losang
Reputation: 85
Accessing the data field in a pcap dump file in python
I am using the following code:
import pyshark
cap = pyshark.FileCapture('/home/my_location/python_parse/my_file.pcap')
count = 0;
for caps in cap:
print caps.pretty_print();
print "Count is " + str(count)
count+=1;
My pcapfile is located here https://1drv.ms/u/s!Aj1_HY10QdBTa5zNMcZadSK3qAM If someone has any alternative hosting site, I am ready to put it up at that location also.
I am unable to access the data field using pyshark. When I open up the pcap file in wireshark , I can see the data in this field:
Can anyone offer any suggestion?
Upvotes: 4
Views: 712
Answers (1)
Ortomala Lokni
Reputation: 62466
You can use the usb_capdata field of the DATA layer.
import pyshark
caps = pyshark.FileCapture('/home/my_location/python_pars/my_file.pcap')
print caps[10].layers[1].usb_capdata
Will output the same as wireshark :
'80:08:0b:82:00:00:85:97:8a:86:00:00'
Upvotes: 1
Related Questions
- Reading PCAP file with scapy
- How to read pcapng (wireshark) files in Python?
- Using Python to Read and Print Out a PCAP
- Reading part of pcap file in Scapy
- Extract specific bytes in payload from a pcap file using scapy
- Parsing a PCAP File in python
- python using pyshark to parse .pcap file
- Parsing one field of PCAP file into a column in Python
- Get specific bytes in payload from a pcap file
- How to extract the "info" field from a pcap file?