why does my code show this error when using Pyshark library

Question

while am trying to use pyshark for some ctf tasks i got this output:

traceback (most recent call last): File "test.py", line 5, in if ("TCP" or "TLSv1.2") and ((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100")) in packet: File "/home/shanx/.local/lib/python2.7/site-packages/pyshark/packet/packet.py", line 119, in getattr raise AttributeError("No attribute named %s" % item) AttributeError: No attribute named ip

here's my python code :

import pyshark
capture = pyshark.FileCapture("/home/shanx/Desktop/TASKS1.1/advancedNetwork")
val=""
for packet in capture:
    if ("TCP" or "TLSv1.2") and ((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100")) in packet:
        val= val+packet.sll.unused
val.replace(":","")
print(val)

note: it worked just fine without this instruction:

((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100"))

question: is there any fair documentation or tutorials for these kind of libraries ?

thank you so much for answering!

Did you try the different ways of accessing the `ip` shown in the [docs](https://kiminewt.github.io/pyshark/)? — AMC, Nov 28 '19 at 22:05
Welcome to Stack Overflow! Please read the [help pages](https://stackoverflow.com/help), take the [SO tour](https://stackoverflow.com/tour), read about [how to ask good questions](https://stackoverflow.com/help/how-to-ask), as well as this [question checklist](https://codeblog.jonskeet.uk/2012/11/24/stack-overflow-question-checklist/). Also please learn how to create a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). Both previous comments are good points (i.e. please respond to them) — Ross Jacobs, Nov 29 '19 at 02:57
Alexander Cécile : I found a way using the "_all_fields" method — Feres Hammemi, Dec 03 '19 at 17:33

score 0 · Answer 1 · answered Nov 29 '19 at 13:17

This is an issue I also encountered on windows machines, but not linux machines.

I managed to bypass the problem by iterating through the whole capture file and appending every packet to an empty list:

packet_list = []
for packet in capture:
    packet_list.append(packet)

After this I could access attributes like ip.src from packet_list:

for packet in packet_list:
    if ("TCP" or "TLSv1.2") and ((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100")) in packet:
        val= val+packet.sll.unused

I am also new with pyshark so I don't know why does it work like this on windows, but it helped me.

thank you so much for your help but I think with large input of capture It will take double the time needed for processing my instruction so I found a way ! — Feres Hammemi, Dec 03 '19 at 17:34

score 0 · Accepted Answer · edited Dec 20 '19 at 21:02

I found a way while searching deeply in the docs, so for example if I need to know all the fields that can be provided by Pyshark for the ICMP packets , you have to type :

 val=pkt.icmp._all_fields
        print(val)

You will get this output:

$python3 test.py 
{'icmp.type': '0', 'icmp.code': '0', 'icmp.checksum': '0x0000fe60', 'icmp.checksum.status': '1', 'icmp.ident': '0', 'icmp.seq': '0', 'icmp.seq_le': '0', 'data': '5545734442425141434141494141422f65553841', 'data.data': '55:45:73:44:42:42:51:41:43:41:41:49:41:41:42:2f:65:55:38:41', 'data.text': 'UEsDBBQACAAIAAB/eU8A', 'data.len': '20'}

which is actually a dictionary that holds all the fields that you can access with python instructions !

Now you know what you can access and how !

why does my code show this error when using Pyshark library

2 Answers2