以太网帧解析并保存成解析的数据
# -*- coding: UTF-8 -*-
import dpkt
import collections #有序字典需要的模块
import time
import PySimpleGUI as sg
import os
class Pcap_analyze:
def __init__(self, ethpackge):
self.ethpackge = ethpackge
def pacpfile_del(self, inputfile):
fr = open(inputfile , 'rb')
self.ethpackge = dpkt.pcap.Reader(fr)
outputfile = "can_mirror_count"
all_pcap_data = collections.OrderedDict()
all_pcap_data_hex = collections.OrderedDict()
number = 0
for (ts, buf) in self.ethpackge:
try:
eth = eth = dpkt.ethernet.Ethernet(buf)
if not isinstance(eth.data, dpkt.ip.IP):
continue
ip = eth.data
if not isinstance(ip.data, dpkt.udp.UDP):
continue
udp_data = eth.data.data
if not len(udp_data.data):
continue
all_pcap_data[ts] = eth.data.data.data
all_pcap_data_hex[ts] = eth.data.data.data.hex()
number += 1
except Exception as err:
print("[error] %s" % err)
fr.close()
test_ts = 0
a = 0
file1 = open(outputfile+'.csv','w')
for ts, app_data in all_pcap_data.items():
counter_number = all_pcap_data_hex[ts][28:32]
header = all_pcap_data_hex[ts][0:10]
if str(counter_number) != '' and udp_data.sport == 50017 and \
udp_data.dport == 50018 and header == '0000018e00':
tmp = int(str(counter_number), 16) - a
s1 = str(time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(ts)) ) + " : ," + \
str(header) + "," + str(len(app_data)) + ", counter_number ," + counter_number \
+ " " + str(int(str(counter_number), 16)) + "," + str(tmp) +"\n"
# print(time.strftime("%Y-%m-%d %H:%M:%S",time.localtime(ts)) ,":",len(app_data),", counter_number %s" % int(str(counter_number), 16) )
file1.write(s1)
a = int(str(counter_number), 16)
test_ts=ts
file1.close()
print("总UDP数量 %s" % number)
print("\n最后一个包负载的十六进制******\n%s"%all_pcap_data_hex[test_ts])
def windows(self):
sg.theme('Light Brown 1') # please make your windows colorful
layout = [
[sg.Text('你选择的文件是:',font=("宋体", 10)),sg.Text('',key='text1',size=(50,1),font=("宋体", 10))],
[sg.Text('程序运行记录',justification='center')],
[sg.Output(size=(70, 20),font=("宋体", 10))],
[sg.FileBrowse('打开文件',key='folder',target='text1'), sg.Button('数据处理'), sg.Button('关闭')]
]
window = sg.Window('PCAP统计can_mirror : ', layout,font=("宋体", 15),default_element_size=(50,1))
while True:
event, values = window.read()
if event == '关闭' or event == sg.WIN_CLOSED: # 如果用户关闭窗口或点击`关闭`
break
if event == '数据处理':
if values['folder']:
print('{0}正在分析原文件{0}'.format('*'*10))
self.pacpfile_del(values['folder'])
print('{0}数据处理完毕{0}'.format('*'*10))
else:
print('请先选择文件')
window.close()
if __name__ == '__main__':
deal_data = Pcap_analyze('can_mirror')
deal_data.windows()
完整的应用:
功能: 解析pcap报文,解析出需要的payload报文,并分析其中的数据书否丢帧
方法:
1.pacp的解析
2.窗口的创建
使用:
直接调用方法2,通过人机交互界面完成所有操做,无需输入任何参数
如图:
输出:
1.解析的文件
2.最后一帧的报文
3.总的UDP帧数的统计
浙公网安备 33010602011771号