to Read and Print Out a PCAP
- Parsing a PCAP File in python
- python using pyshark to parse .pcap file
- Parsing the pcap file through scapy
- Parsing one field of PCAP file into a column in Python
- opening a pcap file in python
- Parsing pcap files with dpkt (Python)
- How to parse the header files of the pcap file?