Reputation: 136
Get full hexdump of parsed packet in Pyshark
I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True.
>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'
>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'
How can I get hexdump of full packet?
Upvotes: 5
Views: 4296
Answers (2)
Reputation: 6737
If you need to parse your packet (before having the hexdump of full packet) you may have you a look on pyshark_parser
Upvotes: -1
Reputation: 529
Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.
As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).
Upvotes: 0
Related Questions
- pyshark: access raw udp payload
- Pulling data from pyshark
- How can I access a udp payload with pyshark?
- Print tcp payload from Pcap file with pyshark
- How to convert pyshark packet to binary value
- pyshark - data from TCP packet
- How to decode a packet in PyShark as decode_as
- How to use Python to extract packet information from hexdump?
- Is it possible to access the hexdump of a packet in PyShark?
- pyshark to capture and parse packets in remote server