Issue 98 in dpkt: incorrect parsing of pcap using tutorial
30 views
Skip to first unread message
dp...@googlecode.com
Oct 18, 2012, 9:59:01 AM10/18/12
to dp...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 98 by SoCg...@gmail.com: incorrect parsing of pcap using tutorial
http://code.google.com/p/dpkt/issues/detail?id=98
running basic example
(http://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/)
What steps will reproduce the problem?
1. dpkt.pcap.Reader(open('small.pcap'))
2. for ts, buf in pcap:
print ts, len(buf)
3. for ts in pcap:
print ts
print '\n\n'
What is the expected output? What do you see instead?
For 2) I expect 6 packets with correct length
For 3) I expect a dump of these packets
What version of the product are you using? On what operating system?
python 2.7, dpkt 1.7. winxp64
Please provide any additional information below.
** see attached small.pcap **
IDLE output:
f.close()
>>> f = open('small.pcap')
>>> pcap = dpkt.pcap.Reader(f)
>>> for ts, buf in pcap:
print ts, len(buf)
1257564308.83 74
1257564308.83 1314
301989889.0 501
>>> for ts in pcap:
print ts
print '\n\n'
(1257564308.831935, '\x00"u`7\x98\x00!jnZ\x9e\x08\x00E\x00\x00<\x87\x9c\x00\x00\x80\x11-\xbe\xc0\xa8\x02\x05\xc0\xa8\x02\x01\xdeO\x005\x00(\x95\xfdw\x1d\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\x06google\x03com\x00\x00\x01\x00\x01')
(1257564308.832856, '\x00"u`7\x98\x00!jnZ\x9e\x08\x00E\x00\x05\x14\x87\x9f@\x00\x80\x06\xc1F\xc0\xa8\x02\x05@\xe9\xa9g\x05\xef\x00P4\x9b)\xc5J\x89\xf4\x15P\x10\xfe0\xf4\x12\x00\x00GET
/ig
HTTP/1.1\nHost: www.google.com\nUser-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR
3.5.30729)\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language:
en-us,en;q=0.5\nAccept-Encoding: gzip,deflate\nAccept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7\nKeep-Alive: 300\nConnection:
keep-alive\nCookie:
IGTP=LI=1:TP=H4sIAAAAAAAAAONgkJjbfuMai8ICEOlVzKEgwazA4MEYsbh18nmWAoZNjLHcAg0Xe1mkQrjsM0pKCqz09cvLy_XS8_PTc1L1kvNz9TPT9XPzU0pzUov1K_NLS0qTUuMzIdL6ZUYwIb2K3ByB70zaRlzFqYlFyRkhqUW5Vgw6PAcYGbxCgJYyAS1lRlhqB7XUlEuXoKUpiSWpJZm5ECt6GAN6GMGminJwSjAqMGgxeLDAzAUJK3OIAIUZDRg9WCNu7p0BsY6bW6DjaTeLFJNGLdRFkkAXMWrZGloZKxhZKSG5ITkvD-yAgsSikrzUomJ9qFeB4vEl-QXFJflFmanFekXFxUpAO9gjPjz5fgFidQA4oLsYmVLzJjEylRavYGTazLiDkfUAI-8KVo4tjL8YeTgYhFg88nNTlRgMWLqYgWomMQNVX2a-wfwfBhivMD9i5uNiKy4wMjA3FQCbiRCwEPg4c-N1FgAnVxYu1gEAAA:LM=1257000177;
PREF=ID=a7bc40a4c52f9f8e:U=121cc5ce7d72364f:TM=1256417243:LM=1256417243:GM=1:S=V9IwSc81krCxBxCX;
NID=28=WzEdhqkdZL4Yt4x7yr1pyvOuHft5TyzM8bGI3SrV7_zVUtk8m37VzcV5yvEk1TSHLQki10MtU31_q7EURAiJv6_LUgY-qmLACa4K_S0mSuNjSm0g3psS30cn4eb19v3_;
SID=DQAAAIgAAAAPpOBzTIZ1H9JlJl2owiy3Y8kpwWvBBTZeEZ9xZS7BFoJ3Vd0OXHeqf5l5qNalGKuek0Fajb9kR76Pk_PWEG4xm6a3S-qhrp\x94\xe8\xf4J\x80\xb5\x0c\x00\x12')
(301989889.000001, 'nZ\x9e\x08\x00E\x00\x01\x04\x87\xa0@\x00\x80\x06\xc5U\xc0\xa8\x02\x05@\xe9\xa9g\x05\xef\x00P4\x9b.\xb1J\x89\xf4\x15P\x18\xfe04\x8d\x00\x00iYE7knIv3ObzszsflsrPDhZgmVstXHv7i8I5fn7B1GtQSZITVNgl9MaVRBRTMPRBucQHNF2e3id4varIWgkUZ67Elznmmy4NQ;
