Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai2021-06-09 09:44:02
Parsing
Nikolai, 2021-06-09 09:44:02

Splitting pcap into sessions using the scapy module?

There is a large pcap file compiled with Wireshark. It is necessary to separate TCP and UDP sessions from it using the scapy module. It is clear that it is not difficult to write, highlighting TCP sessions using ip_src:port - ip_dst:port, but maybe there are ready-made solutions?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2021-06-17
@avorsa 

for (packet_data, packet_metadata) in RawPcapReader(infile):   # перебираем все пакеты
    ether_pkt = Ether(packet_data)  # выделяем слой Ethernet
    ip_pkt = ether_pkt[IP] # дальше слой IP
    if ip_pkt.haslayer(TCP): # проверяем есть ли TCP слой ниже
        # раскладываем пакеты по разным спискам
        # чтобы в конце записать их в файл с помощью конструкции 
        # wrpcap("any_file.pcap", list_of_packets)

Same with UDP.
Alternatively, all this can be done with filters in Wireshark

Similar questions
V
vasIvas2015-09-04 20:14:55
Why did mongodb stop starting? 2Reply
K
khodos_dmitry2020-12-30 23:12:25
How to cancel javascript execution when parsing with headless chrome? 0Reply
V
Viktor Usachov2016-11-28 20:54:39
How to change DOM from Python? 1Reply
S
StasyaMorgen2021-01-05 17:53:09
How to create a Python parser to collect detailed information? 1Reply
E
Elizabeth Lawrence2019-04-27 20:29:37
Why is MultiCurl extremely slow when using cookies? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question