want to export some of the packets from a big pacp file to another file.
Grant Edwards
grant.b.edwards at gmail.com
Thu Apr 5 14:33:56 EDT 2018
On 2018-04-05, supswain at gmail.com <supswain at gmail.com> wrote:
> Hi,
>
> I am using dpkt python package to parse .pcap file and I am able to do successfully.
>
> My requirement is to filter some of the traffic from the big .pcap
> file and to export the result to another file.
>
> I don't know how to do this.
The easiest way is to use tcpdump on the command line.
Let's say you've got a huge file (huge.pcap), and all you want to see is TCP traffic to/from
10.0.0.104:
tcpdump -r huge.pcap -w output.pcap tcp and host 10.0.0.104
If you insist on doing it in Python, then use can use pylibpcap to
read/parse the file.
https://sourceforge.net/projects/pylibpcap/files/pylibpcap/
When reading the file, you can use the normal capture filters that you
use with tcpdump. Once you've read the packet, you can apply your own
logic if you want. I don't recall ever trying to install it on
windows. It requires the pcap library, which is available for Windows.
I don't recall that it has methods to write a file, so you may have to
roll that bit yourself.
If you want to write something from scratch, here's the file format:
https://wiki.wireshark.org/Development/LibpcapFileFormat
You should be able to use ctypes to directly access the winpcap
library if you want to:
https://www.winpcap.org/
--
Grant Edwards grant.b.edwards Yow! ! Up ahead! It's a
at DONUT HUT!!
gmail.com
More information about the Python-list
mailing list