How to extract payload information and inbound/outbound ratio of packets from a pcap file?

Asked Feb 20 '18 at 11:19

Active Jul 01 '19 at 11:28

Viewed 1,033 times

I have a very large pcap file and I am looking to create a script to give me (in addition to the attributes that wireshark gives me), the payload and inbound/outbound ration of packets.

I was thinking to use something like this below but I am not sure if there is a more efficient way to do it? :

from scapy.all import *
data = "Eavesdrop_Data.pcap"
a = rdpcap(data)
os.system("tshark  -T fields -e _ws.col.Info -e http -e frame.time -e"
      "data.data -w Eavesdrop_Data.pcap > Eavesdrop_Data.txt -c 1000")
os.system("tshark -r Eavesdrop_Data.pcap -Y Eavesdrop_Data_http.pcap")
sessions = a.sessions()
i = 1
for session in sessions:
  http_payload = ""
  for packet in sessions[session]:
    print packet

edited Jul 01 '19 at 11:28

Shir

1,157
13
35

asked Feb 20 '18 at 11:19

user3755632

3

"Easier" in what way? Less lines of code, less dependencies? What is your question exactly? It looks like you have the foundation already for what you'd like to do, I'm assuming you aren't asking us to finish your script. – Litty Mar 01 '18 at 19:32

How to extract payload information and inbound/outbound ratio of packets from a pcap file?

0 Answers0