我正在尝试使用 pyshark 访问到达时间字段,但没有成功。
我想到的第一个解决方案显然是 packet.frame.time ,它通常看起来应该可以工作,但我得到: raise AttributeError(f"没有名为 {item} 的属性") 属性错误:没有名为框架的属性
即使所有数据包在我的 pcap 文件中都有这一层 有人知道我该如何解决它吗?
下面是一个基本示例 - 要转储捕获,您可以(至少检查数据包结构)并应用适当的方法来访问您需要的字段。如前所述,还应查阅文档。
cat dgstar.py
from pyshark import FileCapture
data=FileCapture(input_file='pcap.pcapng')
iters=1
for frame in data:
print( 'packet {iters}', frame )
iters += 1
if iters > 10:
break
python3 dgstar.py
packet 1: Packet (Length: 218)
Layer ETH
: Destination: ac:f8:cc:cb:c7:1e
Address: ac:f8:cc:cb:c7:1e
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 1c:c1:de:33:9d:9c
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Address: 1c:c1:de:33:9d:9c
Layer IP
: 0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 204
Identification: 0x3b79 (15225)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x4765 [validation disabled]
Header checksum status: Unverified
Source: 192.168.0.17
Destination: 217.146.92.247
Layer UDP
: Source Port: 36963
Destination Port: 51820
Length: 184
Checksum: 0xf80c [unverified]
Checksum Status: Unverified
Stream index: 0
Timestamps
Time since first frame: 0.000000000 seconds
Time since previous frame: 0.000000000 seconds
Layer WG
: Type: Transport Data (4)
Reserved: 000000
Receiver: 0x16ff7c22
Counter: 9
Encrypted Packet
...
希望这对您有所帮助。