Stack Overflow
Stack Overflow

Questions tagged [pyshark]

PyShark is a Python wrapper allowing packet parsing using Wireshark dissectors. This package allows parsing from a capture file or a live capture, using all installed Wireshark dissectors.

PyShark is a Python wrapper allowing packet parsing using Wireshark dissectors. This package allows parsing from a capture file or a live capture, using all installed Wireshark dissectors.

189 questions
0
votes
1 answer

Detect ARP scan using python

I want to detect whether someone is performing ARP scan on network and display source IP. Unexpected no of ARP requests is sufficient to detect ARP scan. Here is my code-- import pyshark cap =…
goldy mata
  • 9
  • 5
0
votes
0 answers

python pyshark can't import file — os.path issue?

When I try to upload a file that is located in the app folder (app root) I have no issues however, if I want to upload a file that sits outside the app folder, i.e. in the Desktop, then I get the error below. I found a similar post post but it did…
wolfishCoder
  • 1
  • 3
0
votes
1 answer

C: Hook into tshark to get access to analyzed layers of packets

I want to get access to analyzed packet layer information (that tshark does very well) in a C program. Is there a library interface for tshark that can be used to gather analysis information from packets of a pcap file? PS: Higher layer languages is…
Bhakta Raghavan
  • 664
  • 6
  • 16
0
votes
1 answer

Accessing LayerFieldsContainer using variable in pyshark

I'm using pyshark to parse pcap files. I want to access layer fields using variable as shown in simple example below: For example to access ntp server ip: p = cap[0] print(p.bootp.option_ntp_server) However, I want to access it like…
bylds
  • 87
  • 1
  • 9
0
votes
1 answer

Is there a way to convert byte arrays to PyShark dataframe?

I used scapy to sniff packets, but Scapy can't return the packet info like PyShark(Wireshark). For example: >>> cap = pyshark.FileCapture('test.pcap', only_summaries=True) >>> cap[1].info 'FTP Data: 1460 bytes' >>> cap[2].info 'Response: 150…
user6456568
  • 579
  • 9
  • 23
0
votes
2 answers

Filter pcap pap protocol without pyshark

I want to access data in pap packets, currently i'm using pyshark with the following code import pyshark,sys cap = pyshark.FileCapture('test.pcap',display_filter='ppp && not ppp.length') for packet in cap: if…
MOHAMMAD RASIM
  • 335
  • 1
  • 6
  • 14
0
votes
2 answers

Parsing one field of PCAP file into a column in Python

I am currently work on a PCAP file and want to export of the one particular field(['TCP'].srcport) into a separate variable. The ['TCP'].srcport is not present for every row. it is present for the first 3 rows and not present for the remaining 3…
haimen
  • 1,985
  • 7
  • 30
  • 53
0
votes
1 answer

Decrypt SSL packets using PyShark

I am able to decrypt SSL packets in wireshark(GUI) using the private keys. In the same manner how to decrypt packets using PyShark (Programmatically). Is there any other way to do same task using any different programmatic approach ?
Ameya Kulkarni
  • 53
  • 1
  • 8
0
votes
1 answer

How to get protocol numbers in PCAP file?

Some protocols numbers are: 6 TCP Transmission Control [RFC793] ... 17 UDP User Datagram [RFC768] by IANA. import pyshark pkts = pyshark.FileCapture('testes.pcap') I just want to print all protocols number…
Ed S
  • 385
  • 8
  • 31
0
votes
1 answer

Pyshark Attribute Error while printing DNS info

I'm having some trouble with pyshark when acquiring DNS info of a packet. I am using python 3. My code looks like this: import pyshark cap = pyshark.LiveCapture(interface="en1") cap.sniff(timeout=5) def print_dns_info(pkt): …
luistripa
  • 37
  • 9
0
votes
1 answer

faster solution? : dpkt or pyshark via Cython

I'm looking to use dpkt or pyshark coupled with cython, to speed up parsing of a lot of data (GBs) in a pcap file. I wondered if anyone has run dpkt with cython OR pyshark with cython and could share the speed increases with me? Im specifically…
Jshee
  • 2,620
  • 6
  • 44
  • 60
0
votes
1 answer

Python - Does PyShark return relative sequence numbers?

I know that WireShark is built upon Tshark, and that WireShark displays relative sequence numbers in the GUI for TCP conversations. I know that PyShark is built upon Tshark. Does PyShark return relative sequence numbers for TCP conversations? Thank…
user3155053
  • 2,005
  • 2
  • 16
  • 16
0
votes
1 answer

How to continuously send data to kafka?

I'm trying to continuously send data (sniffed packets with tshark) to the kafka broker/consumer. Here are the steps I followed: 1. Started zookeeper: kafka/bin/zookeeper-server-start.sh ../kafka//config/zookeeper.properties 2. Started kafka…
HackCode
  • 1,837
  • 6
  • 35
  • 66
0
votes
0 answers

Pyshark / Tshark not going throught all packets

I have a problem when going througt an openfpc pcap file(1gb) with pyshark. When i use (in console, as root): lst = pyshark.FileCapture(TMP_NAME): for p in lst: if(p.highest_layer=="FTP"): print "win" It does not print anything, even if…
Azo
  • 36
  • 4
0
votes
1 answer

Pyshark interfaces in Live Capture

I need to capture live packets from more than one interface using Live Capture module in Pyshark. cap=pyshark.LiveCpature(interface='eth0') How can I add one more interface using Live Capture. Ex: I need to capture packets from interfaces eth0 and…
Kranti Kumar
  • 325
  • 2
  • 6
  • 16
1 2 3
12
13