Is it possible to read a pcap file from byte string with scapy?

Question

I want to download a pcap from site.com/pcap.pcap, and determine if it has DNS records, using scapy. However, I don't want to ever write the file to disk. so something like

import requests
response=requests.get('site.com/pcap.pcap')
pcap_in_memory_as_bytes = response.content
some_scapy_func_that_finds_dns_traffic(pcap_in_memory_as_bytes)

Is it possible to do this with scapy? I tried a few things which seemed to fail. Searching for whether this was possible seemed to turn up nil.

score 1 · Answer 1 · answered Jun 15 '20 at 05:33

You can use a BytesIO to read without storing the file locally

from scapy.utils import rdpcap
from io import BytesIO
pktpcap = rdpcap(BytesIO(response.content))

Afterwards you can check the file using for instance:

from scapy.layers.dns import *
for pkt in pktpcap:
    if DNS in pkt:
        .....

Is it possible to read a pcap file from byte string with scapy?

1 Answers1