Re: want to export some of the packets from a big pacp file to another file.
Hi Anders, Actually in my setup I am capturing packets from Spirent using wire-shark and need to parse those captured files using python code. Sometimes captured .pcap file is too big so parsing each packet one by one is being too time consuming during TC automation. So instead of that I was searching for a python library package which will help me to export the required packets(IP,TCP,UDP,Ethernet frame) from te big captured file and store in another .pcap file. Later I can use dpkt package to parse the content of the smaller captured file. -- https://mail.python.org/mailman/listinfo/python-list
Re: want to export some of the packets from a big pacp file to another file.
On 2018-04-05, supsw...@gmail.com wrote: > Hi, > > I am using dpkt python package to parse .pcap file and I am able to do > successfully. > > My requirement is to filter some of the traffic from the big .pcap > file and to export the result to another file. > > I don't know how to do this. The easiest way is to use tcpdump on the command line. Let's say you've got a huge file (huge.pcap), and all you want to see is TCP traffic to/from 10.0.0.104: tcpdump -r huge.pcap -w output.pcap tcp and host 10.0.0.104 If you insist on doing it in Python, then use can use pylibpcap to read/parse the file. https://sourceforge.net/projects/pylibpcap/files/pylibpcap/ When reading the file, you can use the normal capture filters that you use with tcpdump. Once you've read the packet, you can apply your own logic if you want. I don't recall ever trying to install it on windows. It requires the pcap library, which is available for Windows. I don't recall that it has methods to write a file, so you may have to roll that bit yourself. If you want to write something from scratch, here's the file format: https://wiki.wireshark.org/Development/LibpcapFileFormat You should be able to use ctypes to directly access the winpcap library if you want to: https://www.winpcap.org/ -- Grant Edwards grant.b.edwardsYow! ! Up ahead! It's a at DONUT HUT!! gmail.com -- https://mail.python.org/mailman/listinfo/python-list
Re: want to export some of the packets from a big pacp file to another file.
På Thu, 5 Apr 2018 08:06:10 -0700 (PDT) supsw...@gmail.com skrev: > Hi, > > I am using dpkt python package to parse .pcap file and I am able to do > successfully. > > My requirement is to filter some of the traffic from the big .pcap file > and to export the result to another file. > > I don't know how to do this. What kind of filtering do you need? In many cases it would be faster and more convenient to use wireshark or other similar tools as a pass-through filter, rather than rolling your own. -- //Wegge -- https://mail.python.org/mailman/listinfo/python-list