HSID=A2eJgOSPEdKT85c8b;
TZ=300\nIf-Modified-Since: Sat, 07 Nov 2009
03:20:06 GMT\nIf-None-Match:
15245993542772299237\n\n\x94\xe8\xf4J1\x17\r\x00\xbe\x00\x00\x00\xbe\x00\x00\x00\x00!jnZ\x9e\x00"u`7\x98\x08\x00E\x00\x00\xb0\x00\x00@\x00@\x11\xb4\xe6\xc0\xa8\x02\x01\xc0\xa8\x02\x05\x005\xdeO\x00\x9c\xf3\xb8w\x1d\x81\x80\x00\x01\x00\x07\x00\x00\x00\x00\x03www\x06google\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x05\x00\x01\x00\x00"Y\x00\x08\x03www\x01l\xc0\x10\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9j\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9i\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9\x93\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9g\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9h\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9c\x94\xe8\xf4J\x07+\r\x006\x00\x00\x006\x00\x00\x00\x00!jnZ\x9e\x00"u`7\x98\x08\x00E\x00\x00(')
** Several bytes not read from file. Looks like the pcap length fields get
screwed up at the third packet.
Back to my home rolled solution... for now at least.
Jerry
Attachments:
small.pcap 2.2 KB
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 98 by SoCg...@gmail.com: incorrect parsing of pcap using tutorial
http://code.google.com/p/dpkt/issues/detail?id=98
running basic example
(http://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/)
What steps will reproduce the problem?
1. dpkt.pcap.Reader(open('small.pcap'))
2. for ts, buf in pcap:
print ts, len(buf)
3. for ts in pcap:
print ts
print '\n\n'
What is the expected output? What do you see instead?
For 2) I expect 6 packets with correct length
For 3) I expect a dump of these packets
What version of the product are you using? On what operating system?
python 2.7, dpkt 1.7. winxp64
Please provide any additional information below.
** see attached small.pcap **
IDLE output:
f.close()
>>> f = open('small.pcap')
>>> pcap = dpkt.pcap.Reader(f)
>>> for ts, buf in pcap:
print ts, len(buf)
1257564308.83 74
1257564308.83 1314
301989889.0 501
>>> for ts in pcap:
print ts
print '\n\n'
(1257564308.831935, '\x00"u`7\x98\x00!jnZ\x9e\x08\x00E\x00\x00<\x87\x9c\x00\x00\x80\x11-\xbe\xc0\xa8\x02\x05\xc0\xa8\x02\x01\xdeO\x005\x00(\x95\xfdw\x1d\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\x06google\x03com\x00\x00\x01\x00\x01')
(1257564308.832856, '\x00"u`7\x98\x00!jnZ\x9e\x08\x00E\x00\x05\x14\x87\x9f@\x00\x80\x06\xc1F\xc0\xa8\x02\x05@\xe9\xa9g\x05\xef\x00P4\x9b)\xc5J\x89\xf4\x15P\x10\xfe0\xf4\x12\x00\x00GET
/ig
HTTP/1.1\nHost: www.google.com\nUser-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR
3.5.30729)\nAccept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language:
en-us,en;q=0.5\nAccept-Encoding: gzip,deflate\nAccept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7\nKeep-Alive: 300\nConnection:
keep-alive\nCookie:
