scap1784 / dpkt Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/dpkt
License: Other
Automatically exported from code.google.com/p/dpkt
License: Other
dpkt ---- Fast, simple packet creation and parsing. We have no docs, but only sample code (see examples/) for now. --- http://dpkt.googlecode.com/
What steps will reproduce the problem?
1. installed dpkt using windows installer
2. started python
3. imported dpkt
What is the expected output? What do you see instead?
The python interpreted crashes.
What version of the product are you using? On what operating system?
1.7 windows installer
Please provide any additional information below.
This is running in a python(xy) environment.
Original issue reported on code.google.com by [email protected]
on 20 Jul 2010 at 4:19
Attachments:
To build under Python 2.6 I had to:
change line 734 to look like: self.failUnless(b4.open['as'] == 237)
change line 715 to look like this: self.failUnless(b4.open['as'] == 237)
It seems "as" is now a reserved word?
Thanks,
Mohamed.
Original issue reported on code.google.com by lrhazi
on 5 Dec 2008 at 5:10
What steps will reproduce the problem?
1. Import dpkt.
Python 2.6.1 (r261:67517, Dec 4 2008, 16:51:00) [MSC v.1500 32 bit
(Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import dpkt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\Lib\site-packages\dpkt\__init__.py", line 17, in <module>
import bgp
File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax
Once I fixed that, I got this:
>>> import dpkt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\Lib\site-packages\dpkt\__init__.py", line 17, in <module>
import bgp
File "C:\Python26\lib\site-packages\dpkt\bgp.py", line 715
self.failUnless(b4.open.as == 237)
^
So I fixed that, too. I think the problem is that "as" is a keyword in
Python >= 2.6.
dpkt 1.6 (from Windows EXE installer), on Windows 7 beta, on Python 2.6.1.
Original issue reported on code.google.com by snackypants
on 26 Mar 2009 at 6:49
The length of Attribute objects is not automatically calculated (the 'len'
field'). Please calculate the length automatically when encoding a Attribute
object.
As a workaround, I have to calculate the lengths manually, and to create the
attribute objects in two steps, e.g.:
raw_attributes = [
(0x40, dpkt.bgp.ORIGIN, dpkt.bgp.BGP.Update.Attribute.Origin(
type=dpkt.bgp.ORIGIN_IGP)),
...
]
attributes = [dpkt.bgp.BGP.Update.Attribute(
flags=f, len=len(a), type=t, data=a)
for f, t, a in raw_attributes]
This second step on the list of attribute objects could be avoided if Attribute
calculated the 'len' attribute automatically when assigning the 'data'
attribute, or when encoding the packet.
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 3:12
What steps will reproduce the problem?
1. Trying to run something that imports dpkt.
What is the expected output? What do you see instead?
...
File "./dpkt-svn/dpkt/__init__.py", line 25, in <module>
import rtap
ImportError: No module named rtap
What version of the product are you using? On what operating system?
SVN checkout.
Please provide any additional information below.
Maybe I'm retardo -- but I can't find anything about rtap in python.
Trying to get an app to work, but failing on this. Help?!?!?
Original issue reported on code.google.com by [email protected]
on 20 Feb 2009 at 1:43
What steps will reproduce the problem?
1. use pcap.Writer to create a pcap
2. od -X <> | head shows big-endian pcap file.
What is the expected output? What do you see instead?
Expected a little endian pcap on x86 platforms.
What version of the product are you using? On what operating system?
dpkt 1.7, Linux (Ubuntu 10.04 x86), Mac OS X (Snow Leopard 10.6.4 x86)
Please provide any additional information below.
--- pcap.py 2009-11-06 22:28:26.000000000 +0000
+++ pcap-new.py 2010-09-09 13:07:09.000000000 +0100
@@ -70,7 +70,10 @@
"""Simple pcap dumpfile writer."""
