Issue reading packets from a pcap file. dpkt module. What gives?

Question

I am running the following test script to try to read packets from a sample .pcap file I have downloaded. It won't seem to run. I have all of the modules, but no examples seem to be running.

import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file("test1.pcap", "rb"))
for ts, data in pcapReader:
    ether = dpkt.ethernet.Ethernet(data)
    if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
    ip = ether.data
    src = socket.inet_ntoa(ip.src)
    dst = socket.inet_ntoa(ip.dst)
    print "%s -> %s" % (src, dst)

For some reason, this is not being interpreted properly. When running it, I get

KeyError: 138

module body   in test.py at line 4
function __init__     in pcap.py at line 105
Program exited.

Why is this? What's wrong? Is there an issue with my installation? I'm using Python 2.6 on a mac

Answer 1

Well you seem to be short of assistance ... I don't know a pcap from a kneecap, so all I can do is try to help you help yourself. Suggestions:

(1) Have you had a look at line 105 of pcap.py? I guess that the "KeyError: 138" means that it is trying to access a dictionary, but the dictionary doesn't have 138 (or "138") as a key. What is the variable containing 138? A byte from a packet?

(2) Consider asking the author/maintainer of pcap.

(3) Consider providing a URL for pcap.