利用python简单分析抓包数据

wireshark的数据

先读一行看看长啥样

import json
data_file = r'E:\download\data.json' 
with open(data_file,'r',encoding='utf8') as f:data_list = json.loads(f.read())print(data_list[0])

用格式化工具看

完整代码&最终结果

import jsondata_file = r'E:\download\data.json'       
output_file = r'E:\download\netflow.csv'   
with open(data_file,'r',encoding='utf8') as f:data_list = json.loads(f.read())with open(output_file,'w') as f:title = 'ID,源MAC,目的MAC,SIP,DIP,SPORT,目的端口\n'f.write(title)id= 0for data_item in data_list:base_idx = data_item.get("_source").get("layers")srcmac = base_idx.get("eth").get("eth.src")dstmac =base_idx.get("eth").get("eth.dst")srcip = base_idx.get("ip").get("ip.src")dstip = base_idx.get("ip").get("ip.dst")srcport = base_idx.get("tcp").get("tcp.srcport")dstport = base_idx.get("tcp").get("tcp.dstport")id+=1try:f.write( '%s,%s,%s,%s,%s,%s,%s\n' % (line, srcmac,dstmac,srcip,dstip,srcport,dstport))except Exception as e:print(e)continue