def __init__(self, fileobj, snaplen=1500, linktype=DLT_EN10MB):
self.__f = fileobj
- fh = FileHdr(snaplen=snaplen, linktype=linktype)
+ if sys.byteorder == 'little':
+ fh = LEFileHdr(snaplen=snaplen, linktype=linktype)
+ else:
+ fh = FileHdr(snaplen=snaplen, linktype=linktype)
self.__f.write(str(fh))
def writepkt(self, pkt, ts=None):
@@ -78,7 +81,12 @@
ts = time.time()
s = str(pkt)
n = len(s)
- ph = PktHdr(tv_sec=int(ts),
+ if sys.byteorder == 'little':
+ ph = LEPktHdr(tv_sec=int(ts),
+ tv_usec=int((float(ts) - int(ts)) * 1000000.0),
+ caplen=n, len=n)
+ else:
+ ph = PktHdr(tv_sec=int(ts),
tv_usec=int((float(ts) - int(ts)) * 1000000.0),
caplen=n, len=n)
self.__f.write(str(ph))
Original issue reported on code.google.com by [email protected]
on 9 Sep 2010 at 12:10
Hi,
there seems to be a typo/bug in ssl.py in the SSL2 class.
Unless I'm missing something, lines saying:
self.pad = self.data[1+n:1+n+pad]
self.data = self.data[1+n+pad:]
should really say:
self.pad = self.data[1+n:1+n+padlen]
self.data = self.data[1+n+padlen:]
HTH
Jirka
Original issue reported on code.google.com by [email protected]
on 27 May 2008 at 12:37
During the install of dpkt on a machine running python 2.6, the bgp.py file
contains 2 instances where property "as" is accessed on an object. "as" is
now a reserved keyword in Python 2.6 so maybe a quick change to the source
can help remedy this issue?
Original issue reported on code.google.com by [email protected]
on 1 Aug 2009 at 1:29
What steps will reproduce the problem?
data = """HTTP/1.x 200 OK\r\nSet-Cookie: first_cookie=cookie1; path=/;
domain=.example.com\r\nSet-Cookie: second_cookie=cookie2; path=/;
domain=.example.com\r\nContent-Length: 0\r\n\r\n"""
http = dpkt.http.Response(data)
print http
What is the expected output? What do you see instead?
Only the last server cookie "survives" [example script attached]
Original:
----------------------------------------
HTTP/1.x 200 OK
Set-Cookie: first_cookie=cookie1; path=/; domain=.example.com
Set-Cookie: second_cookie=cookie2; path=/; domain=.example.com
Content-Length: 0
----------------------------------------
Parsed:
----------------------------------------
HTTP/1.x 200 OK
set-cookie: second_cookie=cookie2; path=/; domain=.example.com
content-length: 0
----------------------------------------
What version of the product are you using? On what operating system?
dpkt 1.6 (Ubuntu + Windows XP), python 2.5.4
Please provide any additional information below.
The problem is in dpkt.http.parse_headers() - it doesn't take into account
multiple headers with the same name and thus overwrites the value of
"set-cookie" with the value of the last "Set-Cookie" header.
Multiple cookies are very common in real world traffic (i.e. google.com,
facebook.com)
Fixing this bug would really improve this excellent module (thanks dug!)
Original issue reported on code.google.com by [email protected]
on 29 Mar 2009 at 10:39
Attachments:
The BGP-4 spec says that the marker must be "all ones", which means all bits
set to one, not bytes equal to 0x01 as is currently done in Dpkt. This bug
prevents generating BGP-4 packets correctly without specifying the correct
marker field manually.
Specifically, please modify class dpkt.bgp.BGP to change:
('marker', '16s', '\x01' * 16),
into:
('marker', '16s', '\xff' * 16),
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 2:44
In __str__ in the class IP6, IP6 sets the checksum of the payload (TCP or
ICMP6) to
self.data.sum = dpkt.in_cksum_done(s + self.nxt + len(p))
The correct statement is
self.data.sum = dpkt.in_cksum_done(s + socket.htons(self.nxt + len(p)))
Original issue reported on code.google.com by [email protected]
on 15 Aug 2008 at 5:39
What steps will reproduce the problem?
Following code:
import pcap, dpkt
def pr(hdr,data):
print(`dpkt.ip.IP(data[14:])['src']`)
pc = pcap.pcap(None,1500,False)
pc.setfilter('udp')
##pc = pcap.pcap()
##pc.setfilter('udp')
pc.dispatch(10,pr)
shows mystery 'R\xb3A\x1e'
how to decode this?
Original issue reported on code.google.com by [email protected]
on 21 Apr 2008 at 1:43
ASPath objects can be correctly encoded when decoded from a captured packet.
