使用 python 从 pcap 文件读取 802.11 数据包

Read 802.11 packets from pcap file using python

我发现了类似的问题,但没有解决我的问题

我有一个包含一些 802.11 帧数据的 pcap 文件(下面是在 Wireshark 中打开的屏幕截图)

我尝试使用从 this 问题中找到的以下代码来阅读它。但它打印的全部内容如下:

代码:

from scapy.all import Dot11
from scapy.all import sniff

def parse(frame):
    if frame.haslayer(Dot11):
        print("ToDS:", frame.FCfield & 0b1 != 0)
        print("MF:", frame.FCfield & 0b10 != 0)
        print("WEP:", frame.FCfield & 0b01000000 != 0)
        print("src MAC:", frame.addr2)
        print("dest MAC:", frame.addr1)
        print("BSSID:", frame.addr3)
        print("Duration ID:", frame.ID)
        print("Sequence Control:", frame.SC)
        print(feature(frame))
        print("\n")

    else:
        print("Not dot11")


sniff(offline="./testData/test.pcap", prn=parse)

结果:

D:\Apps\Python3\python.exe F:/tes/pcapReader/main.py
Not dot11
Not dot11
Not dot11
Not dot11
...

据我所知,我的跟踪中没有 dot11 数据包,这令人困惑,因为根据 Wireshark 输出,大多数数据包的协议是 802.11。

我也试过使用 dpkt 802.11 package,但没有得到任何结果

我在这里错过了什么?

(我正在使用 Python3,如果有帮助的话)

我找到了这个名为 pyshark 的库。 它将 pcap 文件转换为 xml 以使其易于阅读,无论数据包的类型如何

我的代码:

import pyshark

cap = pyshark.FileCapture('./test.pcap')
try:
    print(cap[0]['WLAN'])
except:
    pass

结果:

Layer WLAN:
Frame check sequence: 0x4761f1b6 [correct]
0... .... = Order flag: Not strictly ordered
Receiver address: 01:0b:85:00:00:00
.... ..11 = DS status: WDS (AP to AP) or Mesh (MP to MP) Frame (To DS: 1 From DS: 1) (0x3)
Frame Control Field: 0x0803
Type/Subtype: Data (0x0020)
Transmitter address: f0:25:72:70:a3:a0
0000 .... = Subtype: 0
.... .0.. = More Fragments: This is the last fragment
1000 0111 1111 .... = Sequence number: 2175
.... 10.. = Type: Data frame (2)
FCS Status: Good
...0 .... = PWR MGT: STA will stay up
.... ..00 = Version: 0
.... .... .... 0000 = Fragment number: 0
Destination address: 01:0b:85:00:00:00
Source address: f0:25:72:70:a3:a0
.000 0000 0000 0000 = Duration: 0 microseconds
Flags: 0x03
.... 0... = Retry: Frame is not being retransmitted
..0. .... = More Data: No data buffered
.0.. .... = Protected flag: Data is not protected