How to get payload from a packet with dpkt?

Question

I am getting the payload of tcp packet using scapy easily :

def handle_pkt(pkt):
    try :
        pay_load_tcp = pkt[IP].load
    except :
        pay_load_tcp = ""


for packet in PcapReader(filename):
    if TCP in packet and packet[IP].dst == '192.168.1.1':
        handle_pkt(packet)

How can I get the same payload(Just the text info on the packet) using dpkt library?

score 0 · Answer 1 · answered Aug 16 '22 at 20:26

Maybe not the perfect way, but we can get the payload using the dpkt library as follows:

f = open(pcap_file,'rb')
pcap = dpkt.pcap.Reader(f)

for _, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)

    if not isinstance(eth.data,dpkt.ip.IP):
        #print("NOT IP Packet")
        continue

    ip = eth.data

    if isinstance(ip.data, dpkt.tcp.TCP):
        if inet_to_str(ip.src)!='192.168.1.2' :
            continue
        tcp = ip.data
        counter = counter + 1
        #seq_num = tcp.seq
        payload = bytes(ip.data)
        print("counter = {} , Payload = {} ".format(counter,payload[32:]))
        #if seq_num > cur_seq and 
        if payload[32:] != b'':
            #cur_seq = seq_num  
            handle_pkt(payload[32:])

How to get payload from a packet with dpkt?

1 Answers1