But it is not possible to create a ASPath object in code and encode it without
errors.
Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to
the class, after importing it:
dpkt.bgp.BGP.Update.Attribute.ASPath.__hdr_fields__ = ()
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 2:53
Hello, im creating an arp broadcast packet like this:
import dpkt
import socket
import binascii
def eth_aton(buffer):
sp = buffer.split(':')
buffer = ''.join(sp)
return binascii.unhexlify(buffer)
arp = dpkt.arp.ARP()
arp.sha=eth_aton('00:24:8c:5b:11:ec')
arp.spa=socket.inet_aton('192.168.1.3')
arp.tha=eth_aton('00:00:00:00:00:00')
arp.tpa=socket.inet_aton('192.168.1.4')
arp.op=dpkt.arp.ARP_OP_REQUEST
eth=dpkt.ethernet.Ethernet()
eth.src=arp.sha
eth.dst=eth_aton('ff:ff:ff:ff:ff:ff')
eth.data=arp
eth.type=dpkt.ethernet.ETH_TYPE_ARP
And Im able to send the packet with a PF_PACKET RAW socket:
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
s.bind((device, dpkt.ethernet.ETH_TYPE_ARP))
s.send(str(eth))
Everyhting works great and Im able to get a reply, my question is How is
the network byte order handled? dpkt or the BSD socket handles it? I've
tried it in systems with different endiannesses and it works fine.
Original issue reported on code.google.com by [email protected]
on 28 Mar 2010 at 10:18
[deleted issue]
What steps will reproduce the problem?
1. extracting files
2. running setup.py install
3. -
What is the expected output? What do you see instead?
package should install to proper python installation dir
What version of the product are you using? On what operating system?
dpkt-1.6.tar.gz and Python 2.6
Please provide any additional information below.
There are two syntax errors in bgp.py
line 678 reads self.faiUnless(c.as == 65215)
line 678 should read self.faiUnless(c.asn == 65215)
line 715 reads self.faiUnless(b4.open.as == 237)
line 715 should read self.faiUnless(b4.open.asn == 237)
Correcting these lines allowed a successfully install
Original issue reported on code.google.com by [email protected]
on 22 Feb 2010 at 4:30
What steps will reproduce the problem?
1. # python setup.py install
What is the expected output? What do you see instead?
File "setup.py", line 4, in <module>
import dpkt
File "/home/super/dpkt-1.6/dpkt/__init__.py", line 17, in <module>
import bgp
File "/home/super/dpkt-1.6/dpkt/bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax
What version of the product are you using? On what operating system?
Python 2.6.4 [GCC 3.4.6]
Kernel: 2.6.10-72032U10_12clsmp (too old, but necessary for the moment)
Please provide any additional information below.
This is an syntax error because of attribute named "as" what is an python
reserved word, i make some changes in the file "bgp.py" and all works
pretty, the patch file is in attachment.
Original issue reported on code.google.com by [email protected]
on 4 Feb 2010 at 12:30
Attachments:
Update objects can be correctly encoded when decoded from a captured packet.
But it is not possible to create a Update object in code and encode it without
errors.
Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to
the class, after importing it:
dpkt.bgp.BGP.Update.__hdr_fields__ = ()
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 2:52
Diff attached.
Original issue reported on code.google.com by [email protected]
on 17 Dec 2008 at 3:08
Attachments:
replace in line 81
tv_usec=int((int(ts) - float(ts)) * 1000000.0)
with
tv_usec=int((float(ts) - int(ts)) * 1000000.0)
tnx
Manuel.
Original issue reported on code.google.com by [email protected]
on 20 Mar 2007 at 9:21
dpkt docs suck
Original issue reported on code.google.com by dugsong
on 8 Nov 2006 at 3:48
What steps will reproduce the problem?
enrico@enrico-laptop:~/workspace/Murena/lib/dpkt-1.6$ sudo python setup.py
Traceback (most recent call last):
File "setup.py", line 4, in <module>
import dpkt
File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/__init__.py", line
17, in <module>
import bgp
File "/home/enrico/workspace/Murena/lib/dpkt-1.6/dpkt/bgp.py", line 678
self.failUnless(c.as == 65215)
^
SyntaxError: invalid syntax
What version of the product are you using? On what operating system?
