search

liuweireign / dpkt

Automatically exported from code.google.com/p/dpkt
Other
0 stars 0 forks source link

Exception OverflowError #27

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I'm trying to use DPKT to parse a PCAP file and getting an exception thrown
in the pcap.py module.

My code:

import dpkt

f = open('capture.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data

    print tcp.sport, tcp.dport, len(tcp.data)

f.close()

Breaks in the following module:

def __iter__(self):
    self.__f.seek(FileHdr.__hdr_len__)
    while 1:
        buf = self.__f.read(PktHdr.__hdr_len__)
        if not buf: break
        hdr = self.__ph(buf)
        buf = self.__f.read(hdr.caplen)

It breaks in the last line with this error:

exceptions.OverflowError: long int too large to convert to int

Wireshark displays the data fine and I don't see anything that looks like
it would be a problem. The traffic is a mix of TCP and UDP it it breaks on
a UDP packet.

Any ideas?

Original issue reported on code.google.com by paul.fer...@gmail.com on 6 Nov 2009 at 10:30

GoogleCodeExporter commented 9 years ago 
I am facing the same issue. I need to parse a UDP packet and can't do it. 
Please let me 
know what can I do.

Thanks,

Ram.

Original comment by rram...@gmail.com on 20 Nov 2009 at 6:42

GoogleCodeExporter commented 9 years ago 
attaching file.

Original comment by rram...@gmail.com on 20 Nov 2009 at 6:55

Attachments:

GoogleCodeExporter commented 9 years ago 
i have the same problem too.

Original comment by claudio....@gmail.com on 3 Dec 2009 at 10:45

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Be sure to open your file in binary mode. Otherwise, the raw data content of 
the pcap
file will not be interpreted correctly.

Open your file like this:
f = open('capture.pcap', 'rb')

MGS

Original comment by msp...@cox.net on 30 Dec 2009 at 12:17

GoogleCodeExporter commented 9 years ago 
I also ran into this problem.  Opening the file in binary mode makes no 
difference. 
What I did notice however is that it that you don't run into this problem if 
you are
running dpkt on Linux.  It seems to be Windows-specific.  Any ideas?  Thanks.

Original comment by tiddl...@mailinator.com on 15 Feb 2010 at 7:01

GoogleCodeExporter commented 9 years ago 
I believe Windows has some LFS issues when using longs for read/seek/tell/etc.
Unfortunately, I don't have a 32-bit Windows machine to reproduce on.

Original comment by jon.ober...@gmail.com on 24 Mar 2010 at 3:10

GoogleCodeExporter commented 9 years ago 
I have the same problem on my Windows XP machine. Running in cygwin solves the 
problem. I also added some debug prints in pcap.py and it looks like the file 
read function does not return enough bytes.

Original comment by stefan.j...@gmail.com on 30 Sep 2010 at 5:35

GoogleCodeExporter commented 9 years ago 
Opening the file in binary mode solved my problem.

Original comment by stefan.j...@gmail.com on 13 Oct 2010 at 8:32

GoogleCodeExporter commented 9 years ago 
yeah...just open file in mode = 'rb'

Original comment by jyo....@gmail.com on 26 Aug 2011 at 11:08

GoogleCodeExporter commented 9 years ago 
Worked for me too. Thanks!

Original comment by ami...@gmail.com on 21 Jan 2014 at 9:34

GoogleCodeExporter commented 9 years ago 
open file in mode 'rb'
solved my problem too, Thanks!

Original comment by zlh6...@gmail.com on 22 Apr 2014 at 7:27

GoogleCodeExporter commented 9 years ago 
open file in mode 'rb'
solved my problem too, Thanks!

Original comment by zlh6...@gmail.com on 22 Apr 2014 at 7:27

GoogleCodeExporter commented 9 years ago 
On Windows, pcap files should be opened in binary mode (rb). Closing the issue.

Original comment by kbandla@in2void.com on 25 Dec 2014 at 2:58