I'm new to Python. I'm reading pcap file using scapy, i want to fetch dport number by specifying particular ip addresses, I have something like below
from scapy.all import *
pkts = rdpcap('example.pcap')
for pkt in pkts:
if IP in pkt:
ip_src=pkt[IP].src
ip_dst=pkt[IP].dst
if TCP in pkt:
tcp_sport=pkt[TCP].sport
tcp_dport=pkt[TCP].dport
print " IP src " + str(ip_src) + " TCP sport " + str(tcp_sport)
print " IP dst " + str(ip_dst) + " TCP dport " + str(tcp_dport)
if ( ( pkt[IP].src == "10.116.206.114") or ( pkt[IP].dst == "10.236.138.184") ):
print("!")
pcap file
required output
here in the above code i'm getting both results as shown below
IP src 10.116.206.114 TCP dport 443
IP dst 10.236.138.184 TCP dport 443
----
IP src 10.236.138.184 TCP dport 12516
IP dst 10.116.206.114 TCP dport 12516
.
.
so on, but i want only with specific src and dst ip which i specify like below i dont want both dport numbers.
IP src 10.116.206.114 TCP dport 443
IP dst 10.236.138.184 TCP dport 443
----
IP src 10.116.206.114 TCP dport 22
IP dst 10.236.138.184 TCP dport 22
Please suggest a method and explain how to fetch dport number from specific ip address. Thank you!
