Search code examples
pythonpython-3.xnetwork-programmingdhcppyshark

How i remove duplicacy from incoming dhcp packets?

what to do so it doesn't show duplicate entry until there is an update in mac or ip. i want to print only when i got mentioned fields


capture = pyshark.LiveCapture(interface='wlo2', bpf_filter='udp port 68')
capture.sniff_continuously(packet_count=16)


fields = {}

for packet in capture:
    fields['mac'] = packet.dhcp.hw_mac_addr
    try:
        fields['vendor'] = packet.dhcp.option_vendor_class_id
        fields['h_name'] = packet.dhcp.option_hostname
        fields['ip'] = packet.dhcp.option_requested_ip_address
        fields['sub_mask'] = packet.dhcp.option_subnet_mask
        fields['server_ip'] = packet.dhcp.option_dhcp_server_id
        fields['domain_name'] = packet.option.dhcp.option_domain_name
        fields['dns'] = packet.dhcp.option_domain_name_server
    except AttributeError:
        pass
    try:
        print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
    except KeyError:
        print('key not found')```

```key not found
2021-12-02 11:08:19.485258 34:1c:f0:6a:c9:00 192.168.1.5 M2006C3MII-Redmi9 android-dhcp-10
2021-12-02 11:25:19.461249 e0:13:b5:8f:xx:xx 192.168.1.5 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:25:19.769917 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
2021-12-02 11:26:44.359756 e0:13:b5:8f:xx:xx 192.168.1.6 vivo-1807 dhcpcd-8.1.0
Solution

  • you need to deduplicate the packets yourself, i.e. by storing past packet ip/mac combinations in a set

    fields = {}
already_seen_mac_ips = set() # set of (mac, ip) tuples
for packet in capture:
    fields['mac'] = packet.dhcp.hw_mac_addr
    try:
        fields['vendor'] = packet.dhcp.option_vendor_class_id
        fields['h_name'] = packet.dhcp.option_hostname
        fields['ip'] = packet.dhcp.option_requested_ip_address
        fields['sub_mask'] = packet.dhcp.option_subnet_mask
        fields['server_ip'] = packet.dhcp.option_dhcp_server_id
        fields['domain_name'] = packet.option.dhcp.option_domain_name
        fields['dns'] = packet.dhcp.option_domain_name_server
    except AttributeError:
        pass
    try:
        mac_ip = (fields['mac'], fields['ip'])
        if mac_ip not in already_seen_mac_ips:
            print(packet.sniff_time, fields['mac'], fields['ip'], fields['h_name'], fields['vendor'])
            already_seen_mac_ips.add(mac_ip)
    
    except KeyError:
        print('key not found')```