-1

The information I'd like to automate retrieval of via Bash or Python is what's contained in the Packet Details pane for the last layer, when viewing DIS protocol captured packets.

So far I've gotten to the point where I can read the Packet Bytes pane information with the Scapy library in Python, but this is much harder for me to interpret/work with. 

from scapy.all import sniff
capture = sniff(filter="dst 10.6.255.255 and port 3000", count=5)
packet = capture[0]
print(packet.show())
raw = packet.lastlayer()

from scapy.utils import hexdump
hexdump(raw)

Is there any way that I can get the Packet Details pane information instead with Python or Bash?

Austin
  • 6,921
  • 12
  • 73
  • 138

2 Answers2

1

Have you tried things like:

tshark -r file.pcap -O dis

or even

tshark -r file.pcap -Y dis -T pdml > file.pdml

Refer to the tshark man page for more information on these options and to the Wireshark PDML wiki page for more information about the "Packet Description Markup Language".

Christopher Maynard
  • 5,702
  • 2
  • 17
  • 23
  • Hi, thanks. the Packet Description Markup Language is probably what I'm looking for! Is there a way to further filter it so that it's just from the data layer? – Austin Sep 10 '18 at 18:16
  • 1
    I haven't really used PDML much, so I'm not that familiar with its capabilities. I don't know if that's what the '-j' or '-J' options are for, but they appear to be broken to me, worthy of a bug report at https://bugs.wireshark.org/bugzilla/ – Christopher Maynard Sep 10 '18 at 18:46
0

Hope I don’t get the question wrong :/

You have a pretty cool packet.show() function which looks somewhat similar to wireshark

enter image description here

You can also try pdf-dumping packet.pdfdump() (or svg-dumping with github version)

enter image description here

Cukic0d
  • 5,111
  • 2
  • 19
  • 48
  • Thanks. I think what I actually need is something to decode DIS IEEE standard raw data, maybe like open-dis-python github repository. – Austin Sep 12 '18 at 19:40