问题
I'm writing python program to build mac-address cache using pcap. But pcap module for python has no good documentation. I have found this page http://pylibpcap.sourceforge.net/ with code example and it works fine.
Can anybody modify this example to make it able to show the source mac-address for each packet? Or point me to the documentation where I can read about it ...
updated
Here is a code part where information about mac addresses were cut.
def print_packet(pktlen, data, timestamp):
if not data:
return
if data[12:14]=='\x08\x00':
decoded=decode_ip_packet(data[14:])
print '\n%s.%f %s > %s' % (time.strftime('%H:%M',
time.localtime(timestamp)),
timestamp % 60,
decoded['source_address'],
decoded['destination_address'])
for key in ['version', 'header_len', 'tos', 'total_len', 'id',
'flags', 'fragment_offset', 'ttl']:
print ' %s: %d' % (key, decoded[key])
print ' protocol: %s' % protocols[decoded['protocol']]
print ' header checksum: %d' % decoded['checksum']
print ' data:'
dumphex(decoded['data'])
First 14 octets in data are destination, source mac-addr and ether type.
decoded=decode_ip_packet(data[14:])
I need to parse them to get this info. Task is done.
回答1:
Google "Ethernet frame formats". The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address.
This Wikipedia page may help.
回答2:
Oh my god man, why are you doing this ? Use Scapy instead.
来源:https://stackoverflow.com/questions/3014218/python-and-libpcap-find-source-mac-address-of-packet