diff --git a/docs/print_http_requests.rst b/docs/print_http_requests.rst index 5742e32..a4785f5 100644 --- a/docs/print_http_requests.rst +++ b/docs/print_http_requests.rst @@ -19,9 +19,8 @@ that use DPKT (http://chains.readthedocs.io and others) # Unpack the Ethernet frame (mac src/dst, ethertype) eth = dpkt.ethernet.Ethernet(buf) - # Make sure the Ethernet frame contains an IP packet - # EtherType (IP, ARP, PPPoE, IP6... see http://en.wikipedia.org/wiki/EtherType) - if eth.type != dpkt.ethernet.ETH_TYPE_IP: + # Make sure the Ethernet data contains an IP packet + if not isinstance(eth.data, dpkt.ip.IP): print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__ continue @@ -29,7 +28,7 @@ that use DPKT (http://chains.readthedocs.io and others) ip = eth.data # Check for TCP in the transport layer - if hasattr(ip, 'data') and ip.data.__class__.__name__ == 'TCP': + if isinstance(ip.data, dpkt.tcp.TCP): # Set the TCP data tcp = ip.data diff --git a/docs/print_icmp.rst b/docs/print_icmp.rst index 271147f..502218a 100644 --- a/docs/print_icmp.rst +++ b/docs/print_icmp.rst @@ -14,9 +14,8 @@ This example expands on the print_packets example. It checks for ICMP packets an # Unpack the Ethernet frame (mac src/dst, ethertype) eth = dpkt.ethernet.Ethernet(buf) - # Make sure the Ethernet frame contains an IP packet - # EtherType (IP, ARP, PPPoE, IP6... see http://en.wikipedia.org/wiki/EtherType) - if eth.type != dpkt.ethernet.ETH_TYPE_IP: + # Make sure the Ethernet data contains an IP packet + if not isinstance(eth.data, dpkt.ip.IP): print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__ continue @@ -24,7 +23,7 @@ This example expands on the print_packets example. It checks for ICMP packets an ip = eth.data # Now check if this is an ICMP packet - if hasattr(ip, 'data') and ip.data.__class__.__name__ == 'ICMP': + if isinstance(ip.data, dpkt.icmp.ICMP): icmp = ip.data # Pull out fragment information (flags and offset all packed into off field, so use bitmasks) diff --git a/docs/print_packets.rst b/docs/print_packets.rst index e11f7bb..20e4af7 100644 --- a/docs/print_packets.rst +++ b/docs/print_packets.rst @@ -19,8 +19,7 @@ focused on the fields in the Ethernet Frame and IP packet print 'Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type # Make sure the Ethernet frame contains an IP packet - # EtherType (IP, ARP, PPPoE, IP6... see http://en.wikipedia.org/wiki/EtherType) - if eth.type != dpkt.ethernet.ETH_TYPE_IP: + if not isinstance(eth.data, dpkt.ip.IP): print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__ continue diff --git a/examples/print_http_requests.py b/examples/print_http_requests.py index c420db8..8e8b749 100644 --- a/examples/print_http_requests.py +++ b/examples/print_http_requests.py @@ -80,6 +80,10 @@ def print_http_requests(pcap): (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset) print 'HTTP request: %s\n' % repr(request) + # Check for Header spanning acrossed TCP segments + if not tcp.data.endswith('\r\n'): + print '\nHEADER TRUNCATED! Reassemble TCP segments!\n' + def test(): """Open up a test pcap file and print out the packets"""