stackoom
  简体   繁体   中英

Get full hexdump of parsed packet in Pyshark

 原文  2014-12-11 17:43:12       python/ pyshark

Question

I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True. 

>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'

>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'

How can I get hexdump of full packet?

2 answers

solution1
 1 ACCPTED  2014-12-12 07:07:43

Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.

As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).

solution2
 0  2016-08-04 22:34:44

如果你需要解析你的数据包(在使用完整数据包的hexdump之前),你可以看看pyshark_parser

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question saving hexdump(packet) to list in scapy pyshark - data from TCP packet Pyshark does not capture any packet Pyshark read all values from a packet as dictionary How to decode a packet in PyShark as decode_as How to send a pyshark packet to specific network interface? pyshark can not capture the packet on windows 7 (python) pyshark Cannot access data regarding packet Difference between PyShark and TShark Packet Count How to convert pyshark packet to binary value
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM