使用pyshark显示双vlan
Display double vlan using pyshark
如果你有多个 vlan,例如我有这个数据包,你怎么能得到一份 vlan 列表..
Layer ETH:
Destination: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
Source: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
Layer VLAN:
Trailer: 8dbdde29
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 0110 0100 = ID: 100
Type: IP (0x0800)
Layer IP:
....
Layer UDP:
....
如果我使用 pyshark,我只会得到内部 vlan。
>>> print cap[0]['vlan']
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
我希望得到与 tshark 相同的结果:
tshark -r filename.pcap -T fields -e vlan.id
100,200
管理 github 上的讨论:https://github.com/KimiNewt/pyshark/issues/80
获得双vlan的简单方法是:
vlan1, vlan2 = pkt[1], pkt[2]
或明确地:
vlan1, vlan2 = pkt.layers[1], pkt.layers[2]
如果你有多个 vlan,例如我有这个数据包,你怎么能得到一份 vlan 列表..
Layer ETH:
Destination: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:99:88:77:66:55 (00:99:88:77:66:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
Source: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Address: 00:11:22:33:44:55 (00:11:22:33:44:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
Layer VLAN:
Trailer: 8dbdde29
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 0110 0100 = ID: 100
Type: IP (0x0800)
Layer IP:
....
Layer UDP:
....
如果我使用 pyshark,我只会得到内部 vlan。
>>> print cap[0]['vlan']
Layer VLAN:
...0 .... .... .... = CFI: Canonical (0)
000. .... .... .... = Priority: Best Effort (default) (0)
.... 0000 1100 1000 = ID: 200
Type: 802.1Q Virtual LAN (0x8100)
我希望得到与 tshark 相同的结果:
tshark -r filename.pcap -T fields -e vlan.id
100,200
管理 github 上的讨论:https://github.com/KimiNewt/pyshark/issues/80
获得双vlan的简单方法是:
vlan1, vlan2 = pkt[1], pkt[2]
或明确地:
vlan1, vlan2 = pkt.layers[1], pkt.layers[2]