python抓取数据包提取五元组

import struct import time, datetime import json def time_trans(GMTtime): # print(GMTtime) timeArray = time.localtime(GMTtime) otherStyleTime = time.strftime("%Y--%m--%d %H:%M:%S", timeArray) return otherStyleTime # 2013--10--10 23:40:00 class pcap_packet_header: def __init__(self): self.GMTtime = b'\x00\x00' self.MicroTime = b'\x00\x00' self.caplen = b'\x00\x00' self.lens = b'\x00\x00' try: import scapy.all as scapy except ImportError: import scapy try: # This import works from the project directory import scapy_http.http except ImportError: # If you installed this package via pip, you just need to execute this from scapy.layers import http packets = scapy.rdpcap('600S-pcap_for_replay-20181126.pcap') f =open("result.txt","w+") fpcap = open('600S-pcap_for_replay-20181126.pcap', 'rb') ftxt = open('result1.txt', 'w') string_data = fpcap.read() i = 24 k=0 dic_all={} ip_to=[] for p in packets: try: list_dic=[] dic = {} dic["Protocol"] = p[1].proto print(p[1].proto) dic["Destination"] = p[1].dst dic["Source"] = p[1].src ipto=str(p[1].dst)+'--'+str(p[1].src) if ipto not in ip_to: ip_to.append(ipto) dic["Sport"] = p[2].sport dic["Dport"]=p[2].dport GMTtime = string_data[i:i + 4] lens = string_data[i + 12:i + 16] packet_GMTtime = struct.unpack('I', GMTtime)[0] packet_GMTtime = time_trans(packet_GMTtime) dic["time"]=repr(packet_GMTtime) packet_len = struct.unpack('I', lens)[0] packet_data = (string_data[i + 16:i + 16 + packet_len]) dic["data"]=repr(packet_data) i = i + packet_len + 16 if ipto not in dic_all: dic_all[ipto]=list_dic dic_all[ipto].append(dic) # k+=1 # if(k>100): # break except AttributeError: continue f.close() print(dic_all) # for i in dic_all: # print(dic_all[i]) f1 =open("result1.json","w+") f1.writelines(json.dumps(dic_all)+'\n') f1.close()