0

I'm tryng to read a Pcap file, and after that I get the Ip's and the realtions between Ip's, I want to transform these relattions in MAC relations but I'm not sure how I have to do it.

trafico= rdpcap('example-01.pcap')

unique_streams =[]
for frame in trafico:
    packet = frame[IP]
    src = packet.src
    dst = packet.dst
    layer4_segment = packet.payload.name
    sport = packet[layer4_segment].sport
    dport = packet[layer4_segment].dport
    unique_streams.append(f"{src}:{dst}:{layer4_segment}:{sport}:{dport}")
    tre= set(unique_streams)
    for k in tre:
        print(k)

I have these code to show the Ip's source and destination and also the ports

thanks

othali
  • 3
  • 5
  • It is unclear for me what you are asking. Title asks for MAC while body of the questions asks for *"Ip's or the realtions between Ip's"* - which are in total three different things. – Steffen Ullrich Jul 15 '20 at 14:26
  • Sorry to not be very clear with the explanation, I have the relations between Ip's and also the source and destionation ports, but I don't know how to transform these relations in MAC relations... – othali Jul 15 '20 at 14:36

1 Answers1

2

I don't know how to transform these relations in MAC relations...

To get the MAC from the packet you need to look at the 'Ether' layer and not the'IP' layer:

e = frame[Ether]
print(e.src,e.dst)

e.src is the MAC for the IP packet.src etc.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • I added your code to my lines and It works. I putted in the same way, in the "for" statment but without the "print" command. e = frame[Ether] (e.src,e.dst). And after : unique_streams.append(f"{src}:{dst}:{layer4_segment}:{sport}:{dport}:{e.src}:{e.dst}"). Thanks – othali Jul 16 '20 at 13:41