Snoop file parser - Githubissues

NewLionwang / dpkt

Automatically exported from code.google.com/p/dpkt

Other

0 stars 0 forks source link

Snoop file parser #51

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

I needed to parse packet capture files created by Solaris snoop command and I 
wrote a snoop file parser, which works mostly in the same way as the existing 
pcap.py.  Currently it supports only the Ethernet format.  I took the constants 
from snoop.h in OpenSolaris.

The snoop file format is described in RF1761.

Original issue reported on code.google.com by keisuke....@gmail.com on 29 Sep 2010 at 5:46

Attachments:

snoop.py

GoogleCodeExporter commented 8 years ago

Thanks - committed, and added you to AUTHORS :-)

Original comment by dugsong on 6 Jan 2011 at 4:12

GoogleCodeExporter commented 8 years ago

Original comment by dugsong on 6 Jan 2011 at 4:12

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

[deleted comment]

GoogleCodeExporter commented 8 years ago

Yeah. It works on snoop file.

Original comment by xuedipia...@gmail.com on 21 Jul 2011 at 1:03

GoogleCodeExporter commented 8 years ago

I noticed __init__.py does not include a line "import snoop".  Suppose it is 
added, you can read packets from a snoop file in the same way as pcap:

from dpkt import ethernet, snoop

f = file("packet.snoop", "rb")
for ts, buf in snoop.Reader(f):
  eth = ethernet.Ethernet(buf)

Original comment by keisuke....@gmail.com on 21 Jul 2011 at 4:36

GoogleCodeExporter commented 8 years ago

Thank you! It works fine!!!

Original comment by vinifa...@gmail.com on 10 Nov 2014 at 2:09