Closed Willtl closed 3 years ago
I tried opening https://github.com/yungshenglu/USTC-TFC2016/blob/master/Malware/Miuref.pcap in Wireshark and it shows the 1st packet is truncated. You're likely hitting the same error in dpkt, saying it needs more data to process the packet. This is the expected behavior. You can modify your code to catch the NeedData exception and move on to process the next packet. Please reopen the issue if you believe there's a bug in dpkt.
@Willtl also just for an example of handling truncated data you can take a peek at this example: https://github.com/kbandla/dpkt/blob/master/examples/print_dns_truncated.py
I'm trying to perform some preprocessing on some .pcap files to perform anomaly detection using neural networks.
This is the dataset: https://github.com/yungshenglu/USTC-TFC2016
I managed to open and work with the benign data normally (https://github.com/yungshenglu/USTC-TFC2016/tree/master/Benign).
However, when I try to open any .pcap inside the malware folder (https://github.com/yungshenglu/USTC-TFC2016/tree/master/Malware), I get the following error when I call
eth = dpkt.ethernet.Ethernet(frame)
I tried to open the same malware .pcap files on Wireshark and it loads it correctly.