Archive

Archive for 十二月 6th, 2017

How to convert SPP into text2pcap readable format

Introduction

There are some internal tools that can decode SPP packets at former, but they are not work now. In some scenario, customer coudln’t do span on our asr9k, so we only need SPP, then will face to how to decode SPP result.

The article disscuss how to covert SPP original data to text2pcap readable format, then decode by text2pcap. You only do the script that can auto work. Btw, before do that, you need have python2.7 and text2pcap (integrate in wireshark). If you have python3.0 or newer, that maybe have some issue, because some function have a bit different, you need adjust them by yourself.

Solution

Original SPP data:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.12.04 17:12:19 =~=~=~=~=~=~=~=~=~=~=~=
trace p stop
Tracing stopped with 666 outstanding...
spp-ui> trace print
Packet serial 861
port4/classify:
  length 148 phys_int_index 0 next_ctx 0xdeadbeef time 09:10:41.407
  00: 00 70 72 00 00 08 00 65 7a 00 00 00 ff ff 00 07 
  10: 80 30 00 00 00 00 0f 00 00 00 1f 00 00 00 00 00 
  20: 00 70 05 f2 42 fb 00 00 04 00 01 40 07 01 05 27 
  30: 06 03 0e 06 00 00 00 00 4c 00 00 00 00 00 58 00 
  40: 00 00 00 00 00 00 06 01 00 a1 13 41 92 60 00 b2 
  50: 64 41 8a 4c 08 00 45 c0 00 3e 00 00 00 00 fe 11 
  60: c8 25 12 ac 79 0d 34 df d0 01 02 86 02 86 00 2a 
  70: 75 5a 00 01 00 1e 3f da a4 0f 00 00 01 00 00 14 
  80: 00 00 00 00 04 00 00 04 00 5a c0 00 04 01 00 04 
  90: 3f da a4 0f 00 00 00 00 00 00 00 00 00 00 00 00 
  a0: 00 00 00 17 00 08 05 01 00 00 af c8 00 24 14 01 
  b0: 01 08 3f da d0 46 20 00 01 08 3f da d0 42 20 00 
  c0: 01 08 3f da d0 41 20 00 01 08 3f da d0 07 20 00 
  d0: 00 08 13 01 00 00 08 00 00 20 cf 07 00 00 07 16 
  e0: 4d 50 4c 53 2d 54 45 20 74 6f 20 76 61 72 30 31 
  f0: 2e 6b 6c 70 30 32 00 00 00 0c 0b 07 3f df 04 08 
--------------------------

完整阅读