Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai2021-06-09 09:44:02
Parsing
Nikolai, 2021-06-09 09:44:02

Splitting pcap into sessions using the scapy module?

There is a large pcap file compiled with Wireshark. It is necessary to separate TCP and UDP sessions from it using the scapy module. It is clear that it is not difficult to write, highlighting TCP sessions using ip_src:port - ip_dst:port, but maybe there are ready-made solutions?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2021-06-17
@avorsa 

for (packet_data, packet_metadata) in RawPcapReader(infile):   # перебираем все пакеты
    ether_pkt = Ether(packet_data)  # выделяем слой Ethernet
    ip_pkt = ether_pkt[IP] # дальше слой IP
    if ip_pkt.haslayer(TCP): # проверяем есть ли TCP слой ниже
        # раскладываем пакеты по разным спискам
        # чтобы в конце записать их в файл с помощью конструкции 
        # wrpcap("any_file.pcap", list_of_packets)

Same with UDP.
Alternatively, all this can be done with filters in Wireshark

Similar questions
L
lexstile2018-06-22 14:26:05
How to get all football matches going to live? 1Reply
S
SpideR-KOSS2018-06-24 21:34:52
Yandex Market catalog parser? 1Reply
S
S3D8K2021-09-24 11:53:54
How to get the src attribute of an img tag when parsing with BS4? 1Reply
L
libertyswift2016-02-14 21:05:37
How to parse multiple pages by one xpath? 2Reply
V
VZVZ2016-02-16 15:10:34
How to correctly name the separator string, which is used to separate different entities in text formats such as "key-value"? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question