Why does this python code work in linux but not windows?

Question

I'm trying to check the location of a captured packet file. It works perfectly fine if I run it in ubuntu, but if I switch and run it in windows every time it hits a IPv6 packet it stops. I'm wanting it to just skip it and go on to the next packet like it does in ubuntu but it doesn't. It just stops the for loop whenever it hits the v6 IP addy.

Any ideas how to fix this?

def printPcap(pcap):
    for (ts, buf) in pcap:
        try:
            eth = dpkt.ethernet.Ethernet(buf)
            ip = eth.data
            src = socket.inet_ntoa(ip.src)
            dst = socket.inet_ntoa(ip.dst)
            print '[+] Src: ' + src + ' --> Dst: ' + dst
            print '[+] Src: ' + retGeoStr(src) + ' --> Dst: ' + retGeoStr(dst) + '\n'
        except:
            pass

If I print out the error the except catches it prints:

Packet IP wrong length for inet_ntoa

I'm pretty sure this is because its the IPv6 which then I would expect it to go on to the next packet, but it also prints out this error:

'str' object has no attribute 'src'

I think this is what is causing my problem.

Like I said it will work fine up until the point it hits that v6 address and it works fine on ubuntu. I'm puzzled.

`print` variables to see what you exactly get - maybe it help you to find solution. — furas, Jun 29 '14 at 23:29
Never use a bare `except` to catch all exceptions... And especially not when you're debugging. — Wooble, Jun 29 '14 at 23:44
possible duplicate of [Parsing pcap files with dpkt (Python)](http://stackoverflow.com/questions/6337878/parsing-pcap-files-with-dpkt-python) — Nir Alfasi, Jun 29 '14 at 23:50
dpkt.ethernet.Ethernet.get_type may be something to look at. — shaunc, Jun 29 '14 at 23:53
Thanks for the tips. If I come across any new info ill post. — RabidGorilla, Jun 29 '14 at 23:56

score 2 · Answer 1 · answered Jul 06 '14 at 17:56

Packet IP wrong length for inet_ntoa

inet_ntoa is for IPv4 only. The reason it works on one system and not on the other is probably because you get IPv6 packets only on one of the systems.

From the documentation at https://docs.python.org/2/library/socket.html

socket.inet_ntoa(packed_ip) Convert a 32-bit packed IPv4 address (a string four characters in length) to its standard dotted-quad string representation (for example, ‘123.45.67.89’). This is useful when conversing with a program that uses the standard C library and needs objects of type struct in_addr, which is the C type for the 32-bit packed binary data this function takes as an argument.

If the string passed to this function is not exactly 4 bytes in length, socket.error will be raised. inet_ntoa() does not support IPv6, and inet_ntop() should be used instead for IPv4/v6 dual stack support.

score 1 · Answer 2 · answered Nov 17 '14 at 15:53

1

Note that the socket library do not have the inet_ntop function under windows. only Linux. You can use the IPy Python library under windows for taking care of IPv6 addresses this way:

ip = eth.data
src = IPy.IP(ip.src.encode('hex'))

answered Nov 17 '14 at 15:53

Hod Gavriel

95
8

Why does this python code work in linux but not windows?

2 Answers2