Skip to content Skip to sidebar Skip to footer
Home / Parsing / Pcap / Python

Parsing A Pcap File In Python

Post a Comment
I am trying to parse through a pcap file in python. My goal is to be able to pull out the type of TCP or UDP file it is and the time they start/end. Does anyone have any advice in

Solution 1:

I would use python-dpkt. Here is the documentation.

This is all I know how to do though sorry.

#!/usr/local/bin/python2.7import dpkt

counter=0
ipcounter=0
tcpcounter=0
udpcounter=0

filename='sampledata.pcap'for ts, pkt in dpkt.pcap.Reader(open(filename,'r')):

    counter+=1
    eth=dpkt.ethernet.Ethernet(pkt) 
    if eth.type!=dpkt.ethernet.ETH_TYPE_IP:
       continue

    ip=eth.data
    ipcounter+=1if ip.p==dpkt.ip.IP_PROTO_TCP: 
       tcpcounter+=1if ip.p==dpkt.ip.IP_PROTO_UDP:
       udpcounter+=1print"Total number of packets in the pcap file: ", counter
print"Total number of ip packets: ", ipcounter
print"Total number of tcp packets: ", tcpcounter
print"Total number of udp packets: ", udpcounter

Update:

Project on GitHub, documentation here

You may like these posts

Post a Comment for "Parsing A Pcap File In Python"