+关注
已关注

分类  

暂无分类

标签  

暂无标签

日期归档  

2020-03(49)

2020-04(67)

2020-05(28)

2020-06(46)

2020-07(42)

python parse tcpdump -i eth

发布于2020-07-25 22:39     阅读(1043)     评论(0)     点赞(14)     收藏(4)


0

1

2

3

4

5

  1. #!/usr/bin/python
  2. import os
  3. import sys
  4. import time
  5. import re
  6. import math
  7. import socket
  8. #10:27:36.422139 00:00:00:05:81:01 (oui Ethernet) > 00:00:00:00:81:01 (oui Ethernet), ethertype Unknown (0x8200), length 136:
  9. # 0x0000: 0000 0000 8101 0000 0005 8101 8200 a3e8
  10. # 0x0010: 1830 0000 0000 0000 006c 0000 0000 0000
  11. # 0x0020: 0000 0000 0000 0000 0000 0000 0001 0000
  12. # 0x0030: 0000 0000 0000 0000 0000 011b 1900 0000
  13. # 0x0040: a000 0000 0001 88f7 0002 002c 1800 0000
  14. # 0x0050: 318b 5a8a baef 0000 0000 0000 0000 0000
  15. # 0x0060: 0000 0001 0001 e567 00fc 0000 5f0e 7417
  16. # 0x0070: 1b05 04db 0000 0100 0004 0000 0000 0000
  17. # 0x0080: 1621 ce74 a575 7e68
  18. #10:27:36.466652 00:00:00:05:81:01 (oui Ethernet) > 00:00:00:00:81:01 (oui Ethernet), ethertype Unknown (0x8200), length 144:
  19. # 0x0000: 0000 0000 8101 0000 0005 8101 8200 a3e8
  20. # 0x0010: 1830 0000 0000 0000 0074 0000 0000 0000
  21. # 0x0020: 0000 0000 0000 0000 0000 0000 0001 0000
  22. # 0x0030: 0000 0000 0000 0000 0000 011b 1900 0000
  23. # 0x0040: a000 0000 0001 88f7 0902 0036 1800 0000
  24. # 0x0050: 0000 0000 2458 0000 0000 0000 0000 0000
  25. # 0x0060: 0000 0001 0001 6cb5 03fc 0000 5f0e 7417
  26. # 0x0070: 1dac 2fc5 089c 86ff 0100 f74a 0001 0100
  27. # 0x0080: 0004 0000 0000 0000 1621 ce74 a81c b088
  28. #10:27:36.484633 00:00:00:05:81:01 (oui Ethernet) > 00:00:00:00:81:01 (oui Ethernet), ethertype Unknown (0x8200), length 140:
  29. # 0x0000: 0000 0000 8101 0000 0005 8101 8200 a3e8
  30. # 0x0010: 1830 1224 0000 0000 0070 0000 0000 0000
  31. # 0x0020: 0000 0000 0000 0000 0000 0000 0001 0000
  32. # 0x0030: 0000 0000 0000 0000 0000 011b 1900 0000
  33. # 0x0040: a000 0000 0001 88a8 0bbc 88f7 0b02 0040
  34. # 0x0050: 1800 003c 0000 0000 0000 0000 0000 0000
  35. # 0x0060: 0000 0000 0000 0001 0001 f2b4 05fd 0000
  36. # 0x0070: 0000 0000 0000 0000 0025 0080 0621 ffff
  37. # 0x0080: 8000 0000 0000 0000 0100 00a0
  38. pat_del = re.compile("(0x[0-9]{4}:)", re.I)
  39. class TpsPacket:
  40. def __init__(self):
  41. self._ethline=""
  42. self._bytelen=0
  43. self._linenum=0
  44. self._conline=""
  45. self._pkttime=""
  46. self._cvid =0
  47. self._svid =0
  48. self._dmac =""
  49. self._smac =""
  50. self._ethtype=""
  51. ''' mesgtype msglen domain flagfield CF sourceportidentity seqid ctrlfield interval '''
  52. self._commhead={}
  53. ''' utcoffset stepremoved '''
  54. self._anno={}
  55. '''originTimestamp'''
  56. self._sync={}
  57. self._delayreq={}
  58. ''' receiveTimestamp requestingPortIdentity '''
  59. self._delayresp={}
  60. '''fpgalogicid vlan rxtime '''
  61. self._tlv={}
  62. def dumpcomm(self):
  63. if self._ethtype != "PTP":
  64. return
  65. print self._commhead['mesgtype'], " Time ", self._pkttime
  66. print self._commhead['mesgtype'], " MAC ", self._smac, "-->", self._dmac
  67. print self._commhead['mesgtype'], " SVID ", self._svid
  68. print self._commhead['mesgtype'], " CVID ", self._cvid
  69. print self._commhead['mesgtype'], " Domain ", self._commhead['domain']
  70. print self._commhead['mesgtype'], " Flag ", self._commhead['flagfield']
  71. print self._commhead['mesgtype'], " CF ", self._commhead['CF']
  72. print self._commhead['mesgtype'], " Seq ", self._commhead['seqid']
  73. def dumpspecial(self):
  74. if self._ethtype != "PTP":
  75. return
  76. if self._commhead['mesgtype'] =="ANNO":
  77. pass
  78. elif self._commhead['mesgtype'] =="SYNC":