Ubuntu 9.10
Python 2.6.2+ (release26-maint, Sep 24 2009, 06:46:17)
[GCC 4.4.1] on linux2
Original issue reported on code.google.com by [email protected]
on 1 Oct 2009 at 3:09
I'm trying to use DPKT to parse a PCAP file and getting an exception thrown
in the pcap.py module.
My code:
import dpkt
f = open('capture.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
print tcp.sport, tcp.dport, len(tcp.data)
f.close()
Breaks in the following module:
def __iter__(self):
self.__f.seek(FileHdr.__hdr_len__)
while 1:
buf = self.__f.read(PktHdr.__hdr_len__)
if not buf: break
hdr = self.__ph(buf)
buf = self.__f.read(hdr.caplen)
It breaks in the last line with this error:
exceptions.OverflowError: long int too large to convert to int
Wireshark displays the data fine and I don't see anything that looks like
it would be a problem. The traffic is a mix of TCP and UDP it it breaks on
a UDP packet.
Any ideas?
Original issue reported on code.google.com by [email protected]
on 6 Nov 2009 at 10:30
It would be great if there was support for VLAN tagging of Ethernet frames.
There seems to be support for understanding a tagged packet, but not for
actually tagging them.
I've roughly added support myself, but no where near ready for a patch. But
I will keep going and hopefully submit something.
I just wanted to lodge here in case it was already being worked on?
Original issue reported on code.google.com by [email protected]
on 18 Mar 2010 at 10:06
What steps will reproduce the problem?
1. Installing latest version of py2xe
2. Compiling a project which references dpkt package
3. Examine error message
What is the expected output? What do you see instead?
It is expected to run smoothly, but instead... (here's the traceback message)
C:\Projects\pwcb-python\dist>pwcb.exe
Traceback (most recent call last):
File "pwcb.py", line 5, in <module>
File "dpkt\__init__.pyc", line 24, in <module>
File "dpkt\ethernet.pyc", line 113, in <module>
File "dpkt\ethernet.pyc", line 102, in __load_types
WindowsError: [Error 2] The system cannot find the path specified:
'C:\\Projects
\\pwcb-python\\dist\\library.zip\\dpkt/*.*'
What version of the product are you using? On what operating system?
Version 1.6 of dpkt and version 0.6.6 of py2exe on Windows XP.
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 11 Jul 2007 at 1:24
class P(dpkt.Packet):
__hdr__ = (('a','B',0))
won't work
class P(dpkt.Packet):
__hdr__ = [('a','B',0)]
works.
Original issue reported on code.google.com by [email protected]
on 15 Mar 2007 at 9:59
The 'as' variable used in the bgps Open, Aggregator and Community classes
will generate a syntax error when used with python 2.6 (2.5 gives a
warning, the integrated python interpreter in eric - also 2.5 - already
bails out)
"as" will become a reserved keyword in python 2.6. See warning in python 2.5.2
'as' should be changed to something like 'asn' or 'asnumber' which works.
Original issue reported on code.google.com by [email protected]
on 19 Aug 2008 at 4:51
Hi,
the packages on the "Downloads" page are way behind the current code in
the SVN (one bug cost me quite a bit of time before I realized this :)
I think that these packages do deserve updating and the version number
should be bumped to 1.7 or whatever to mark that there are differences.
Thoughts?
Cheers
Jirka Vejrazka
Original issue reported on code.google.com by [email protected]
on 16 Apr 2009 at 2:20
What steps will reproduce the problem?
1. Load up an off line pcap (I am using Core Security's Pcapy)
2. Instantiate a tcp packet object with dpkt.tcp.TCP(packet_data)
3. Print sport dport, and it is wrong
What is the expected output? What do you see instead?
In the packet capture data I had I was expecting the value to 2001, which
would have been the server port connecting too and from. The dsport is
also incorrect.
What version of the product are you using? On what operating system?
I am using the latest from the repository and the operating system is
linux.
Please provide any additional information below.
I tried to debug the issue, but I have not been able to identify the
problem as of yet.
Original issue reported on code.google.com by [email protected]
on 27 Jul 2007 at 9:41
Attachments:
Please make dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment objects set the
'len' field automatically to the length of the 'path' list, when encoding.
