0

I am trying to find a way to access the MAC address of a packet, or at the very least how to access the ethernet layer(or if it is possible in the first place??). I know that pyshark has the ethernet layer, but have not found any documentation to tell me how access the information within it. I have been using this documentation so far: https://github.com/johnbumgarner/pyshark_packet_analysis (John if you see this thank you for your fantastic work).

I first tried to access the ethernet layer this way, as I understand from my traffic that the source and destination MAC addresses are included there.

macList = []
for pkt in cap:
    if ("ETH Layer" in pkt.layers):
        print(pkt.layers.ETH)
        print("ETH packet")

After this I would like to append the MAC address to a list:

        macList.append(pkt.layers.ETH)
brotherbrick
  • 3
  • 1

1 Answers1

0

You can access this information by calling packet.eth._all_fields and packet.eth._all_fields.values()

import pyshark

capture = pyshark.LiveCapture(interface='en0')
for packet in capture:
    if 'ETH Layer' in str(packet.layers):
        field_names = packet.eth._all_fields
        field_values = packet.eth._all_fields.values()
        for field_name, field_value in zip(field_names, field_values):
            print(f'{field_name}: {field_value}')

Output

eth.dst: 30:b5:c2:eb:4c:b0
eth.dst_resolved: 30:b5:c2:eb:4c:b0
eth.dst.oui: 3192258
eth.dst.oui_resolved: Tp-Link Technologies Co.,Ltd.
eth.addr: 30:b5:c2:eb:4c:b0
eth.addr_resolved: 30:b5:c2:eb:4c:b0
eth.addr.oui: 3192258
eth.addr.oui_resolved: Tp-Link Technologies Co.,Ltd.
eth.dst.lg: 0
eth.lg: 0
eth.dst.ig: 0
eth.ig: 0
eth.src: 08:00:27:af:f8:3f
eth.src_resolved: 08:00:27:af:f8:3f
eth.src.oui: 524327
eth.src.oui_resolved: PCS Computer Systems GmbH
eth.src.lg: 0
eth.src.ig: 0
eth.type: 0x86dd
truncated....
Life is complex
  • 15,374
  • 5
  • 29
  • 58