  79. print self._commhead['mesgtype'], " t1 ", self._sync['originTimestamp']
  80. if self._tlv['rxtime'] != "":
  81. print self._commhead['mesgtype'], " t2 ", self._tlv['rxtime']
  82. elif self._commhead['mesgtype'] =="REQ":
  83. pass
  84. elif self._commhead['mesgtype'] =="RESP":
  85. print self._commhead['mesgtype'], " t4 ", self._delayresp['receiveTimestamp']
  86. else:
  87. pass
  88. print "\n"
  89. def to_portidenty(self, sid):
  90. return "ClockIdentity(" + sid[0:2] + ":" + sid[2:4] + ":" + sid[4:6] + ":" \
  91. + sid[6:8] + ":" + sid[8:10] + ":" + sid[10:12] + ":" + sid[12:14] + ":"\
  92. + sid[16:18] + ")/PortNumber(" + sid[19:] + ")"
  93. def to_mac(self, mac):
  94. return mac[0:2] + ":" + mac[2:4] + ":" + mac[4:6] + ":" + mac[6:8] + ":" + mac[8:10] + ":" + mac[10:12]
  95. def parse_comm_head(self, ptphead):
  96. #print("ptphead:", ptphead)
  97. pos = 0
  98. if ptphead[pos:pos+4]== "0b02":
  99. self._commhead['mesgtype'] ="ANNO"
  100. elif ptphead[pos:pos+4] == "0002":
  101. self._commhead['mesgtype'] ="SYNC"
  102. elif ptphead[pos:pos+4] == "0102":
  103. self._commhead['mesgtype'] ="REQ"
  104. elif ptphead[pos:pos+4] == "0902":
  105. self._commhead['mesgtype'] ="RESP"
  106. else:
  107. self._commhead['mesgtype'] ="UNKNOWN"
  108. pos = pos + 4
  109. self._commhead['msglen'] = int(ptphead[pos:pos+4],16)
  110. pos = pos + 4
  111. self._commhead['domain'] = int(ptphead[pos:pos+2],16)
  112. ''' reseverd'''
  113. pos = pos + 2
  114. '''flagfiled'''
  115. pos = pos + 2
  116. self._commhead['flagfield']= "0x" + (ptphead[pos:pos+4])
  117. '''CF'''
  118. pos = pos + 4
  119. self._commhead['CF']= int(ptphead[pos:pos+16],16)/65536
  120. '''reserved'''
  121. pos = pos + 16
  122. ''' tphead[pos:pos+8]'''
  123. '''sourcePortIdentity '''
  124. pos = pos + 8
  125. sid = ptphead[pos:pos+20]
  126. self._commhead['sourceportidentity'] = self.to_portidenty(sid)
  127. '''seqid'''
  128. pos = pos + 20
  129. self._commhead['seqid']= int(ptphead[pos:pos+4],16)
  130. '''controlfield '''
  131. pos = pos + 4
  132. self._commhead['ctrlfield']= int(ptphead[pos:pos+2],16)
  133. pos = pos + 2
  134. self._commhead['interval']= int(ptphead[pos:pos+2],16) -0x100
  135. #print(self._commhead)
  136. def parse_ptp_anno(self, annobody):
  137. #print("anno body:", annobody)
  138. pos = 0
  139. self._anno['timestamp']= int(annobody[pos:pos+20],16)
  140. self._anno['utcoffset'] = int(annobody[pos+20:pos+24],16)
  141. self._anno['grandmasterPriority1'] = int(annobody[pos+26:pos+28],16)
  142. self._anno['stepremoved'] = int(annobody[pos+54:pos+58],16)
  143. #print(self._anno)
  144. def parse_ptp_syn(self, syncbody):
  145. #print("sync body:", syncbody)
  146. pos = 0
  147. self._sync['originTimestamp']=str(int(syncbody[pos+4:pos+12],16)) + "." + str(int(syncbody[pos+12:pos+20],16))
  148. #print(self._sync)
  149. def parse_ptp_delayreq(self, reqbody):
  150. #print("delayreq body:", reqbody)
  151. pos = 0
  152. self._delayreq['originTimestamp']= int(reqbody[pos:pos+20],16)
  153. #print(self._delayreq)
  154. def parse_ptp_delayresp(self, respbody):
  155. #print("delayresp body:", respbody)
  156. pos = 0
  157. self._delayresp['receiveTimestamp']= str(int(respbody[pos+4:pos+12],16)) + "." + str(int(respbody[pos+12:pos+20],16))
  158. self._delayresp['requestingPortIdentity']= self.to_portidenty(respbody[pos+20:pos+40])
  159. #print(self._delayresp)
  160. def parse(self, bytelen, num, linelist):
  161. templine=""
  162. for i in range(0, len(linelist)):
  163. if (i == 0):
  164. self._ethline = linelist[i]
  165. self._bytelen = bytelen
  166. self._linenum = num
  167. else:
  168. line = pat_del.sub("", linelist[i])
  169. line = line.replace("\t", "");
  170. line = line.lstrip()
  171. # print(line)
  172. templine = templine + line
  173. self._conline = templine.replace(' ', '')
  174. #print('lenth=%d,line=%s' %(len(self._conline), self._conline))
  175. pos = self._ethline.find(" ")
  176. self._pkttime = self._ethline[:pos]
  177. pos = 58*2
  178. self._dmac = self.to_mac(self._conline[pos: pos+12])
  179. pos = pos + 12
  180. smac = self._conline[pos: pos+12]
  181. self._smac = self.to_mac(self._conline[pos: pos+12])
  182. #print('lenth=%d,line=%s' %(len(self._dmac), self._dmac))
  183. #print('lenth=%d,line=%s' %(len(self._smac), self._smac))
  184. pos = pos + 12
  185. if (self._conline[pos:pos+4] == "8100") or (self._conline[pos:pos+4] == "88a8"):
  186. if (self._conline[pos+8:pos+12] == "8100") or (self._conline[pos+8:pos+12] == "88a8"):
  187. svid = self._conline[pos+5:pos+8]
  188. cvid = self._conline[pos+13:pos+16]
  189. self._svid= int(svid,16)
  190. self._cvid= int(cvid,16)
  191. #print("svlan %d" %self._svid)
  192. #print("cvlan %d" %self._cvid)
  193. pos = pos + 16
  194. else:
  195. cvid = self._conline[pos+5:pos+8]
  196. pos = pos + 8
  197. #print("cvlan %d" %self._cvid)
  198. else:
  199. pass
  200. #print("cvlan 0")
  201. if (self._conline[pos:pos+4] == "88f7"):
  202. self._ethtype = "PTP"
  203. #print(self._ethtype)
  204. else:
  205. return
  206. pos = pos + 4
  207. self.parse_comm_head(self._conline[pos:pos+68])
  208. #print(self._conline[pos:pos+68])
  209. pos = pos + 68
  210. if self._commhead['mesgtype'] =="ANNO":
  211. self.parse_ptp_anno(self._conline[pos:pos+60])
  212. pos = pos + 60
  213. elif self._commhead['mesgtype'] =="SYNC":
  214. self.parse_ptp_syn(self._conline[pos:pos+20])
  215. pos = pos + 20
  216. elif self._commhead['mesgtype'] =="REQ":
  217. self.parse_ptp_delayreq(self._conline[pos:pos+20])
  218. pos = pos + 20
  219. elif self._commhead['mesgtype'] =="RESP":
  220. self.parse_ptp_delayresp(self._conline[pos:pos+40])
  221. pos = pos + 40
  222. else:
  223. pass
  224. if (self._bytelen *2 - pos > 0):
  225. self._tlv['fpgalogicid'] = int(self._conline[pos+8:pos+12],16)
  226. self._tlv['vlan'] = int(self._conline[pos+12:pos+16], 16)&0xfff
  227. nsec = (int(self._conline[pos+24:pos+32],16) *4294967296L + int(self._conline[pos+32:pos+40],16))
  228. self._tlv['rxtime'] = str(nsec /1000000000) + '.' + str(nsec%1000000000)
  229. #print(self._tlv)
  230. #print("leave:", self._bytelen *2 - pos)
  231. #print("logicportid:", self._tlv['fpgalogicid'])
  232. #print("vlan:", self._tlv['vlan'])
  233. #print("temp:", temp)
  234. #print("rxtime:", self._tlv['rxtime'])
  235. linelist=[]
  236. expnum = 0
  237. linenum = 0
  238. while True:
  239. line = sys.stdin.readline()
  240. if not line:
  241. break
  242. myline = line.strip('\n').strip('\r')
  243. if 'Ethernet' in myline:
  244. posb = myline.find("length")
  245. pose = myline.find(":", posb)
  246. bytelen = int(myline[posb+7:pose])
  247. expnum = (int)(math.ceil(float(bytelen)/16))
  248. #print('len:%d exp: %d, line:%s' %(bytelen, expnum, myline))
  249. linelist.append(myline)
  250. else:
  251. linelist.append(myline)
  252. linenum = linenum +1
  253. #print('exp: %d,linenum:%d line:%s' %(expnum,linenum, myline))
  254. if (expnum == linenum):
  255. onepacket = TpsPacket()
  256. onepacket.parse(bytelen, linenum, linelist)
  257. onepacket.dumpcomm()
  258. onepacket.dumpspecial()
  259. linelist=[]
  260. linenum = 0

 

0

1

2

3

4

5

6

7

8

9



所属网站分类: 技术文章 > 博客

作者:天青色等烟雨

链接: https://www.pythonheidong.com/blog/article/464009/d84102ac40969847bc46/

来源: python黑洞网

任何形式的转载都请注明出处,如有侵权 一经发现 必将追究其法律责任

14 0
收藏该文
已收藏

评论内容:(最多支持255个字符)