Currently, the 'len' field has to be set manually by the caller, which is
error-prone, e.g.:
dpkt.bgp.BGP.Update.Attribute.ASPath.ASPathSegment(
type=dpkt.bgp.AS_SEQUENCE,
len=1, # could be automatically set to len(path)
path=[64512])
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 2:59
try using ip.src or ip.dst, returns are not as expected :-/
What is the expected output? What do you see instead?
expected: 10.42.0.something
got: *$
What version of the product are you using? On what operating system?
1.6 on ubuntu
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 26 Jan 2010 at 4:55
The problem is that the total length of a SCTP chunk MUST be a multiple of 4
bytes but the actual decoder just use the length field of the chunk and ignore
the padding bytes.
Attached files:
sctp.pcap: a pcap file which contains a SCTP packet that the actual decoder
fails to parse.
sctp.patch: a patch which, I hope, solve the problem.
Original issue reported on code.google.com by [email protected]
on 8 Sep 2010 at 8:55
Attachments:
Put more clearly, when an HTTP response, say, 304 Not Modified, has no body but
still has a content-type header, all data after that in the stream is consumed.
What steps will reproduce the problem?
1. Unpack attached zip file
2. Run dpkt_bug.py, which attempts to construct dpkt.http.Response's with the
data in the file stream.txt, included.
This program prints the number of responses parsed. There are two responses in
the file, but only one is detected, with the other response as its body. You
can see this if you print the responses instead of just the length of the list.
This test was run on Windows Vista with dpkt 1.7.
Original issue reported on code.google.com by [email protected]
on 27 Sep 2010 at 10:40
Attachments:
Keepalive objects can be correctly encoded when decoded from a captured packet.
But it is not possible to create a Keepalive object in code and encode it
without errors.
Until this bug is fixed, a workaround is to add a __hdr_fields__ attribute to
the class, after importing it:
dpkt.bgp.BGP.Keepalive.__hdr_fields__ = ()
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 2:53
ASPath objects accepts an ASPathSegment object in its 'segments' field.
However, this field is not printed when representing the object. Only the
'data' field is printed.
When an object is decoded, the 'data' field is set to the value of the
'segments' field, so it is represented correctly, but it's not the case when an
object is created in code.
Same problem in ASPathSegment: the 'data' field should be set to the value of
the 'path' field.
As a workaround, I have to set the 'data' fields manually, after creating the
objects:
for a in paths: # ASPath objects
a.data = a.segments
for s in a.segments: # ASPathSegment objects
s.data = s.path
Please do that automatically, or use the 'segments' and 'path' fields to
represent those objects, instead of the 'data' fields.
This is not essential, but very useful for debugging.
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 3:05
Please change as in bgp module because with python2.6 bgp.as conflicts with
as reserved keyword. I renamed to AS (capitalized) and it worked.
Original issue reported on code.google.com by [email protected]
on 13 Jun 2009 at 3:04
import dpkt
import socket
import struct,string
def eth_aton(buffer):
addr =''
temp = string.split(buffer,':')
buffer = string.join(temp,'')
for i in range(0, len(buffer), 2):
addr = ''.join([addr,struct.pack('B', int(buffer[i: i + 2], 16))],)
return addr
#############
### here is some secret sauce
### dpkt does not have this for some reason
### but you gotta have this header
### \xaa\xaa is for SNAP packet
### \x03 for Control field
### \x00\x00\x0c is Cisco org code
### the " \x00" somehow comes out to 0x2000, protocol id for CDP
############
cdp_header='\xaa\xaa\x03\x00\x00\x0c \x00'
###############
### more sauce
### this is the ethernet multicast addr
### for cdp messages HA! 01:00:0c:cc:cc:cc
###############
eth_dst = '\x01\x00\x0c\xcc\xcc\xcc'
#######
##change if you like, 00:07:85 OID for Cisco
#########
ipaddr = "192.168.0.1"
