How can I save a filtered pyshark FileCapture to a new pcap file?

Question

I have a program that can scan a pcap file using pyshark.FileCapture and then print the filtered packets.

I want to save those packets to a new pcap file.

Code:

import pyshark
import os
import sys
from scapy.all import *

def save_to_pcap(cap, filename):
    new_cap = PcapWriter(filename, append=True)

    for packet in cap:
        new_cap.write(packet.get_raw_packet())

def load_pcap(filter_str, path):
    cap = pyshark.FileCapture(path, display_filter=filter_str)
    return cap

def main():
    cap = load_pcap('http', 'file.pcap')
    cap
    save_to_pcap(cap, 'results.pcap')

main()

I tried using scapy, but save_to_pcap() function does not work and this exception pops up:

Traceback (most recent call last):
  File "SharkAn.py", line 116, in <module>
    main()
  File "SharkAn.py", line 108, in main
    save_to_pcap(cap, filename)
  File "SharkAn.py", line 81, in save_to_pcap
    pcap = rdpcap(cap)
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 860, in rdpcap
    with PcapReader(filename) as fdesc:
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 883, in __call__
    filename, fdesc, magic = cls.open(filename)
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 914, in open
    magic = fdesc.read(4)
AttributeError: 'FileCapture' object has no attribute 'read'

Answer 1

Just did exactly what you want:

cap = pyshark.FileCapture('path.pcap', display_filter=filter_str, output_file='path_to_save.pcap')
cap.load_packets()

And this will save packets to 'path_to_save.pcap'

This method will loade captured file to memory. So scapy is not needed.