def __init__(self, pkt_bytes, time=None):
"""Decodes the specified Ethernet packet.
Supports raw Ethernet frames, and Ethernet frames containing tagged
802.1q VLANs.
The VID will be placed in the `vid` attribute, and the payload (next
layer packet) will be placed in the `payload` attribute.
If specified, the time will be stored in the `time` attribute.
The source MAC, destination MAC, and payload Ethertype will be
stored in `src_mac`, `dst_mac`, and `ethertype` attributes,
respectively.
:param pkt_bytes: The input bytes of the Ethernet packet.
:type pkt_bytes: bytes
:param time: Timestamp packet was seen (seconds since epoch)
:type time: str
:return:
"""
if len(pkt_bytes) < ETHERNET_HEADER_LEN:
self.valid = False
return
packet = EthernetPacket._make(
struct.unpack(ETHERNET_PACKET, pkt_bytes[0:ETHERNET_HEADER_LEN])
)
payload_index = ETHERNET_HEADER_LEN
if packet.ethertype == ETHERTYPE.VLAN:
# We found an 802.1q encapsulated frame. The next four bytes are
# the QoS, VLAN ID,and the Ethertype of the encapsulated frame.
if len(pkt_bytes) < (ETHERNET_HEADER_LEN + VLAN_HEADER_LEN):
self.valid = False
return
vid, ethertype = struct.unpack(
VLAN_HEADER,
pkt_bytes[payload_index : payload_index + VLAN_HEADER_LEN],
)
vid = bytes_to_int(vid)
# The VLAN is the lower 12 bits; the upper 4 bits are for QoS.
vid &= 0xFFF
self.vid = vid
# Use the Ethertype found in the VLAN header.
self.ethertype = ethertype
payload_index += VLAN_HEADER_LEN
else:
self.vid = None
self.ethertype = packet.ethertype
self.valid = True
self.packet = packet
self.payload = pkt_bytes[payload_index:]
self.src_mac = packet.src_mac
self.dst_mac = packet.dst_mac
self.time = time
def __init__(self,
pkt_bytes,
time=None,
src_mac=None,
dst_mac=None,
vid=None):
"""
:param pkt_bytes: The input bytes of the ARP packet.
:type pkt_bytes: bytes
:param time: Timestamp packet was seen (seconds since epoch)
:type time: str
:param src_mac: Source MAC address from Ethernet header.
:type src_mac: bytes
:param dst_mac: Destination MAC address from Ethernet header.
:type dst_mac: bytes
:param vid: 802.1q VLAN ID (VID), or None if untagged.
:type vid: int
:return:
"""
packet = ARPPacket._make(
struct.unpack(ARP_PACKET, pkt_bytes[0:SIZEOF_ARP_PACKET]))
self.packet = packet
self.time = time
if src_mac is not None:
self.src_mac = EUI(bytes_to_int(src_mac))
else:
self.src_mac = None
if dst_mac is not None:
self.dst_mac = EUI(bytes_to_int(dst_mac))
else:
self.dst_mac = None
self.vid = vid
self.hardware_type = packet.hardware_type
self.protocol_type = packet.protocol
self.hardware_length = packet.hardware_length
self.protocol_length = packet.protocol_length
self.operation = packet.operation
self.sender_hardware_bytes = packet.sender_mac
self.sender_protocol_bytes = packet.sender_ip
self.target_hardware_bytes = packet.target_mac
self.target_protocol_bytes = packet.target_ip
def src_eui(self):
"""Returns a netaddr.EUI representing the source MAC address."""
return EUI(bytes_to_int(self.src_mac))
def dst_eui(self):
"""Returns a netaddr.EUI representing the destination MAC address."""
return EUI(bytes_to_int(self.dst_mac))
def target_eui(self):
"""Returns a netaddr.EUI representing the target MAC address."""
return EUI(bytes_to_int(self.target_hardware_bytes))
def source_eui(self):
"""Returns a netaddr.EUI representing the source MAC address."""
return EUI(bytes_to_int(self.sender_hardware_bytes))
