How i remove duplicacy from incoming dhcp packets?

Question

what to do so it doesn't show duplicate entry until there is an update in mac or ip. i want to print only when i got mentioned fields


capture = pyshark.LiveCapture(interface='wlo2', bpf_filter='udp port 68')
capture.sniff_continuously(packet_count=16)


fields = {}

for packet in capture:
    fields['mac'] = packet.dhcp.hw_mac_addr
    try:
        fields['vendor'] = packet.dhcp.option_vendor_class_id
        fields['h_name'] = packet.dhcp.option_hostname
        fields['ip'] = packet.dhcp.option_requested_ip_address
        fields['sub_mask'] = packet.dhcp.option_subnet_mask
        fields['server_ip'] = packet.dhcp.option_dhcp_server_id
        fields['domain_name'] = packet.option.dhcp.option_domain_name
        fields['dns'] = packet.dhcp.option_domain_name_server
    except AttributeError:
        pass
    try:
        print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
    except KeyError:
        print('key not found')```

```key not found
2021-12-02 11:08:19.485258 34:1c:f0:6a:c9:00 192.168.1.5 M2006C3MII-Redmi9 android-dhcp-10
2021-12-02 11:25:19.461249 e0:13:b5:8f:xx:xx 192.168.1.5 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:25:19.769917 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:26:44.359756 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0

score 0 · Accepted Answer · answered Dec 02 '21 at 06:21

0

you need to deduplicate the packets yourself, i.e. by storing past packet ip/mac combinations in a set

fields = {}
already_seen_mac_ips = set() # set of (mac, ip) tuples
for packet in capture:
    fields['mac'] = packet.dhcp.hw_mac_addr
    try:
        fields['vendor'] = packet.dhcp.option_vendor_class_id
        fields['h_name'] = packet.dhcp.option_hostname
        fields['ip'] = packet.dhcp.option_requested_ip_address
        fields['sub_mask'] = packet.dhcp.option_subnet_mask
        fields['server_ip'] = packet.dhcp.option_dhcp_server_id
        fields['domain_name'] = packet.option.dhcp.option_domain_name
        fields['dns'] = packet.dhcp.option_domain_name_server
    except AttributeError:
        pass
    try:
        mac_ip = (fields['mac'], fields['ip'])
        if mac_ip not in already_seen_mac_ips:
            print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
            already_seen_mac_ips.add(mac_ip)
    
    except KeyError:
        print('key not found')```

answered Dec 02 '21 at 06:21

vinzenz

669
3
14

it's working, ty – roXx Dec 02 '21 at 13:47
But what if an ip will change of mac address, will it work? – roXx Dec 02 '21 at 13:51
an existing mac adress with a new ip will still result in a tuple that's not in the set -> the line will print – vinzenz Dec 02 '21 at 14:10
how can i add a counter on it like how much time i received a packet – roXx Dec 03 '21 at 10:47
use a `dict` instead of `set` – vinzenz Dec 03 '21 at 10:59
i defined empty dict and .update the mac_ip value in it, but it gives value error. can u share code how will i do that – roXx Dec 03 '21 at 11:22
`if mac_ip not in already_seen_mac_ips: already_seen_mac_ips[mac_ip] = 1 else: already_seen_mac_ips[mac_ip] += 1` – vinzenz Dec 03 '21 at 12:10
Traceback (most recent call last): File "/home/sipl/PycharmProjects/arpfind/arp1.py", line 28, in already_seen_mac_ips.add[mac_ip] = 1 TypeError: 'builtin_function_or_method' object does not support item assignment – roXx Dec 03 '21 at 13:28
this should've been a second question.... you need to replace `already_seen_mac_ips.add` with `already_seen_mac_ips[mac_ip] = 1` – vinzenz Dec 03 '21 at 13:46
Also there is some default in above ur answered code. It gives previous mac or ip if the mac or ip field isn't received in current packet @vinzBad – roXx Dec 03 '21 at 13:50
not giving any packet count @vinzBad – roXx Dec 03 '21 at 14:16
please post a new question – vinzenz Dec 03 '21 at 15:21

How i remove duplicacy from incoming dhcp packets?

1 Answers1