如何仅获取通过pyshark获得的包的层的数值？答案

【问题标题】：How to get only the number values of the layer of a package obtained through pyshark?如何仅获取通过pyshark获得的包的层的数值？
【发布时间】：2019-02-07 20:02:43
【问题描述】：

我正在使用 pyshark 从捕获文件中读取数据包。我可以访问包的sv.smpCnt 层和所有值进行分析。我不能只提取数值，没有文本<LayerField sv.smpCnt:>。

import pyshark
import numpy as np    

capture = pyshark.FileCapture('teste3.pcapng',display_filter='eth.type==0x88ba')  # Ethernet type 0x88ba (Simple Values Transmission)

pkt = capture[1]
B=(pkt.sv.smpCnt.all_fields)

得到的元素B是：

[<LayerField sv.smpCnt: 10848>, <LayerField sv.smpCnt: 10849>, <LayerField sv.smpCnt: 10850>, <LayerField sv.smpCnt: 10851>, <LayerField sv.smpCnt: 10852>, <LayerField sv.smpCnt: 10853>, <LayerField sv.smpCnt: 10854>, <LayerField sv.smpCnt: 10855>]

包很长，我只展示一部分：

Packet (Length: 777)
Layer ETH:
    Destination: 01:0c:cd:04:00:00
    Address: 01:0c:cd:04:00:00
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 00:50:c2:4f:91:99
    Type: IEC 61850/SV (Sampled Value Transmission (0x88ba)
    Address: 00:50:c2:4f:91:99
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Layer SV:
    APPID: 0x4000
    Length: 763
    Reserved 1: 0x0000 (0)
    Reserved 2: 0x0000 (0)
    savPdu
    noASDU: 8
    seqASDU: 8 items
    ASDU
    svID: 0000MU0102
    smpCnt: 10848
    confRef: 1
    smpSynch: local (1)
    PhsMeas1
    value: 150470
    quality: 0x00000000, validity: good, source: process
    .... .... .... .... .... .... .... ..00 = validity: good (0x0)
    .... .... .... .... .... .... .... .0.. = overflow: False
    .... .... .... .... .... .... .... 0... = out of range: False
    .... .... .... .... .... .... ...0 .... = bad reference: False
    .... .... .... .... .... .... ..0. .... = oscillatory: False
    .... .... .... .... .... .... .0.. .... = failure: False
    .... .... .... .... .... .... 0... .... = old data: False
    .... .... .... .... .... ...0 .... .... = inconsistent: False
    .... .... .... .... .... ..0. .... .... = inaccurate: False
    .... .... .... .... .... .0.. .... .... = source: process (0x0)
    .... .... .... .... .... 0... .... .... = test: False
    .... .... .... .... ...0 .... .... .... = operator blocked: False
    .... .... .... .... ..0. .... .... .... = derived: False
    ASDU
    ASDU
    ASDU
    ASDU
    ASDU
    ASDU
    ASDU
    svID: 0000MU0102
    svID: 0000MU0102
    svID: 0000MU0102
    svID: 0000MU0102
    svID: 0000MU0102
    svID: 0000MU0102
    svID: 0000MU0102
    smpCnt: 10849
    smpCnt: 10850
    smpCnt: 10851
    smpCnt: 10852
    smpCnt: 10853
    smpCnt: 10854
    smpCnt: 10855
    confRef: 1

我想从B 得到一个向量，它只包含两点之后的数值。有人可以帮我吗？

【问题讨论】：

标签： python package wireshark pyshark

【解决方案1】：

试试：

pkt.sv.get_field_by_showname("name of field")

【讨论】：

科迪·格雷，感谢您的回答。我做了你建议的pkt.sv.get_field_by_showname("smpCnt")，但我只能得到第一个字段值10848。我想获取 only mode 的所有值。
Ram Ghadiyaram，我应该通过以太网实时或通过wireshark捕获读取数据。这些数据通过变电站的相位计量单元 (PMU) 获得，格式为 C37.111-1999 - IEEE 电力系统瞬态数据交换标准通用格式 (COMTRADE)。阅读后，我必须读取数据并存储它们以进行处理和分析。所以，我只想存储我感兴趣的字段smpCnt 的数值。为了加快处理时间，我想一次性快速地从图层中获取数据。