I would like to access values from LS Update Packet (Numbers of LSA, types, etc ), but it seems i'm stuck. I tried both options, for loop and apply on capture, i still cannot get
Asked
Active
Viewed 131 times
1 Answers
1
I'm not sure how you want to process the values that you are seeking.
The code below will allow you to query and extract OSPF information from a pcap file using pyshark.FileCapture. You can do the same thing using pyshark.LiveCapture
The `pcap' file that I used is from Wireshark sample captures
import pyshark
capture = pyshark.FileCapture('hsrp-and-ospf-in-LAN')
for packet in capture:
if hasattr(packet, 'ospf'):
field_names = packet.ospf._all_fields
for field_name in field_names:
print(field_name)
# output snippet
ospf.lsa.age
ospf.lsa.donotage
ospf.v2.options
ospf.v2.options.dn
ospf.v2.options.o
ospf.v2.options.dc
ospf.v2.options.l
ospf.v2.options.n
ospf.v2.options.mc
ospf.v2.options.e
ospf.v2.options.mt
ospf.lsa
ospf.lsa.summary
ospf.lsa.id
ospf.advrouter
ospf.lsa.seqnum
ospf.lsa.chksum
ospf.lsa.length
print('\n')
You can get the field values using this:
import pyshark
capture = pyshark.FileCapture('hsrp-and-ospf-in-LAN')
for packet in capture:
if hasattr(packet, 'ospf'):
field_names = packet.ospf._all_fields
field_values = packet.ospf._all_fields.values()
for field_name in field_names:
for field_value in field_values:
print(f'Field Name:{field_name} -- Field Value: {field_value}')
print('\n')
Again I don't know how you want to filter. Below is one way to filter the LSA packet information.
import pyshark
capture = pyshark.FileCapture('hsrp-and-ospf-in-LAN')
for packet in capture:
if hasattr(packet, 'ospf'):
field_names = packet.ospf._all_fields
field_values = packet.ospf._all_fields.values()
for field_name in field_names:
if 'lsa' in field_name:
for field_value in field_values:
print(f'Field Name:{field_name} -- Field Value: {field_value}')
print('\n')
Here is a document that I wrote on using PyShark for packet analysis
Life is complex
- 15,374
- 5
- 29
- 58