Print packet protocol type using PyShark

Question

I want to print all the protocols of the packet (ie: ICMP, ARP, TCP, UDP, etc.) but I am getting only TCP and UDP. I am using pyshark and python to capture packets.

import pyshark 

capture = pyshark.LiveCapture(interface='eth0')
capture.sniff(timeout=50)
for packet in capture.sniff_continuously():
    localtime = time.asctime(time.localtime(time.time()))
    protocol = packet.transport_layer
    src_addr = packet.ip.src
    src_port = packet[packet.transport_layer].srcport
    dst_addr = packet.ip.dst
    dst_port = packet[packet.transport_layer].dstport

    print (localtime,"\t",protocol,"\t", src_addr,"\t", src_port,"\t", dst_addr, "\t", dst_port)

Answer 1

The reason that you are only getting TCP and UDP packets is because you are calling the transport_layer .

Reference: Pyshark Dynamic Layer References

Here is one way to see the layers of an individual packet:

import pyshark

capture = pyshark.LiveCapture('en0')
for packet in capture:
    protocol = packet.layers
    print(protocol)
    filtered...
    [<ETH Layer>, <IP Layer>, <TCP Layer>, <NBSS Layer>, <SMB2 Layer>]
    [<ETH Layer>, <IP Layer>, <TCP Layer>]
    [<ETH Layer>, <IP Layer>, <UDP Layer>, <QUIC Layer>]
    [<ETH Layer>, <IP Layer>, <TCP Layer>, <HTTP Layer>]
    [<ETH Layer>, <IP Layer>, <TCP Layer>, <TLS Layer>]
    [<ETH Layer>, <ARP Layer>]
    truncated...

You can access the highest packet layer this way:

import pyshark

capture = pyshark.LiveCapture('en0')
for packet in capture:
    layer = packet.highest_layer
    print(layer)
    filtered...
    ARP
    DNS
    TCP
    HTTP
    UDP
    truncated...

I'm not sure what your use case is for parsing all the data related to a packet.

Here is a document that I wrote on parsing packet data with pyshark .

Here is some documentation for pyshark that provides information on parsing packet data.

If you need any additional help, please let me know and I will help you.