我正在尝试使用 gopacket 来解析 .pcap 文件的数据包,并几乎获取其中的所有信息,直到现在,如果我尝试使用过滤器,我要么得到截断的信息,要么得到错误。
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
//"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "myFile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
fmt.Println
}
}
返回:
PACKET: 122 bytes, wire length 122 cap length 122 @ 2017-06-11 02:57:03.133873 +0100 WEST
- Layer 1 (36 bytes) = RadioTap {Contents=[..36..] Payload=[..86..] Version=0 Length=36 Present=2684370991 TSFT=661956589449 Flags=FCS Rate=1 Mb/s ChannelFrequency=2412 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-91 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=0 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11 {Contents=[..24..] Payload=[..58..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=0 Address1=11:22:33:44:55:66 Address2=00:11:22:33:44:55 Address3=11:22:33:44:55:66 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=4262477891}
- Layer 3 (58 bytes) = Dot11WEP {Contents=[..58..] Payload=[]}
PACKET: 116 bytes, wire length 116 cap length 116 @ 2017-06-11 02:57:03.243457 +0100 WEST
- Layer 1 (18 bytes) = RadioTap {Contents=[..18..] Payload=[..102..] Version=0 Length=18 Present=18478 TSFT=0 Flags= Rate=1 Mb/s ChannelFrequency=2417 MHz ChannelFlags=CCK,Ghz2 FHSS=0 DBMAntennaSignal=-25 DBMAntennaNoise=0 LockQuality=0 TxAttenuation=0 DBTxAttenuation=0 DBMTxPower=0 Antenna=1 DBAntennaSignal=0 DBAntennaNoise=0 RxFlags= TxFlags= RtsRetries=0 DataRetries=0 MCS= AMPDUStatus=ref#0 VHT=}
- Layer 2 (24 bytes) = Dot11 {Contents=[..24..] Payload=[..74..] Type=DataQOSData Proto=0 Flags=TO-DS,WEP DurationID=314 Address1=00:11:22:33:44:55 Address2=11:22:33:44:55:66 Address3=00:11:22:33:44:55 Address4= SequenceNumber=0 FragmentNumber=0 Checksum=412506031}
- Layer 3 (74 bytes) = Dot11WEP {Contents=[..74..] Payload=[]}
我想查看例如数据包的 SSID 或每一层内的更多信息,但每次我尝试深入了解我得到的项目时:
RadioTap
Dot11
Dot11WEP
RadioTap
Dot11
Dot11WEP
上述输出的代码
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
//"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "myFile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
for _, p := range packet.Layers() {
for _, b := range p.LayerType() {
fmt.Println(b)
}
}
}
}
但实际上我想从 Dot11 层知道 SSID/BSSID 和 packtet 内的标志。
最佳答案
package main
import (
"fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
"github.com/google/gopacket/layers"
"log"
)
var (
pcapFile string = "Network_Join_Nokia_Mobile.pcap"
handle *pcap.Handle
err error
)
func main() {
// Open file instead of device
handle, err = pcap.OpenOffline(pcapFile)
if err != nil { log.Fatal(err) }
defer handle.Close()
// Loop through packets in file
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
fmt.Println(packet.Metadata().CaptureInfo.Timestamp)
dot11 := packet.Layer(layers.LayerTypeDot11)
if nil != dot11 {
dot11, _ := dot11.(*layers.Dot11)
// the flags are empty in many of the packets of this example capture file
fmt.Printf("BSSID: %v Flags: %+v\n", dot11.Address3, dot11.Flags)
}
dot11info := packet.Layer(layers.LayerTypeDot11InformationElement)
// some wlan frames contain these with the SSID, usually beacons, probes and association requests
if nil != dot11info {
dot11info, _ := dot11info.(*layers.Dot11InformationElement)
if dot11info.ID == layers.Dot11InformationElementIDSSID {
fmt.Printf("SSID: %q\n", dot11info.Info)
}
}
fmt.Printf("\n")
}
}
部分输出带有example file Network_Join_Nokia_Mobile.pcap from Wireshark :
2000-01-01 00:05:04.913478 +0000 UTC
BSSID: 00:01:e3:41:bd:6e Flags: Retry
SSID: "martinet3"
请注意,您在问题中使用的捕获文件不包含包含 SSID 的层的帧。
关于gopacket解析Dot11层,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44927227/
我有一个字符串input="maybe(thisis|thatwas)some((nice|ugly)(day|night)|(strange(weather|time)))"Ruby中解析该字符串的最佳方法是什么?我的意思是脚本应该能够像这样构建句子:maybethisissomeuglynightmaybethatwassomenicenightmaybethiswassomestrangetime等等,你明白了......我应该一个字符一个字符地读取字符串并构建一个带有堆栈的状态机来存储括号值以供以后计算,还是有更好的方法?也许为此目的准备了一个开箱即用的库?
