IP and Udp layer not recognised by scapy and jnetpcap for pcap files generated by NS3
437 views
Skip to first unread message
Anuja Tayal
May 28, 2018, 1:43:44 AM5/28/18
to ns-3-users
While reading pcap files generated by NS3 in scapy(python), I am not able to read the file and getting the following warning
WARNING: PcapReader: unknown LL type [9]/[0x9]. Using Raw packets
<IP from matrix-random-8-5.pcap: TCP:0 UDP:0 ICMP:0 Other:0>
I am not able to extract IP layer. While IP and Udp layer both are present in the pcap file.
I tried doing the same using JNetPcap(java), I am able to read the file. But it is not recognising IP or UDP header.
The code for scapy as well as of jnetpcap is running perfectly and giving the output for other pcap files that are not generated by NS3. I am facing the problem for pcaps generated by NS3 only.
I am trying to calculate the total number of packets generated per minute for every source-destination pair.
I am attaching sample pcap file.
Please guide me why I am facing the problem.
Tom Henderson
May 28, 2018, 12:37:33 PM5/28/18
to ns-3-...@googlegroups.com, Anuja Tayal
On 05/27/2018 10:43 PM, Anuja Tayal wrote:
> While reading pcap files generated by NS3 in scapy(python), I am not
> able to read the file and getting the following warning
> WARNING: PcapReader: unknown LL type [9]/[0x9].
> Using Raw packets
>
> <*IP from matrix-random-8-5.pcap*: TCP:0UDP:0ICMP:0Other:0>
> While reading pcap files generated by NS3 in scapy(python), I am not
> able to read the file and getting the following warning
> WARNING: PcapReader: unknown LL type [9]/[0x9].
> Using Raw packets
>
>
> I am not able to extract IP layer. While IP and Udp layer both are
> present in the pcap file.
The pcap trace does not have link level framing headers; packet records
> I am not able to extract IP layer. While IP and Udp layer both are
> present in the pcap file.
start with the PPP layer. While tcpdump can handle this, it seems that
scapy cannot.
To see this, try the following command:
$ tcpdump -r matrix-random-8-5.pcap -X -nn -tt |less
13.158400 IP 10.0.0.81.49153 > 10.0.0.18.9: UDP, length 1448
0x0000: 0021 4500 05c4 0000 0000 4011 0000 0a00 .!E.......@.....
0x0010: 0051 0a00 0012 c001 0009 05b0 0000 0000 .Q..............
You can see that the first two bytes are '0x0021' (for IP encapsulated
by PPP) followed by the IPv4 header '0x4500'.
It seems that your trace was generated from the ns-3
PointToPointNetDevice model, which does not model an underlying framing
such as PPPoE or HDLC.
Perhaps the workaround to try, if you need to use scapy, is to convert
the interface that you want to trace from into a CsmaNetDevice, and
trace there (where an Ethernet-like header will be appended).
- Tom
Anuja Tayal
Jun 1, 2018, 4:29:52 AM6/1/18
to ns-3-users
Thanks a lot. Using CsmaNetDevice, I was able to read IP header using PCAP files generated.
However I was not able to visualise the links and simulation using NetAnim.
Please guide me to the problem I am facing.
For reference, I am attaching the NetAnim file
Reply all
Reply to author
Forward
0 new messages