---之前都是使用wireshark捕获数据包,Pyshark同样可以完成此功能。
Pyshark底层依然是依赖Tshark,Tshark的Python包装器,允许使用wireshark dissector解析Python包,同时也可以利用Tshark捕获数据包。
具体python代码:
import pyshark
cap = pyshark.LiveCapture(interface='以太网 3') #以太网 3表示本地网卡
cap.sniff(packet_count=5) # 捕获包数为5
print(cap[0])
捕获的包显示如下:
Packet (Length: 156)
Layer ETH:
Destination: 00:d8:61:1d:6b:86 (00:d8:61:1d:6b:86)
Address: 00:d8:61:1d:6b:86 (00:d8:61:1d:6b:86)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 60:d7:55:fb:46:01 (60:d7:55:fb:46:01)
Type: IP (0x0800)
Address: 60:d7:55:fb:46:01 (60:d7:55:fb:46:01)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer IP:
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 142
Identification: 0xd943 (55619)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 249
Protocol: UDP (17)
Header checksum: 0x35f8 [validation disabled]
Good: False
Bad: False
Source: 10.113.163.58 (10.113.163.58)
Destination: 10.108.249.251 (10.108.249.251)
Source GeoIP: Unknown
Destination GeoIP: Unknown
Layer UDP:
Source Port: 1701 (1701)
Destination Port: 1701 (1701)
Length: 122
Checksum: 0x0000 (none)
Good Checksum: False
Bad Checksum: False
Stream index: 0
Layer L2TP:
Packet Type: Data Message Tunnel Id=2 Session Id=1
0... .... .... .... = Type: Data Message (0)
.0.. .... .... .... = Length Bit: Length field is not present
.... 0... .... .... = Sequence Bit: Ns and Nr fields are not present
.... ..0. .... .... = Offset bit: Offset size field is not present
.... ...0 .... .... = Priority: No priority
.... .... .... 0010 = Version: 2
Tunnel ID: 2
Session ID: 1
Layer PPP:
Address: 0xff
Control: 0x03
Protocol: Internet Protocol version 4 (0x0021)
Layer IP:
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 104
Identification: 0x13b4 (5044)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (6)
Header checksum: 0x40cd [validation disabled]
Good: False
Bad: False
Source: 8.38.81.172 (8.38.81.172)
Destination: 8.38.136.7 (8.38.136.7)
Source GeoIP: Unknown
Destination GeoIP: Unknown
Layer TCP:
Source Port: 22 (22)
Destination Port: 1108 (1108)
Stream index: 0
TCP Segment Len: 64
Sequence number: 1 (relative sequence number)
Next sequence number: 65 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
.... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 1973
Calculated window size: 1973
Window size scaling factor: -1 (unknown)
Checksum: 0x65c9 [validation disabled]
Good Checksum: False
Bad Checksum: False
Urgent pointer: 0
SEQ/ACK analysis
Bytes in flight: 64
Layer SSH:
Packet Length (encrypted): 81a2ffde
Encrypted Packet: e10e5bddce702adc6c9e1902d8f23942c6206f9309d4f7a4...