src_eth = "00:07:85:12:34:56"
###################################################################
###################################################################
def make_addr(ipaddr): ## make an address packet for a TLV
tmp_addr = dpkt.cdp.CDP.Address()
tmp_addr.data = socket.inet_aton(ipaddr)
return tmp_addr.pack()
def make_tlv(addpack): ## take address packet and put in TLV (type,len,value)
tmp_tlv = dpkt.cdp.CDP.TLV()
tmp_tlv.data = addpack
tmp_tlv.type = dpkt.cdp.CDP_ADDRESS
tmp_tlv.len = tmp_tlv.__len__()
#########
### this is to make up for prob with the dpkt libs, trying to mod lib code
### appears to not pack TLVs with type == CDP_addresses right
### TLVS with type=address include a number in front that
### is how many addresses to follow. dpkt uses len of data field, while I am
### using len/9 because my test data has len of 9 (so an 18 byte field has 2
### addresses - DRM
#########
j = struct.pack('>I', len(tmp_tlv.data)/9)
data = tmp_tlv.pack_hdr() + j + tmp_tlv.data
return data
def make_cdp(data): ## and now the CDP packet part
tmp_cdp = dpkt.cdp.CDP()
tmp_cdp.data = data
tmp_cdp.sum=dpkt.in_cksum(tmp_cdp.data)
return tmp_cdp.pack()
def make_ethf(data,src,dst): ##and then the ethernet frame
tmp_eth = dpkt.ethernet.Ethernet()
tmp_eth.data = cdp_header+data
tmp_eth.dst = dst
tmp_eth.src = src
tmp_eth.type = len(tmp_eth.data) ## for a SNAP packet, the type= len
return tmp_eth.pack()
################################################################
### build it
################################################################
eth_src = eth_aton(src_eth)
addrpacket = make_addr(ipaddr)
tlv_packet = make_tlv(addrpacket)
cdp_packet = make_cdp(tlv_packet)
eth_frame = make_ethf(cdp_packet,eth_src,eth_dst)
########################################33
### open the socket
#########################################
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
s.bind(("eth0",dpkt.ethernet.ETH_TYPE_CDP))
##########################################
### fire off 3 packets
#########################################
for i in range(3):
s.send(eth_frame)
###################
### close it
##################
s.close()
Original issue reported on code.google.com by [email protected]
on 23 Apr 2008 at 11:26
When unwrapping the results of a packet read off the wire with pcapy, ip.IP
completely explodes.
It tries to get the attribute "slice(None, 20, None)" and throws
"TypeError: getattr(): attribute name must be string".
-----
import pcapy
import dpkt.ethernet as ethernet
import dpkt.ip as ip
import dpkt.dns as dns
from optparse import OptionParser
def pcap_callback(hdr, pkt):
frame = ethernet.Ethernet(pkt)
packet = ip.IP(frame.data)
def main(iface):
pcap = pcapy.open_live(iface, 0xffff, 1, 15)
pcap.setfilter('udp port 53')
while True:
pcap.dispatch(-1, pcap_callback)
if __name__ == '__main__':
op = OptionParser()
op.add_option('-i', '--interface', dest='iface',
default=pcapy.lookupdev(), help="Interface to listen on.")
(opts, args) = op.parse_args()
main(opts.iface)
-----
Traceback is:
-----
Traceback (most recent call last):
File "dnswatch.py", line 29, in <module>
main(opts.iface)
File "dnswatch.py", line 20, in main
pcap.dispatch(-1, pcap_callback)
File "dnswatch.py", line 11, in pcap_callback
packet = ip.IP(frame.data)
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 72, in
__init__
self.unpack(args[0])
File "/usr/local/lib/python2.5/site-packages/dpkt/ip.py", line 53, in unpack
dpkt.Packet.unpack(self, buf)
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 127, in
unpack
struct.unpack(self.__hdr_fmt__, buf[:self.__hdr_len__])):
File "/usr/local/lib/python2.5/site-packages/dpkt/dpkt.py", line 88, in
__getitem__
try: return getattr(self, k)
TypeError: getattr(): attribute name must be string
-----
The code's being run on Python 2.5.2 on FreeBSD 7. This occurs in the
latest version of the code checked out from SVN.
Original issue reported on code.google.com by [email protected]
on 14 Dec 2008 at 10:01
The length of BGP objects is not automatically calculated (the 'len' field').
Please calculate the length automatically when encoding a BGP object.
