using pyshark to filter and to choose the first GET packet

Question

I am using pyshark to filter a saved pcap file . the filter I'm using is:

http.request.method == GET && !ip.ttl==180 && ip.src==100.100.19.42

(at the end there is a link to a screenshot of the pcap file after using this filter.) my question is, how can I get to and print the HTTP layer contents of the GET packet(found in second row as shown in screenshot) using python code.enter image description here Is there a way to search for the first GET packet and find it?

Anyone?? I really need help in this... – Elias Shourosh Feb 01 '18 at 07:03 — Elias Shourosh, Feb 01 '18 at 07:03

score 1 · Accepted Answer · answered Jul 18 '18 at 17:41

You could use scapy instead.

from scapy.all import *
packets = rdpcap('your_capture.pcap')
for packet in packets:
    if packet['IP'].ttl != 180 and packet['IP'].src == '100.100.19.42':
        try:
            if 'GET' in packet['Raw'].load:
                print 'GET:',packet['Raw'].load
                return packet
        except:
            pass

using pyshark to filter and to choose the first GET packet

1 Answers1