How to filter packets using IP source and destination addresses with Pyshark

Question

I've just try to use PYSHARK and filtering using BPF_filter = 'tcp' packets, however I am looking for filtering by source and destination IP addresses. The spript is shown below:

import pyshark

capture = pyshark.LiveCapture(interface=r'\Device\NPF_{707B2864-16B6-4E63-A44E-18BA00FC87EA}', bpf_filter='tcp and src.address=192.168.74.253  and dst.address=172.16.0.121', output_file=('../logs_capture/20221013_cap1.xdoc'))
capture.sniff(timeout=5)
capture
capture[3]
#<UDP/HTTP Packet>
for packet in capture.sniff_continuously(packet_count=5):
    print ('Just arrived:', packet)

Can anyone give me an hint?

score 1 · Accepted Answer · answered Oct 13 '22 at 21:31

1

BPF filters are specified using pcap-filter syntax. So in your case you'd use 'ip and tcp and src host 192.168.74.253 and dst host 172.16.0.121'.

answered Oct 13 '22 at 21:31

Christopher Maynard

5,702
2
17
23

Thank you. Now is filtering by IP hosts. – gercha2 Oct 24 '22 at 13:27

How to filter packets using IP source and destination addresses with Pyshark

1 Answers1