How to convert SPP into text2pcap readable format by python
Introduction
There are some internal tools that can decode SPP packets at former, but they are not work now. In some scenario, customer coudln’t do span on our asr9k, so we only need SPP, then will face to how to decode SPP result.
The article disscuss how to covert SPP original data to text2pcap readable format, then decode by text2pcap. You only do the script that can auto work. Btw, before do that, you need have python2.7 and text2pcap (integrate in wireshark). If you have python3.0 or newer, that maybe have some issue, because some function have a bit different, you need adjust them by yourself.
Solution
Original SPP data:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.12.04 17:12:19 =~=~=~=~=~=~=~=~=~=~=~= trace p stop Tracing stopped with 666 outstanding... spp-ui> trace print Packet serial 861 port4/classify: length 148 phys_int_index 0 next_ctx 0xdeadbeef time 09:10:41.407 00: 00 70 72 00 00 08 00 65 7a 00 00 00 ff ff 00 07 10: 80 30 00 00 00 00 0f 00 00 00 1f 00 00 00 00 00 20: 00 70 05 f2 42 fb 00 00 04 00 01 40 07 01 05 27 30: 06 03 0e 06 00 00 00 00 4c 00 00 00 00 00 58 00 40: 00 00 00 00 00 00 06 01 00 a1 13 41 92 60 00 b2 50: 64 41 8a 4c 08 00 45 c0 00 3e 00 00 00 00 fe 11 60: c8 25 12 ac 79 0d 34 df d0 01 02 86 02 86 00 2a 70: 75 5a 00 01 00 1e 3f da a4 0f 00 00 01 00 00 14 80: 00 00 00 00 04 00 00 04 00 5a c0 00 04 01 00 04 90: 3f da a4 0f 00 00 00 00 00 00 00 00 00 00 00 00 a0: 00 00 00 17 00 08 05 01 00 00 af c8 00 24 14 01 b0: 01 08 3f da d0 46 20 00 01 08 3f da d0 42 20 00 c0: 01 08 3f da d0 41 20 00 01 08 3f da d0 07 20 00 d0: 00 08 13 01 00 00 08 00 00 20 cf 07 00 00 07 16 e0: 4d 50 4c 53 2d 54 45 20 74 6f 20 76 61 72 30 31 f0: 2e 6b 6c 70 30 32 00 00 00 0c 0b 07 3f df 04 08 --------------------------