我如何从传入的 dhcp 数据包中删除重复项?
How i remove duplicacy from incoming dhcp packets?
该怎么做才能在 mac 或 ip 更新之前不显示重复条目。
我只想在提到字段时打印
capture = pyshark.LiveCapture(interface='wlo2', bpf_filter='udp port 68')
capture.sniff_continuously(packet_count=16)
fields = {}
for packet in capture:
fields['mac'] = packet.dhcp.hw_mac_addr
try:
fields['vendor'] = packet.dhcp.option_vendor_class_id
fields['h_name'] = packet.dhcp.option_hostname
fields['ip'] = packet.dhcp.option_requested_ip_address
fields['sub_mask'] = packet.dhcp.option_subnet_mask
fields['server_ip'] = packet.dhcp.option_dhcp_server_id
fields['domain_name'] = packet.option.dhcp.option_domain_name
fields['dns'] = packet.dhcp.option_domain_name_server
except AttributeError:
pass
try:
print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
except KeyError:
print('key not found')```
```key not found
2021-12-02 11:08:19.485258 34:1c:f0:6a:c9:00 192.168.1.5 M2006C3MII-Redmi9 android-dhcp-10
2021-12-02 11:25:19.461249 e0:13:b5:8f:xx:xx 192.168.1.5 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:25:19.769917 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:26:44.359756 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
您需要自己对数据包进行重复数据删除,即通过将过去的数据包 ip/mac 组合存储在一个集合中
fields = {}
already_seen_mac_ips = set() # set of (mac, ip) tuples
for packet in capture:
fields['mac'] = packet.dhcp.hw_mac_addr
try:
fields['vendor'] = packet.dhcp.option_vendor_class_id
fields['h_name'] = packet.dhcp.option_hostname
fields['ip'] = packet.dhcp.option_requested_ip_address
fields['sub_mask'] = packet.dhcp.option_subnet_mask
fields['server_ip'] = packet.dhcp.option_dhcp_server_id
fields['domain_name'] = packet.option.dhcp.option_domain_name
fields['dns'] = packet.dhcp.option_domain_name_server
except AttributeError:
pass
try:
mac_ip = (fields['mac'], fields['ip'])
if mac_ip not in already_seen_mac_ips:
print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
already_seen_mac_ips.add(mac_ip)
except KeyError:
print('key not found')```
该怎么做才能在 mac 或 ip 更新之前不显示重复条目。 我只想在提到字段时打印
capture = pyshark.LiveCapture(interface='wlo2', bpf_filter='udp port 68')
capture.sniff_continuously(packet_count=16)
fields = {}
for packet in capture:
fields['mac'] = packet.dhcp.hw_mac_addr
try:
fields['vendor'] = packet.dhcp.option_vendor_class_id
fields['h_name'] = packet.dhcp.option_hostname
fields['ip'] = packet.dhcp.option_requested_ip_address
fields['sub_mask'] = packet.dhcp.option_subnet_mask
fields['server_ip'] = packet.dhcp.option_dhcp_server_id
fields['domain_name'] = packet.option.dhcp.option_domain_name
fields['dns'] = packet.dhcp.option_domain_name_server
except AttributeError:
pass
try:
print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
except KeyError:
print('key not found')```
```key not found
2021-12-02 11:08:19.485258 34:1c:f0:6a:c9:00 192.168.1.5 M2006C3MII-Redmi9 android-dhcp-10
2021-12-02 11:25:19.461249 e0:13:b5:8f:xx:xx 192.168.1.5 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:25:19.769917 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:26:44.359756 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
您需要自己对数据包进行重复数据删除,即通过将过去的数据包 ip/mac 组合存储在一个集合中
fields = {}
already_seen_mac_ips = set() # set of (mac, ip) tuples
for packet in capture:
fields['mac'] = packet.dhcp.hw_mac_addr
try:
fields['vendor'] = packet.dhcp.option_vendor_class_id
fields['h_name'] = packet.dhcp.option_hostname
fields['ip'] = packet.dhcp.option_requested_ip_address
fields['sub_mask'] = packet.dhcp.option_subnet_mask
fields['server_ip'] = packet.dhcp.option_dhcp_server_id
fields['domain_name'] = packet.option.dhcp.option_domain_name
fields['dns'] = packet.dhcp.option_domain_name_server
except AttributeError:
pass
try:
mac_ip = (fields['mac'], fields['ip'])
if mac_ip not in already_seen_mac_ips:
print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
already_seen_mac_ips.add(mac_ip)
except KeyError:
print('key not found')```