Counting the number of SYN and ACK packets using Python and Scapy

Question

I am analysing a pcap file using Python and Scapy.

Currently, I have it counting the number of packets

I would like to count the number of SYN and ACK packets, is there a way to do this?

My main piece of code thus far is

    for (pkt_data, pkt_metadata,) in RawPcapReader(file_name):
      count+=1

Please, include a minimal, reproducible code https://stackoverflow.com/help/minimal-reproducible-example — alec_djinn, Oct 13 '20 at 13:42

score 1 · Answer 1 · answered Oct 16 '20 at 20:08

the code is the folowing:

import scapy.all as scapy
from scapy.layers.inet import TCP

pkt_count = 0
pkt_tcp_ack_count = 0
pkt_tcp_syn_count = 0

for pkt in scapy.PcapReader(file_name):
    pkt_count += 1
    if TCP in pkt:
        if "A" in pkt[TCP].flags:
            pkt_tcp_ack_count += 1
        if "S" in pkt[TCP].flags:
            pkt_tcp_syn_count += 1


print("pkt_count: %d" % pkt_count)
print("pkt_tcp_ack_count: %d" % pkt_tcp_ack_count)
print("pkt_tcp_syn_count: %d" % pkt_tcp_syn_count)

now, a bit of context. Scapy is building all the layers, so you can simply query for their presence in the packet.

for a given packet you can run:

pkt.show()

which show you how the packet has been decoded by scapy

Counting the number of SYN and ACK packets using Python and Scapy

1 Answers1