Some protocols numbers are:
6 TCP Transmission Control [RFC793] ... 17 UDP User Datagram [RFC768]
by IANA.
import pyshark
pkts = pyshark.FileCapture('testes.pcap')
I just want to print all protocols number in PCAP file and save then in a file. How can I get it using pyshark?
Have you looked at the documentation for pyshark? The README shows you how to read data from individual packets. Given your example, we can get the first packet like this:
>>> pkt = next(pkts)
>>> pkt
<UDP/DNS Packet>
We can introspect pkt to see what fields are available:
>>> dir(pkt)
['__class__', '__contains__', '__delattr__', '__dict__', '__dir__',
[...]
'get_multiple_layers', 'highest_layer', 'interface_captured', 'ip',
[...]
Since you're looking for protocol information, ip seems as if it might be useful (assuming you're asking about ip protocol numbers). Let's see what that contains:
>>> dir(pkt.ip)
['DATA_LAYER', '__class__', '__delattr__', '__dict__', '__dir__',
[...]
'addr', 'checksum', 'checksum_status', 'dsfield', 'dsfield_dscp',
'dsfield_ecn', 'dst', 'dst_host', 'field_names', 'flags', 'flags_df',
'flags_mf', 'flags_rb', 'frag_offset', 'get_field',
'get_field_by_showname', 'get_field_value', 'hdr_len', 'host', 'id',
'layer_name', 'len', 'pretty_print', 'proto', 'raw_mode', 'src',
'src_host', 'ttl', 'version']
I'm going to guess proto is what we want.
>>> pkt.ip.proto
17
And indeed, 17 is the ip protocol number for UDP. So if you just wanted a list of protocol numbers, you could ask for (this output is from a local packet trace):
>>> [pkt.ip.proto for pkt in pkts if hasattr(pkt, 'ip')]
['17', '17', '17', '17', '6', '6', '6', '6', '6', '6', '6', '6', '6', '17', '17', '6', '6', '17', '17', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '6', '1', '1', '1', '1', '1', '1', '1', '1']
(We're using that hasattr check because non-ip packets don't have an ip attribute)
