def ether_decode(self, p):
data = {} # 解析出的信息以dict的形式保存
if p.haslayer("Ether"): # scapy.haslayer,将pcap包中的信息分层,再处理
data = self.ip_decode(p) # 解析IP层协议
return data
else:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ''
data['dest_ip'] = ''
data['protocol'] = ''
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = ''
data['dest_port'] = ''
return data
def udp_decode(self, p, ip):
data = {}
udp = p.getlayer("UDP")
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ip.src
data['dest_ip'] = ip.dst
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = str(ip.sport)
data['dest_port'] = str(ip.dport)
if udp.dport in self.PORT_DICT: # 若端口信息在PORT_DICT\UDP_DICT中则转换为已知
data['protocol'] = self.PORT_DICT[udp.dport]
elif udp.sport in self.PORT_DICT:
data['protocol'] = self.PORT_DICT[udp.sport]
elif udp.dport in self.UDP_DICT:
data['protocol'] = self.UDP_DICT[udp.dport]
elif udp.sport in self.UDP_DICT:
data['protocol'] = self.UDP_DICT[udp.sport]
else:
data['protocol'] = "UDP"
return data
def _fix(self):
return corrupt_bytes(self.s, self.p, self.n)
def _fix(self):
return corrupt_bytes(self.s, self.p, self.n)
def ip_decode(self, p):
data = {}
if p.haslayer("IP"): # 2048:Internet IP (IPv4) ,分IPV4和IPV6和其他协议
ip = p.getlayer("IP")
if p.haslayer("TCP"): # 6:TCP
data = self.tcp_decode(p, ip)
return data
elif p.haslayer("UDP"): # 17:UDP
data = self.udp_decode(p, ip)
return data
else:
if ip.proto in self.IP_DICT: # 若ip分层中的协议信息在字典中,则提取ip分层中的源地址、目的地址、协议(转换)等
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ip.src
data['dest_ip'] = ip.dst
data['protocol'] = self.IP_DICT[ip.proto]
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
else:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ip.src
data['dest_ip'] = ip.dst
data['protocol'] = 'IPv4'
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
elif p.haslayer("IPv6"): # 34525:IPv6
ipv6 = p.getlayer("IPv6")
if p.haslayer("TCP"): # 6:TCP
data = self.tcp_decode(p, ipv6)
return data
elif p.haslayer("UDP"): # 17:UDP
data = self.udp_decode(p, ipv6)
return data
else:
if ipv6.nh in self.IP_DICT:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ipv6.src
data['dest_ip'] = ipv6.dst
data['protocol'] = self.IP_DICT[ipv6.nh]
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
else:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = ipv6.src
data['dest_ip'] = ipv6.dst
data['protocol'] = 'IPv6'
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
else:
if p.type in self.ETHER_DICT:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = p.src
data['dest_ip'] = p.dst
data['protocol'] = self.ETHER_DICT[p.type]
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
else:
data['time'] = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(p.time))
data['source_ip'] = p.src
data['dest_ip'] = p.dst
data['protocol'] = hex(p.type) # 若在字典中没有改协议,则以16进制的形式显示
data['len'] = len(corrupt_bytes(p))
data['info'] = p.summary()
data['source_port'] = 'UnKnow'
data['dest_port'] = 'UnKnow'
return data
def _fix(self):
# type: () -> bytes
return corrupt_bytes(self.s, self.p, self.n)
