Reputation: 178
Find answer to tcp packet in PCAP with scapy
I parse pcap file with scapy python , and there is TCP packet in that pcap that I want to know what is the answer of this pcaket, How can I do that?
For example : client and server TCP stream
client-> server : "hi" server-> client : "how are you"
When I get "hi" packet (with scapy) how can I get "how are you" ?
Upvotes: 5
Views: 1212
Answers (1)
Reputation: 249133
Look at the TCP sequence number of the message from the client. Call this SeqC.
Then look for the first message from the client whose TCP acknowledgement sequence is higher than SeqC (usually it will be equal to SeqC plus the size of the client's TCP payload). Call this PacketS1.
Starting with PacketS1, collect the TCP payloads from all packets until you see a packet sent by the server with the TCP PSH (push) flag set. This suggests the end of the application-layer message. Call these payloads PayloadS1 to PayloadSN.
Concatenate PayloadS1 to PayloadSN. This is the likely application-layer response to the client message.
Upvotes: 2
Related Questions
- Extracting TCP data with Scapy
- How can I receive two answers to one packet using scapy?
- Scapy - TCPSession from list of packets
- Fetch source address and port number of packet - Scapy script
- Get TCP Flags with Scapy
- Get info string from scapy packet
- iterate through pcap file packet for packet using python/scapy
- Capture TCP-Packets with Python
- Python Scapy and read a pcap in reverse mode
- Help in scapy and pcapy