我正在尝试使用 pyshark 读取 pcap 文件。 pyshark 似乎创建了一个对象列表,其中每个对象 包含有关数据包内每一层的信息。
我只想评估数据包中是否存在一层。也许有人可以帮助我。
对象“层”的列表是这样的:
[<ETH Layer>, <IP Layer>, <SCTP Layer>, <DATA Layer>]
但是这个评估失败了,因为列表里面是对象而不是字符串。
if <ETH Layer> in layers: print "Yes, Ethernet layer exists"
if '<ETH Layer>' in layers: print "Yes, Ethernet layer exists"
下面是我的测试...
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import pyshark
>>> file = pyshark.FileCapture('C:\\files\\input.pcap')
>>> packet=file[0]
>>> layers=packet.layers
>>> layers
[<ETH Layer>, <IP Layer>, <SCTP Layer>, <DATA Layer>, <SCTP Layer>, <DATA Layer>]
>>> if packet.eth in layers: print "Yes, Ethernet layer exists"
...
Yes, Ethernet layer exists
>>>
Yes, Ethernet layer exists
>>> if '<ETH Layer>' in layers: print "Yes, Ethernet layer exists"
...
>>>
这个评估给出了正确的输出
if packet.eth in layers: print "Yes, Ethernet layer exists"
这 2 个失败,因为评估为 False
if <ETH Layer> in layers: print "Yes, Ethernet layer exists"
if '<ETH Layer>' in layers: print "Yes, Ethernet layer exists"
*更新:
如果我测试 packet.ip、packet.eth、packet.sctp,它仅在 ip、eth 或 sctp 层存在时才有效,如果某些层不存在(即 tcp),我会收到以下错误。
>>> if packet.tcp in layers: print "Yes, Ethernet layer exists"
...
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python27\lib\site-packages\pyshark\packet\packet.py", line 110, in __getattr__
raise AttributeError()
AttributeError
谢谢
最佳答案
<ETH Layer>不是实际对象,它就是 __repr__ 的内容对象的方法正在返回。您的 Python REPL 调用它来查看如何打印出已评估表达式的表示。同样,它可能会调用 __str__如果你问它print表达方式。比较这些:
>> packet.layers[0]
<ETH Layer>
>> print packet.layers[0]
Layer ETH:
Destination: 52:54:00:12:37:02 (52:54:00:12:37:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Address: 52:54:00:12:37:02 (52:54:00:12:37:02)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Source: 08:00:28:1d:ae:8b (08:00:28:1d:ae:8b)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 08:00:28:1d:ae:8b (08:00:28:1d:ae:8b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
但是为了从功能上回答你的问题,我相信如果你想看看你的数据包中是否存在一个层,你可以这样做:
if 'eth' in packet:
# ...
关于python - 检查对象是否在 pyshark 给出的列表中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34441342/