As a workaround, I have to calculate the length manually this way:
msg = ...
msg_with_headers = dpkt.bgp.BGP(len=dpkt.bgp.BGP.__hdr_len__ + len(msg),
type=msg_type)
msg_with_headers.data = msg
Original issue reported on code.google.com by [email protected]
on 5 Aug 2010 at 3:15
I get the following when I try to install the library under Python 2.6:
C:\proj\python\dpkt-1.6>python setup.py install
Traceback (most recent call last):
File "setup.py", line 4, in <module>
import dpkt
File "C:\proj\python\dpkt-1.6\dpkt\__init__.py", line 17, in <module>
import bgp
File "C:\proj\python\dpkt-1.6\dpkt\bgp.py", line 678
self.failUnless(c.as == 65215)
The problem seems to stem from BGP defining a field that shares the same
name as a keyword: 'as'. Changing this to 'AS', and changing all
references to the field to the same cleared the issue, and I was able to
install.
The modified file is attached.
Original issue reported on code.google.com by [email protected]
on 30 Jun 2009 at 3:16
Attachments:
I got a problem after I generate exe with pyinstaller. It shows that dpkt
use some hacking way to import module. After I view the source code of
dpkt. I found that:
# XXX - auto-load Ethernet dispatch table from ETH_TYPE_* definitions
def __load_types():
import os
d = dict.fromkeys([ x[:-3] for x in
os.listdir(os.path.dirname(__file__) or '.') if x.endswith('.py') ])
g = globals()
for k, v in g.iteritems():
if k.startswith('ETH_TYPE_'):
name = k[9:]
modname = name.lower()
if modname in d:
mod = __import__(modname, g)
Ethernet.set_type(v, getattr(mod, name))
This hacking code load modules dynamically, so once it is packaged as exe
or something else, that function visit a wrong path like this
"\\buildcards\\out1.pyz/*.*"
Could you fix the problem by not to use strange hacking way to load
modules? Or provide some way to customize that behavior.
Thanks.
Original issue reported on code.google.com by [email protected]
on 30 May 2009 at 10:17
What steps will reproduce the problem?
First off, if you run this code from the tutorial with the added print
statement.
#!/usr/bin/env python
import dpkt
f = open('test.pcap')
pcap = dpkt.pcap.Reader(f)
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
if tcp.dport == 80 and len(tcp.data) > 0:
http = dpkt.http.Request(tcp.data)
print http.uri
print ts
f.close()
You will see a number similar to this
1234567890.12
Where is the microsecond resolution?
What is the expected output? What do you see instead?
1234567890.123456789 would be the expected output (like wireshark when it opens
the same file)
What version of the product are you using? On what operating system?
Version 1.7
Linux Fedora Core 11
Please provide any additional information below.
In addition to this I would like to modify the code so it works with the nano
extensions to pcap, which gives the time format 3 extra digits after the 0 for
the time stamp. Any suggestions on where to start to parse this data
differently ??
Original issue reported on code.google.com by [email protected]
on 30 Aug 2010 at 4:59
Python 2.6.5 (release26-maint, Jun 23 2010, 10:41:00)
[GCC 4.3.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dpkt
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/dpkt/__init__.py", line 24, in <module>
import ethernet
File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 128, in <module>
__load_types()
File "/usr/lib/python2.6/site-packages/dpkt/ethernet.py", line 122, in __load_types
mod = __import__(modname, g)
File "/usr/lib/python2.6/site-packages/dpkt/ip6.py", line 95, in <module>
import ip
File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 255, in <module>
__load_protos()
File "/usr/lib/python2.6/site-packages/dpkt/ip.py", line 245, in __load_protos
for k, v in g.iteritems():
RuntimeError: dictionary changed size during iteration
Quick fix:
--- /usr/lib/python2.6/site-packages/dpkt/ip.py~ 2010-03-26
04:53:51.000000000 +0200
+++ /usr/lib/python2.6/site-packages/dpkt/ip.py 2010-07-06 18:54:05.013117134
+0300
@@ -242,7 +242,7 @@
# XXX - auto-load IP dispatch table from IP_PROTO_* definitions
def __load_protos():
g = globals()
- for k, v in g.iteritems():
+ for k, v in list(g.iteritems()):
if k.startswith('IP_PROTO_'):
name = k[9:].lower()
try:
Original issue reported on code.google.com by [email protected]
on 6 Jul 2010 at 4:00
What steps will reproduce the problem?
1. try to have managenent frame (becon )
2.
3.
What is the expected output? What do you see instead?
