for timestamp, buf in dpkt.pcap.Reader(f):
eth = dpkt.ethernet.Ethernet(buf)
print(eth)
Since the ethertype field is 0, it is being treated as logical link control, and throwing an exception:
---------------------------------------------------------------------------
error Traceback (most recent call last)
c:\workspace\dpkt\dpkt\dpkt\dpkt.py in __init__(self, *args, **kwargs)
88 try:
---> 89 self.unpack(args[0])
90 except struct.error:
c:\workspace\dpkt\dpkt\dpkt\llc.py in unpack(self, buf)
35
---> 36 dpkt.Packet.unpack(self, buf)
37 if self.is_snap:
c:\workspace\dpkt\dpkt\dpkt\dpkt.py in unpack(self, buf)
170 for k, v in compat_izip(self.__hdr_fields__,
--> 171 struct.unpack(self.__hdr_fmt__, buf[:self.__hdr_len__])):
172 setattr(self, k, v)
error: unpack requires a buffer of 3 bytes
During handling of the above exception, another exception occurred:
NeedData Traceback (most recent call last)
<ipython-input-5-a483b3f3f387> in <module>
1 for timestamp, buf in dpkt.pcap.Reader(f):
----> 2 eth = dpkt.ethernet.Ethernet(buf)
3 print(eth)
4
c:\workspace\dpkt\dpkt\dpkt\ethernet.py in __init__(self, *args, **kwargs)
77
78 def __init__(self, *args, **kwargs):
---> 79 dpkt.Packet.__init__(self, *args, **kwargs)
80 # if data was given in kwargs, try to unpack it
81 if self.data:
c:\workspace\dpkt\dpkt\dpkt\dpkt.py in __init__(self, *args, **kwargs)
87 if args:
88 try:
---> 89 self.unpack(args[0])
90 except struct.error:
91 if len(args[0]) < self.__hdr_len__:
c:\workspace\dpkt\dpkt\dpkt\ethernet.py in unpack(self, buf)
166 self.fcs = struct.unpack('>I', self.data[-4:])[0]
167 self.trailer = self.data[eth_len:-4]
--> 168 self.data = self.llc = llc.LLC(self.data[:eth_len])
169
170 def pack_hdr(self):
c:\workspace\dpkt\dpkt\dpkt\dpkt.py in __init__(self, *args, **kwargs)
90 except struct.error:
91 if len(args[0]) < self.__hdr_len__:
---> 92 raise NeedData
93 raise UnpackError('invalid %s: %r' %
94 (self.__class__.__name__, args[0]))
NeedData:
Anyone ever seen this? Ideas on what to do about this ethernet frame? Should we check for the ethertype 0 case in Ethernet.unpack instead of letting it fall through the if to the else case that interprets as logic link control?
Right now I am just checking for zero ethertype and throwing away:
for timestamp, buf in dpkt.pcap.Reader(f):
if len(buf) > 14 and buf[12:14] == b'\x00\x00':
continue
eth = dpkt.ethernet.Ethernet(buf)
Should we check for this case in Ethernet.upack()?
The attached pcap has a single packet that causes a
NeedData
exception in dpkt 1.9.2.capture.zip
The frame looks like:
Example:
Since the
ethertype
field is 0, it is being treated as logical link control, and throwing an exception:Anyone ever seen this? Ideas on what to do about this ethernet frame? Should we check for the ethertype 0 case in Ethernet.unpack instead of letting it fall through the if to the else case that interprets as logic link control?
Right now I am just checking for zero ethertype and throwing away:
Should we check for this case in Ethernet.upack()?