我主要使用Ruby来执行此操作,但到目前为止我的攻击计划如下:使用gemsrdf、rdf-rdfa和rdf-microdata或mida来解析给定任何URI的数据。我认为最好映射到像schema.org这样的统一模式,例如使用这个yaml文件,它试图描述数据词汇表和opengraph到schema.org之间的转换:#SchemaXtoschema.orgconversion#data-vocabularyDV:name:namestreet-address:streetAddressregion:addressRegionlocality:addressLocalityphoto:i
我正在使用ruby1.9解析以下带有MacRoman字符的csv文件#encoding:ISO-8859-1#csv_parse.csvName,main-dialogue"Marceu","Giveittohimóhe,hiswife."我做了以下解析。require'csv'input_string=File.read("../csv_parse.rb").force_encoding("ISO-8859-1").encode("UTF-8")#=>"Name,main-dialogue\r\n\"Marceu\",\"Giveittohim\x97he,hiswife.\"\
简而言之错误:NOTE:Gem::SourceIndex#add_specisdeprecated,useSpecification.add_spec.Itwillberemovedonorafter2011-11-01.Gem::SourceIndex#add_speccalledfrom/opt/local/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:91./opt/local/lib/ruby/gems/1.8/gems/rails-2.3.8/lib/rails/gem_dependency.rb:275:in`==':und
运行bundleinstall后出现此错误:Gem::Package::FormatError:nometadatafoundin/Users/jeanosorio/.rvm/gems/ruby-1.9.3-p286/cache/libv8-3.11.8.13-x86_64-darwin-12.gemAnerroroccurredwhileinstallinglibv8(3.11.8.13),andBundlercannotcontinue.Makesurethat`geminstalllibv8-v'3.11.8.13'`succeedsbeforebundling.我试试gemin
我正在使用ruby2.1.0我有一个json文件。例如:test.json{"item":[{"apple":1},{"banana":2}]}用YAML.load加载这个文件安全吗?YAML.load(File.read('test.json'))我正在尝试加载一个json或yaml格式的文件。 最佳答案 YAML可以加载JSONYAML.load('{"something":"test","other":4}')=>{"something"=>"test","other"=>4}JSON将无法加载YAML。JSON.load("
我想用Nokogiri解析HTML页面。页面的一部分有一个表,它没有使用任何特定的ID。是否可以提取如下内容:Today,3,455,34Today,1,1300,3664Today,10,100000,3444,Yesterday,3454,5656,3Yesterday,3545,1000,10Yesterday,3411,36223,15来自这个HTML:TodayYesterdayQntySizeLengthLengthSizeQnty345534345456563113003664354510001010100000344434113622315
我使用的第一个解析器生成器是Parse::RecDescent,它的指南/教程很棒,但它最有用的功能是它的调试工具,特别是tracing功能(通过将$RD_TRACE设置为1来激活)。我正在寻找可以帮助您调试其规则的解析器生成器。问题是,它必须用python或ruby编写,并且具有详细模式/跟踪模式或非常有用的调试技术。有人知道这样的解析器生成器吗?编辑:当我说调试时,我并不是指调试python或ruby。我指的是调试解析器生成器,查看它在每一步都在做什么,查看它正在读取的每个字符,它试图匹配的规则。希望你明白这一点。赏金编辑:要赢得赏金,请展示一个解析器生成器框架,并说明它的
我正在运行Ubuntu11.10并像这样安装Ruby1.9:$sudoapt-getinstallruby1.9rubygems一切都运行良好,但ri似乎有空文档。ri告诉我文档是空的,我必须安装它们。我执行此操作是因为我读到它会有所帮助:$rdoc--all--ri现在,当我尝试打开任何文档时:$riArrayNothingknownaboutArray我搜索的其他所有内容都是一样的。 最佳答案 这个呢?apt-getinstallri1.8编辑或者试试这个:(非rvm)geminstallrdocrdoc-datardoc-da
我有这样的HTML代码:Label1Value1Label2Value2...我的代码不起作用。doc.css("first").eachdo|item|label=item.css("dt")value=item.css("dd")end显示所有首先标记,然后标记标签,我需要“标签:值” 最佳答案 首先,您的HTML应该有和中的元素:Label1Value1Label2Value2...但这不会改变您解析它的方式。你想找到s并遍历它们,然后在每个你可以使用next_element得到;像这样:doc=Nokogiri::HTML(