代码如下,对于packet_data,有办法提取出应用层协议吗?
def producer(q):
try:
tcpdump_process = subprocess.Popen(
["tcpdump", "-i", str(wangkaname), "-U", "-s", "65535", "-w", "-"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
try:
pcap_header = tcpdump_process.stdout.read(24)
if pcap_header[:4] == b"\xa1\xb2\xc3\xd4": # big-endian
typeI = "!I"
typeH = "!H"
elif pcap_header[:4] == b"\xd4\xc3\xb2\xa1": # little-endian
typeI = "I"
typeH = "H"
else:
raise ValueError("Unknown pcap file format")
reader = PacketReader("../dataset/realdiswangka.csv")
while True:
try:
packet_header = tcpdump_process.stdout.read(16)
if not packet_header:
if tcpdump_process.poll() is not None:
break
continue
timeHigh = struct.unpack(typeI, packet_header[0:4])[0]
timeLow = struct.unpack(typeI, packet_header[4:8])[0]
timeStamp = 1000000 * timeHigh + timeLow
ts_sec, ts_usec, incl_len, orig_len = struct.unpack(
typeI + typeI + typeI + typeI, packet_header
)
packet_data = tcpdump_process.stdout.read(incl_len)
basicPacket = reader.get_ipv4_info(packet_data, timeStamp)
if basicPacket:
q.put(basicPacket)
except Exception as e:
print(f"发生了未知的错误: {e}")
except Exception as e:
print(f"发生了未知的错误: {e}")
finally:
tcpdump_process.terminate()
tcpdump_process.wait()
except Exception as e:
print(f"发生了未知的错误: {e}")
闽公网安备 35020302035485号