IGTP=LI=1:TP=H4sIAAAAAAAAAONgkJjbfuMai8ICEOlVzKEgwazA4MEYsbh18nmWAoZNjLHcAg0Xe1mkQrjsM0pKCqz09cvLy_XS8_PTc1L1kvNz9TPT9XPzU0pzUov1K_NLS0qTUuMzIdL6ZUYwIb2K3ByB70zaRlzFqYlFyRkhqUW5Vgw6PAcYGbxCgJYyAS1lRlhqB7XUlEuXoKUpiSWpJZm5ECt6GAN6GMGminJwSjAqMGgxeLDAzAUJK3OIAIUZDRg9WCNu7p0BsY6bW6DjaTeLFJNGLdRFkkAXMWrZGloZKxhZKSG5ITkvD-yAgsSikrzUomJ9qFeB4vEl-QXFJflFmanFekXFxUpAO9gjPjz5fgFidQA4oLsYmVLzJjEylRavYGTazLiDkfUAI-8KVo4tjL8YeTgYhFg88nNTlRgMWLqYgWomMQNVX2a-wfwfBhivMD9i5uNiKy4wMjA3FQCbiRCwEPg4c-N1FgAnVxYu1gEAAA:LM=1257000177;
PREF=ID=a7bc40a4c52f9f8e:U=121cc5ce7d72364f:TM=1256417243:LM=1256417243:GM=1:S=V9IwSc81krCxBxCX;
NID=28=WzEdhqkdZL4Yt4x7yr1pyvOuHft5TyzM8bGI3SrV7_zVUtk8m37VzcV5yvEk1TSHLQki10MtU31_q7EURAiJv6_LUgY-qmLACa4K_S0mSuNjSm0g3psS30cn4eb19v3_;
SID=DQAAAIgAAAAPpOBzTIZ1H9JlJl2owiy3Y8kpwWvBBTZeEZ9xZS7BFoJ3Vd0OXHeqf5l5qNalGKuek0Fajb9kR76Pk_PWEG4xm6a3S-qhrp\x94\xe8\xf4J\x80\xb5\x0c\x00\x12')
(301989889.000001, 'nZ\x9e\x08\x00E\x00\x01\x04\x87\xa0@\x00\x80\x06\xc5U\xc0\xa8\x02\x05@\xe9\xa9g\x05\xef\x00P4\x9b.\xb1J\x89\xf4\x15P\x18\xfe04\x8d\x00\x00iYE7knIv3ObzszsflsrPDhZgmVstXHv7i8I5fn7B1GtQSZITVNgl9MaVRBRTMPRBucQHNF2e3id4varIWgkUZ67Elznmmy4NQ;
HSID=A2eJgOSPEdKT85c8b;
TZ=300\nIf-Modified-Since: Sat, 07 Nov 2009
03:20:06 GMT\nIf-None-Match:
15245993542772299237\n\n\x94\xe8\xf4J1\x17\r\x00\xbe\x00\x00\x00\xbe\x00\x00\x00\x00!jnZ\x9e\x00"u`7\x98\x08\x00E\x00\x00\xb0\x00\x00@\x00@\x11\xb4\xe6\xc0\xa8\x02\x01\xc0\xa8\x02\x05\x005\xdeO\x00\x9c\xf3\xb8w\x1d\x81\x80\x00\x01\x00\x07\x00\x00\x00\x00\x03www\x06google\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x05\x00\x01\x00\x00"Y\x00\x08\x03www\x01l\xc0\x10\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9j\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9i\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9\x93\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9g\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9h\xc0,\x00\x01\x00\x01\x00\x00\x00s\x00\x04@\xe9\xa9c\x94\xe8\xf4J\x07+\r\x006\x00\x00\x006\x00\x00\x00\x00!jnZ\x9e\x00"u`7\x98\x08\x00E\x00\x00(')
** Several bytes not read from file. Looks like the pcap length fields get
screwed up at the third packet.
Back to my home rolled solution... for now at least.
Jerry
Attachments:
small.pcap 2.2 KB
dp...@googlecode.com
Nov 13, 2012, 8:10:43 AM11/13/12
to dp...@googlegroups.com
Comment #1 on issue 98 by ruy.su...@gmail.com: incorrect parsing of pcap
using tutorial
http://code.google.com/p/dpkt/issues/detail?id=98
OK, you must open file binary mode.
Test follow code.
f = open('small.pcap','rb')
dp...@googlecode.com
Dec 25, 2014, 2:05:23 AM12/25/14
to dp...@googlegroups.com
Updates:
Status: WontFix
Owner: kba...@in2void.com
Comment #2 on issue 98 by kba...@in2void.com: incorrect parsing of pcap
using tutorial
https://code.google.com/p/dpkt/issues/detail?id=98
When opening a binary file on Windows, always use open() with 'rb'.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Status: WontFix
Owner: kba...@in2void.com
Comment #2 on issue 98 by kba...@in2void.com: incorrect parsing of pcap
using tutorial
https://code.google.com/p/dpkt/issues/detail?id=98
When opening a binary file on Windows, always use open() with 'rb'.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages