I am using pyshark to open and parse pcap files. Currently I've been able to access the packet fields. But I cannot seem to find a way to access the hexdump value of each packet. Is there any way to do that?
Asked
Active
Viewed 925 times
2
B Faley
- 17,120
- 43
- 133
- 223
-
Answered [here](https://stackoverflow.com/a/54140103/765294). – Will Jan 11 '19 at 04:25
1 Answers
1
According to the homepage of PyShark:
[PyShark] doesn't actually parse any packets, it simply uses tshark's (wireshark command-line utility) ability to export XMLs to use its parsing.
The XML exported by tshark is either PSML (Packet Summary Markup Language) or PDML (Packet Details Markup Language) and neither of these format store the full hexadecimal dump of packets.
After digging into the source code and considering the point above, I can say that the feature you are looking for is not implemented in PyShark.
Ortomala Lokni
- 56,620
- 24
- 188
- 240
-
This answer is wrong as far as I can tell. In all my tests the PDML output that Pyshark uses contains the full payload hexdump as the value of the field named "data.data", which is accessible as-is in Pyshark -- see my answer to another question [here](https://stackoverflow.com/a/54140103/765294). – Will Jan 11 '19 at 04:21