I have PcapNG files created by Wireshark, which I try to parse with python-pcapng.
However, I cannot figure out how to reconcile the output I receive from FileScanner's packet_payload_info with the 802.11 Data frame format:
This is the output I get (my code is at the bottom):
magic_number 0xa0d0d0a
SectionHeader(version_major=1, version_minor=0, section_length=-1, options=Options({'shb_userappl': [u'Dumpcap 1.12.4 (v1.12.4-0-gb4861da from master-1.12)'], 'shb_os': [u'Mac OS X 10.10.2, build 14C109 (Darwin 14.1.0)']}))
magic_number 0x1
InterfaceDescription(link_type=127, reserved='\x00\x00', snaplen=262144, options=Options({'if_os': [u'Mac OS X 10.10.2, build 14C109 (Darwin 14.1.0)'], 'if_tsresol': [6], 'if_name': [u'en1']}))
magic_number 0x6
EnhancedPacket(interface_id=0, timestamp_high=332139, timestamp_low=2801116064L, packet_payload_info=(45, 45, '\x00\x00\x19\x00o\x08\x00\x00I\xb2&\x00\x00\x00\x00\x12\x18q\[email protected]\x01\xb1\xaa\x00\xb4\x00\x90\x00\xf4\x0f\x1b\xb8sL\x92\x175\x00\x01\xe3\xcf\x00\x12'), options=Options({}))
packet_payload_info : (45, 45, '\x00\x00\x19\x00o\x08\x00\x00I\xb2&\x00\x00\x00\x00\x12\x18q\[email protected]\x01\xb1\xaa\x00\xb4\x00\x90\x00\xf4\x0f\x1b\xb8sL\x92\x175\x00\x01\xe3\xcf\x00\x12')
packet_payload_data (hex): 00 00 19 00 6F 08 00 00 60 49 B2 26 00 00 00 00 12 18 71 16 40 01 B1 AA 00 B4 00 90 00 F4 0F 1B B8 73 4C 60 92 17 35 00 01 E3 CF 00 12
packet_payload_data (bin): 00000000 00000000 00011001 00000000 01101111 00001000 00000000 00000000 01100000 01001001 10110010 00100110 00000000 00000000 00000000 00000000 00010010 00011000 01110001 00010110 01000000 00000001 10110001 10101010 00000000 10110100 00000000 10010000 00000000 11110100 00001111 00011011 10111000 01110011 01001100 01100000 10010010 00010111 00110101 00000000 00000001 11100011 11001111 00000000 00010010
Could you tell me where does the packet_payload_data fit in the 802.11 Data frame?*
*i.e., where does its first byte fit in the frame
Python code:
#!/usr/bin/env python
from pcapng import FileScanner
def hex_str_to_num(hex_str,out_format='X'):
if out_format.upper() == 'B':
return ' '.join(format(ord(x), out_format).zfill(8) for x in hex_str)
else:
return ' '.join(format(ord(x), out_format).zfill(2) for x in hex_str)
PCAPNG = "/cygdrive/c/tmp/LivePerson/lana/trace3.pcapng"
MAX = 3
ENHANCEDPACKET_ID = 6
with open(PCAPNG, "r") as pcapng_file:
scanner = FileScanner(pcapng_file)
counter = MAX
for block in scanner:
print
print "magic_number",hex(block.magic_number)
print block
if block.magic_number == ENHANCEDPACKET_ID:
print
payload_data = block.packet_payload_info[2]
print "packet_payload_info :",block.packet_payload_info,"\n"
print "packet_payload_data (hex):",hex_str_to_num(payload_data,"X"),"\n"
print "packet_payload_data (bin):",hex_str_to_num(payload_data,"b")
counter -= 1
if not counter:
break</code></pre></div><div id="question-tags" class="tags-container tags"><span class="post-tag tag-link-python" rel="tag" title="see questions tagged 'python'">python</span> <span class="post-tag tag-link-pcapng" rel="tag" title="see questions tagged 'pcapng'">pcapng</span> <span class="post-tag tag-link-802.11" rel="tag" title="see questions tagged '802.11'">802.11</span> <span class="post-tag tag-link-wireshark" rel="tag" title="see questions tagged 'wireshark'">wireshark</span> <span class="post-tag tag-link-wifi" rel="tag" title="see questions tagged 'wifi'">wifi</span></div><div id="question-controls" class="post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>asked <strong>30 Mar '15, 11:06</strong></p><img src="https://secure.gravatar.com/avatar/49126502d466d76912a86cec6cbcf0e2?s=32&d=identicon&r=g" class="gravatar" width="32" height="32" alt="ronbarak's gravatar image" /><p><span>ronbarak</span><br />
10●2●2●5
accept rate: 0%
