I'm using dpkt on python 3.8 in a Centos 8 environment. I am able to pull the data from ip packets if they are UDP or TCP but ip.data will return an empty bytes object with all other protocols that I am testing. In the code below, the program will print the correct class for UDP and TCP and print "bytes" for the other protocols. Converting the bytes object to a string, I see that it is empty. In wireshark, these ICMP, GRE, and SCTP packets are decoded just fine. Any ideas?
for ts, buf in pcap:
#print(dt.datetime.fromtimestamp(ts), len(buf))
eth = dpkt.ethernet.Ethernet(buf)
if not isinstance(eth.data, dpkt.ip.IP):
print('Non IP Packet type not supported %s\n' % eth.data.__class__.__name__)
nonIP += 1
ip = eth.data
#protocol stats
proto = ip.p
if(proto == dpkt.ip.IP_PROTO_TCP):
protodict['TCP'] +=1
print("UDP Packet - class name is: %s" % ip.data.__class__.__name__)
elif(proto == dpkt.ip.IP_PROTO_UDP):
protodict['UDP'] +=1
print("UDP Packet - class name is: %s" % ip.data.__class__.__name__)
elif(proto == dpkt.ip.IP_PROTO_ICMP):
print("ICMP Packet - class name is: %s" % ip.data.__class__.__name__)
elif(proto == dpkt.ip.IP_PROTO_SCTP):
protodict['SCTP'] +=1
print("SCTP Packet - class name is: %s" % ip.data.__class__.__name__)
elif(proto == dpkt.ip.IP_PROTO_GRE):
protodict['GRE'] +=1
print("GRE Packet - class name is: %s" % ip.data.__class__.__name__)
obormot
commented
2 years ago
I'm using dpkt on python 3.8 in a Centos 8 environment. I am able to pull the data from ip packets if they are UDP or TCP but ip.data will return an empty bytes object with all other protocols that I am testing. In the code below, the program will print the correct class for UDP and TCP and print "bytes" for the other protocols. Converting the bytes object to a string, I see that it is empty. In wireshark, these ICMP, GRE, and SCTP packets are decoded just fine. Any ideas?