0

I am trying to use pyshark to put all of the ip src or dst into a list, which I later want to graph with matplotlib, to see which IP addresses sent or received the most traffic(not trying to do both at once). However, when I iterate through the packets of my capture, I print the list after each packet until I hit an IPV6 packet(I think) with a destination address of 'ff02::fb', and I get an error that says "KeyError: 'layer does not exist in packet'" I am trying to find a way around this so I can graph the results.

cap = pyshark.FileCapture('p-02.pcap')
ipList = []

for packet in cap:
    if ("IP" in str(packet.layers)):
        thisip = packet['ip'].dst
        ipList.append(thisip)
        print(ipList)

Here are the results:

Results

brotherbrick
  • 3
  • 1

1 Answers1

0

IPv6 packets are in the IPV6 Layer in packet.layers

and standard IPv4 packers are in the IP Layer in packet.layers

Here is some basic code to access these packets.

import pyshark 

capture = pyshark.FileCapture(input_file='your_pcap_file_name')
for packet in capture:
    if 'IPV6 Layer' in str(packet.layers):
        print('do something with IPV6 packets')
    if 'IP Layer' in str(packet.layers):
        print('do something with IPV4 packets')

output

do something with IPV4 packets
do something with IPV6 packets
do something with IPV4 packets
do something with IPV6 packets
do something with IPV4 packets

Also here is an older Github Project that I did on using Pyshark for packet analysis. I'm in the process of updating this project with more formal documentation.

Life is complex
  • 15,374
  • 5
  • 29
  • 58