def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
raw_savefile_header = file_h.read(24)
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] == '\xa1\xb2\xc3\xd4':
byte_order = 'big'
# https://blog.csdn.net/jackyzhousales/article/details/78030847
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] == '\xd4\xc3\xb2\xa1':
byte_order = 'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise Exception('Invalid pcap file.')
# typedef struct pcap_hdr_s {
# guint32 magic_number; /* magic number */
# guint16 version_major; /* major version number */
# guint16 version_minor; /* minor version number */
# gint32 thiszone; /* GMT to local correction */
# guint32 sigfigs; /* accuracy of timestamps */
# guint32 snaplen; /* max length of captured packets, in octets */
# guint32 network; /* data link type */
# } pcap_hdr_t;
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order))
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
try:
raw_savefile_header = file_h.read(24)
except UnicodeDecodeError:
print("\nMake sure the input file is opened in read binary, 'rb'\n")
raise
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] in [struct.pack(">I", _MAGIC_NUMBER),
struct.pack(">I", _MAGIC_NUMBER_NS)]:
byte_order = b'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] in [struct.pack("<I", _MAGIC_NUMBER),
struct.pack("<I", _MAGIC_NUMBER_NS)]:
byte_order = b'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise Exception('Invalid pcap file.')
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order),
magic == _MAGIC_NUMBER_NS)
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
try:
raw_savefile_header = file_h.read(24)
except UnicodeDecodeError:
print("\nMake sure the input file is opened in read binary, 'rb'\n")
raise InvalidEncoding("Could not read file; it might not be opened in binary mode.")
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] in [struct.pack(">I", _MAGIC_NUMBER),
struct.pack(">I", _MAGIC_NUMBER_NS)]:
byte_order = b'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] in [struct.pack("<I", _MAGIC_NUMBER),
struct.pack("<I", _MAGIC_NUMBER_NS)]:
byte_order = b'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise UnknownMagicNumber("No supported Magic Number found")
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order),
magic == _MAGIC_NUMBER_NS)
if not __validate_header__(header):
raise InvalidHeader("Invalid Header")
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
try:
raw_savefile_header = file_h.read(24)
except UnicodeDecodeError:
print("\nMake sure the input file is opened in read binary, 'rb'\n")
raise InvalidEncoding("Could not read file; it might not be opened in binary mode.")
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] in [struct.pack(">I", _MAGIC_NUMBER),
struct.pack(">I", _MAGIC_NUMBER_NS)]:
byte_order = b'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] in [struct.pack("<I", _MAGIC_NUMBER),
struct.pack("<I", _MAGIC_NUMBER_NS)]:
byte_order = b'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise UnknownMagicNumber("No supported Magic Number found")
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order),
magic == _MAGIC_NUMBER_NS)
if not __validate_header__(header):
raise InvalidHeader("Invalid Header")
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
try:
raw_savefile_header = file_h.read(24)
except UnicodeDecodeError:
print("\nMake sure the input file is opened in read binary, 'rb'\n")
raise
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] in [
struct.pack(">I", _MAGIC_NUMBER),
struct.pack(">I", _MAGIC_NUMBER_NS)
]:
byte_order = b'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] in [
struct.pack("<I", _MAGIC_NUMBER),
struct.pack("<I", _MAGIC_NUMBER_NS)
]:
byte_order = b'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise Exception('Invalid pcap file.')
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order),
magic == _MAGIC_NUMBER_NS)
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def pcap_header(file):
raw_savefile_header = file.read(24)
# check endian: big_end / little_end
if raw_savefile_header[:4] == '\xa1\xb2\xc3\xd4':
byte_order = 'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] == '\xd4\xc3\xb2\xa1':
byte_order = 'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
return Exception('Invalid pcap file.')
# typedef struct pcap_hdr_s {
# guint32 magic_number; /* magic number */
# guint16 version_major; /* major version number */
# guint16 version_minor; /* minor version number */
# gint32 thiszone; /* GMT to local correction */
# guint32 sigfigs; /* accuracy of timestamps */
# guint32 snaplen; /* max length of captured packets, in octets */
# guint32 network; /* data link type */
# } pcap_hdr_t;
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order))
if not __validate_header__(header):
raise Exception("Invalid Header")
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
raw_savefile_header = file_h.read(24)
if raw_savefile_header[:4] == '\xa1\xb2\xc3\xd4':
byte_order = 'big'
elif raw_savefile_header[:4] == '\xd4\xc3\xb2\xa1':
byte_order = 'little'
else:
byte_order = None
unpacked = struct.unpack('=IhhIIII', raw_savefile_header)
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order))
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
raw_savefile_header = file_h.read(24)
unpacked = None
if raw_savefile_header[:4] == '\xa1\xb2\xc3\xd4':
byte_order = 'big'
unpacked = struct.unpack('>IHHiIII', raw_savefile_header)
elif raw_savefile_header[:4] == '\xd4\xc3\xb2\xa1':
byte_order = 'little'
unpacked = struct.unpack('<IHHiIII', raw_savefile_header)
else:
byte_order = None
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order))
__TRACE__('[+] Read file header: 0x%x %d.%d packet snapshot length %d LL Type %d', (header.magic, header.major, header.minor, header.snaplen, header.ll_type))
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
raw_savefile_header = file_h.read(24)
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] == b'\xa1\xb2\xc3\xd4':
byte_order = 'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] == b'\xd4\xc3\xb2\xa1':
byte_order = b'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise Exception('Invalid pcap file.')
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
ko = ctypes.c_char_p(byte_order)
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen, ll_type, ctypes.c_char_p(byte_order))
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header
def _load_savefile_header(file_h):
"""
Load and validate the header of a pcap file.
"""
raw_savefile_header = file_h.read(24)
# in case the capture file is not the same endianness as ours, we have to
# use the correct byte order for the file header
if raw_savefile_header[:4] == '\xa1\xb2\xc3\xd4':
byte_order = 'big'
unpacked = struct.unpack('>IhhIIII', raw_savefile_header)
elif raw_savefile_header[:4] == '\xd4\xc3\xb2\xa1':
byte_order = 'little'
unpacked = struct.unpack('<IhhIIII', raw_savefile_header)
else:
raise Exception('Invalid pcap file.')
(magic, major, minor, tz_off, ts_acc, snaplen, ll_type) = unpacked
header = __pcap_header__(magic, major, minor, tz_off, ts_acc, snaplen,
ll_type, ctypes.c_char_p(byte_order))
if not __validate_header__(header):
raise Exception('invalid savefile header!')
else:
return header