Closed dhelmr closed 3 years ago
In fact, the reader does not seem to read any layer-2 protocols, not only IP (with layer 2 I mean everything above the link layer/ethernet)
@dhelmr pcap files you're referring to are 1.9G each. Would you mind attaching a smaller sample pcap here? (just a few packets is usually all that's needed to reproduce the issue)
Sure: pcap.zip
(This one I splitted with editcap -F pcap
, if it matters. dpkt's behaviour is the same though)
Wireshark says it's the Linux cooked capture instead of Ethernet. dpkt has the SLL class for it:
In [13]: from dpkt.sll import SLL
In [14]: SLL(pp[1])
Out[14]: SLL(type=4, hdr=b'\x00PV\xa5wc\x00\x00', data=IP(tos=192, len=64, id=61204, ttl=1, p=89, sum=35426,
src=b'\n(U\x01', dst=b'\xe0\x00\x00\x05', opts=b'',
data=OSPF(v=2, type=1, len=44, router=3232297459, sum=60120, auth=b'\x00\x00\x00\x00\x00\x00\x00\x00',
data=b'\xff\xff\xff\x00\x00\n\x02\x01\x00\x00\x00(\n(U\x01\x00\x00\x00\x00')))
hope this is helpful
Sorry, my bad. Thank you!
Hi,
I try to read a pcap file from the UNSW-NB15 dataset with dpkt, but
dpkt.pcap.Reader
does not give any IP packets at all, onlydpkt.eth.Ethernet
packets. I tested it with several of the dataset's pcap files, which can be downloaded here. The pcap files can be read with tcpdump or wireshark without any problems. Wireshark showspcap
as the filetype.Example code for reproduction:
Output:
This happens with both python 3.6 abd 3.8 when using dpkt 1.9.4 or 1.9.3. With version 1.9.2 or 1.9.1 the error is:
Am I doing something wrong? The errors also persists if I open the file in wireshark and try to save it as pcapng or pcap. Other pcap files, which I captured by myself, work (both pcapng and pcap). I would appreciate any hints or help if it is something I can solve by myself. Thanks in advance!