I suggest to add Manaagement frame in to ieee80211( Probe Request,Probe
Response, Beacon,Disassociate)
What version of the product are you using? On what operating system?
Linux version 2.6.32-24-generic (buildd@palmer) (gcc version 4.4.3 (Ubuntu
4.4.3-4ubuntu5, Python 2.6.5
Please provide any additional information below.
So I did a patch to do that
Original issue reported on code.google.com by [email protected]
on 13 Sep 2010 at 8:38
Attachments:
From examining the SVN checkout, there appears to be no support for IPv6
extension headers within dpkt.
The reason I ask is that it isn't currently possibly to guarantee the
ability to detect the payload protocol of an IPv6 packet.
In the instance that there are no extension headers, then the 'nxt' header
attribute is set to the payload protocol. However, if there are any
extension headers there is no way to follow the header chain to find the
payload protocol (or if desired, decode the extension headers).
Is there any code floating around to provide this support, or is it the
case that it simply hasn't been implemented in dpkt?
Thanks
Original issue reported on code.google.com by o.a.stephens
on 2 Mar 2010 at 6:29
If pigment python is installed, dpkt 1.7 fails with the error below:
Traceback (most recent call last):
File "./setup.py", line 4, in <module>
import dpkt
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/__init__.py", line 24, in <module>
import ethernet
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 128, in <module>
__load_types()
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ethernet.py", line 122, in __load_types
mod = __import__(modname, g)
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip6.py", line 95, in <module>
import ip
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 255, in <module>
__load_protos()
File "/usr/obj/i386/py-dpkt-1.7/dpkt-1.7/dpkt/ip.py", line 252, in __load_protos
IP.set_proto(v, getattr(mod, name.upper()))
AttributeError: 'module' object has no attribute 'PGM'
This was found in OpenBSD 4.7/x86 but the error is not OS specific.
Attached diff should fix it.
Thanks.
Original issue reported on code.google.com by [email protected]
on 20 Jun 2010 at 2:02
Attachments:
What steps will reproduce the problem?
1. Get a PCAP with PPI info (e.g., in Kismet)
2. Try to open it using dpkt with the code on http://www.jjguy.com/pcaputils/
What is the expected output? What do you see instead?
I see:
Traceback (most recent call last):
File "parser2.py", line 4, in <module>
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
File "/usr/lib/pymodules/python2.6/dpkt/pcap.py", line 105, in __init__
self.dloff = dltoff[self.__fh.linktype]
KeyError: 192
What version of the product are you using? On what operating system?
1.6+svn54-1 on Ubuntu 10.04
Please provide any additional information below.
http://nmap.org/svn/libpcap/pcap-common.c defines 'LINKTYPE_PPI' as '192'.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.9.pdf provides
PPI spec.
NOTE: even if it isn't worth it to support PPI may I sugest a better error
message for it than an exception?
Original issue reported on code.google.com by [email protected]
on 17 Aug 2010 at 5:00
What steps will reproduce the problem?
1. use dpkt.pcap.Reader to read a pcap file
2. use dpkt.pcap.Writer to write it in a new file
What is the expected output? What do you see instead?
The expected output is a positive microsecond number instead a negative
number is stored.
What version of the product are you using? On what operating system?
Latest stable version of dpkt, on Ubuntu 9.04
Please provide any additional information below.
Small issue. It can be easily fixed by interchanging the two numbers.
Instead of
pcap.py:81:tv_usec=int((int(ts) - float(ts)) * 1000000.0),
use tv_usec=int((float(ts) - int(ts)) * 1000000.0);
Original issue reported on code.google.com by [email protected]
on 15 Oct 2009 at 11:37
As mentioned early it's impossible to use dpkt with some distribution tools
due to it __load_xxx functions implementaions. Patch is attached.
Original issue reported on code.google.com by [email protected]
on 21 Aug 2009 at 9:05
Attachments:
The MetaPacket changes in r39 break LEPktHdr and LEFileHdr of pcap.py (and
any other similar classes). Since the clsdict only contains the
__byte_order__ endianess modifier and inherits the __hdr__ from the base
class, the __hdr_fmt__ won't be set in MetaPacket's __new__.
Patch attached to add a testcase to pcap.py that exercises the issue.
Original issue reported on code.google.com by [email protected]
on 28 Jul 2007 at 6:47
Attachments:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.