dor mordehcai
Reputation: 102
python using pyshark to parse .pcap file
I have a wireshark .pcap file and i want to get all the assets (urls, ip's, pc names etc..) from this file. i tried to use some examples i found online, but i'm having some problems getting those items. i managed to find the dst and src ip address, but thats all.
this is my current code:
import pyshark
cap = pyshark.FileCapture('dor.pcap')
count = 0
for pkt in cap:
ip_source = pkt.ip.__dict__["_all_fields"]["ip.src"]
ip_address = pkt.ip.__dict__["_all_fields"]["ip.dst"]
Upvotes: 2
Views: 15464
Answers (1)
Life is complex
Reputation: 15629
This should work with your Wireshark pcap file to obtain the source and destination addresses and ports. The output could be modified (e.g., csv, dictionary) to fit your specific requirements.
Please provide more details on the other items that you would like to parse from a pcap file.
import pyshark
def network_conversation(packet):
try:
protocol = packet.transport_layer
source_address = packet.ip.src
source_port = packet[packet.transport_layer].srcport
destination_address = packet.ip.dst
destination_port = packet[packet.transport_layer].dstport
return (f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}')
except AttributeError as e:
pass
capture = pyshark.FileCapture('test.pcap')
conversations = []
for packet in capture:
results = network_conversation(packet)
if results != None:
conversations.append(results)
# this sorts the conversations by protocol
# TCP and UDP
for item in sorted(conversations):
print (item)
Upvotes: 2
Related Questions
- How to read pcapng (wireshark) files in Python?
- Print tcp payload from Pcap file with pyshark
- How to get protocol numbers in PCAP file?
- Using Python to Read and Print Out a PCAP
- Parsing a PCAP File in python
- Parsing the pcap file through scapy
- Parsing one field of PCAP file into a column in Python
- opening a pcap file in python
- Parsing PCAP in Python 2.6
- Wireshark error when opening .pcap dumped with pcapy