I've tried several different things and crawled around on lots of forums looking for an answer to this question.
我尝试了好几种不同的方法,在很多论坛上爬来爬去,寻找这个问题的答案。
My goal is to simply parse through a wireshark .pcap-ng trace file using Python. From what I can gather, it seems like I need a libpcap wrapper for Python or perhaps WinCap (PyCapy?)
我的目标是使用Python简单地解析wireshark .pcap-ng跟踪文件。从我所能收集到的信息来看,似乎我需要一个用于Python或WinCap (PyCapy?)的libpcap包装器。
I'm relatively new to Python, so if you all have any pointers on how to install this module please let me know. Earlier I had a 32bit version of Python installed and found a win32 installer and was able to parse through .pcap files but I really want to be able to parse through the .pcapng files. Thanks guys, ~Kyte
我对Python比较陌生,所以如果你们都有关于如何安装这个模块的建议,请告诉我。早些时候,我安装了一个32位的Python版本,并找到了一个win32安装程序,并且能够解析.pcap文件,但是我真的希望能够解析.pcapng文件。谢谢各位,~肚子
2 个解决方案
#1
1
Sadly, this is Windows, so WinPcap won't help; libpcap 1.1.0 and later can read pcap-ng files, but there is currently no version of WinPcap based on a version of libpcap with pcap-ng support.
不幸的是,这是Windows,所以WinPcap不会有帮助;libpcap 1.1.0和以后的版本都可以读取pcap-ng文件,但是目前还没有基于libpcap版本的WinPcap版本的WinPcap版本。
I.e., currently, the first piece of software to try would be VirtualBox, Parallels Workstation, or VMware Workstation, and the next piece of software to try would be some Linux distribution running on your Windows machine under the virtualization software. Sorry.
即。目前,要尝试的第一个软件将是VirtualBox、Parallels工作站或VMware工作站,而要尝试的下一个软件将是在虚拟化软件下的Windows机器上运行的一些Linux发行版。对不起。
(Yes, I have to find the time to do some libpcap infrastructure work to make it easier for the WinPcap people to make their remote capture support work with newer versions of libpcap. Sadly, there are only 24 hours in a day, and a ton of other things to do competing for the hours that remain after such frivolities as eating and sleeping. :-))
(是的,我必须花时间做一些libpcap基础设施工作,以便WinPcap人员更容易地使他们的远程捕获支持与libpcap的更新版本一起工作。可悲的是,一天只有24小时,在诸如吃饭和睡觉这样的无聊活动之后,还有很多其他的事情要做。:-))
A workaround for that particular issue would be either to save a capture from Wireshark in pcap format rather than pcap-ng format or to use Wireshark tools such as editcap (which can handle pcap-ng files on Windows, as they don't use libpcap/WinPcap to read capture files) to convert from pcap-ng to pcap.
解决了这个问题将会拯救一个捕获pcap Wireshark的格式而不是pcap-ng格式或使用Wireshark工具如editcap(可以处理pcap-ng文件在Windows上,他们不使用libpcap / WinPcap读捕获文件)将从pcap-ng pcap。
There are a couple of Python wrappers for libpcap/WinPcap - python-libpcap and Pcapy. The python-libpcap page has a daemon and a penguin on it, so they're only advertising BSD and Linux support; it might work on other UN*Xes, as there shouldn't be major differences in the way you hook into libpcap, but might not work on Windows. Pcapy, however, explicitly mentions WinPcap and Win32 binaries.
libpcap/WinPcap - Python -libpcap和Pcapy有两个Python包装器。python-libpcap页面上有一个守护进程和一个企鹅,所以他们只是在宣传BSD和Linux支持;它可能适用于其他UN*Xes,因为在您连接到libpcap的方式上不应该有重大的区别,但是可能不适用于Windows。但是,Pcapy显式地提到了WinPcap和Win32二进制文件。
#2
#1
1
Sadly, this is Windows, so WinPcap won't help; libpcap 1.1.0 and later can read pcap-ng files, but there is currently no version of WinPcap based on a version of libpcap with pcap-ng support.
不幸的是,这是Windows,所以WinPcap不会有帮助;libpcap 1.1.0和以后的版本都可以读取pcap-ng文件,但是目前还没有基于libpcap版本的WinPcap版本的WinPcap版本。
I.e., currently, the first piece of software to try would be VirtualBox, Parallels Workstation, or VMware Workstation, and the next piece of software to try would be some Linux distribution running on your Windows machine under the virtualization software. Sorry.
即。目前,要尝试的第一个软件将是VirtualBox、Parallels工作站或VMware工作站,而要尝试的下一个软件将是在虚拟化软件下的Windows机器上运行的一些Linux发行版。对不起。
(Yes, I have to find the time to do some libpcap infrastructure work to make it easier for the WinPcap people to make their remote capture support work with newer versions of libpcap. Sadly, there are only 24 hours in a day, and a ton of other things to do competing for the hours that remain after such frivolities as eating and sleeping. :-))
(是的,我必须花时间做一些libpcap基础设施工作,以便WinPcap人员更容易地使他们的远程捕获支持与libpcap的更新版本一起工作。可悲的是,一天只有24小时,在诸如吃饭和睡觉这样的无聊活动之后,还有很多其他的事情要做。:-))
A workaround for that particular issue would be either to save a capture from Wireshark in pcap format rather than pcap-ng format or to use Wireshark tools such as editcap (which can handle pcap-ng files on Windows, as they don't use libpcap/WinPcap to read capture files) to convert from pcap-ng to pcap.
解决了这个问题将会拯救一个捕获pcap Wireshark的格式而不是pcap-ng格式或使用Wireshark工具如editcap(可以处理pcap-ng文件在Windows上,他们不使用libpcap / WinPcap读捕获文件)将从pcap-ng pcap。
There are a couple of Python wrappers for libpcap/WinPcap - python-libpcap and Pcapy. The python-libpcap page has a daemon and a penguin on it, so they're only advertising BSD and Linux support; it might work on other UN*Xes, as there shouldn't be major differences in the way you hook into libpcap, but might not work on Windows. Pcapy, however, explicitly mentions WinPcap and Win32 binaries.
libpcap/WinPcap - Python -libpcap和Pcapy有两个Python包装器。python-libpcap页面上有一个守护进程和一个企鹅,所以他们只是在宣传BSD和Linux支持;它可能适用于其他UN*Xes,因为在您连接到libpcap的方式上不应该有重大的区别,但是可能不适用于Windows。但是,Pcapy显式地提到了WinPcap和Win32二进制文件。