mike01
commented
10 years ago The ethpkt[packet_type] methodology lets you search for a specific Packet-Type. There is no shortcut for saying "I'm searching for a layer 3 Protocol no matter if ipv4, ipv6 etc" like using ethpkt[ethpkt.l3proto]. Anyway you can use ethpkt.body_handler to retrieve the next upper layer without specifying any type (which in most cases should be an IP packet type). Same for transport layer like ethpkt.body_handler.body_handler which should give the transport layer. If there is no next upper layer the value will be None.
jiamo
after use
ethpkt=ethernet.Ethernet(something)to create a ethernet pkt . Why must use tcppkt=ethpkt[tcp.TCP] to get tcppackt. When something is a pcap. it should know it is tcp or udp . or it is ipv4 or ipv6 , How can we just use to ethpkt[ethpkt.l3proto] to get it ipv4 or ipv4 , or ethpkt[ethpkt.l4poroto] to get tcp or udp ? Otherwise , i should try ethpkt[udp.UDP] to get None then try tcp or is there a good methond detect the l3 l4 layer proto in ethpkt?