0

I used scapy to sniff packets, but Scapy can't return the packet info like PyShark(Wireshark). For example:

>>> cap = pyshark.FileCapture('test.pcap', only_summaries=True)
>>> cap[1].info
'FTP Data: 1460 bytes'

>>> cap[2].info
'Response: 150 Opening BINARY mode data connection for Notes chapter2.pdf(14868284 bytes)'

>>> type(cap[2])
<class 'pyshark.packet.packet_summary.PacketSummary'>

This feature is what I really want, but I only have packet raw byte array or Scapy dataframe. Is it a solution to convert byte array to PyShark dataframe? Because my computer has weird issues when sniffing using PyShark.

user6456568
  • 579
  • 9
  • 23

1 Answers1

1

If you have the packet as a byte variable, you can read it in Pyshark with:

c = pyshark.InMemCapture()
c.parse_packet(binary_packet)
c.parse_packets(list_of_binary_packets) # More efficient
KimiNewt
  • 501
  • 3
  • 14
  • It does give me what I want. However, I notice that when I use this code in a new thread, sometimes it just freeze in the process of `parse_packet` and then occurs a `Timeout Error` and cannot give a result. What's more, I also notice that a new process named `dumpcap` is opened and it seems to interfere with my `scapy` sniff. – user6456568 Dec 14 '17 at 12:18
  • First `self.eventloop.run_until_complete(self._get_parsed_packet_from_tshark(callback))` and then `RuntimeError: Event loop is running.` Do you know the reason? – user6456568 Dec 14 '17 at 12:21
  • @KimiNewt After parsing the packet with pyshark, can I return it to binary format again? – Ahmed Hussein Feb 26 '19 at 13:20