Reputation: 102
I have a wireshark .pcap file and i want to get all the assets (urls, ip's, pc names etc..) from this file. i tried to use some examples i found online, but i'm having some problems getting those items. i managed to find the dst and src ip address, but thats all.
this is my current code:
import pyshark
cap = pyshark.FileCapture('dor.pcap')
count = 0
for pkt in cap:
ip_source = pkt.ip.__dict__["_all_fields"]["ip.src"]
ip_address = pkt.ip.__dict__["_all_fields"]["ip.dst"]
Upvotes: 2
Views: 15464
Reputation: 15629
This should work with your Wireshark pcap file to obtain the source and destination addresses and ports. The output could be modified (e.g., csv, dictionary) to fit your specific requirements.
Please provide more details on the other items that you would like to parse from a pcap file.
import pyshark
def network_conversation(packet):
try:
protocol = packet.transport_layer
source_address = packet.ip.src
source_port = packet[packet.transport_layer].srcport
destination_address = packet.ip.dst
destination_port = packet[packet.transport_layer].dstport
return (f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}')
except AttributeError as e:
pass
capture = pyshark.FileCapture('test.pcap')
conversations = []
for packet in capture:
results = network_conversation(packet)
if results != None:
conversations.append(results)
# this sorts the conversations by protocol
# TCP and UDP
for item in sorted(conversations):
print (item)
Upvotes: 2