I have a very large pcap file and I want to create a script that will give me (in addition to the attributes that wireshark gives me) the payload and the number of incoming / outgoing packets.
I was thinking of using something like this below, but I'm not sure if there is a more efficient way to do this? :
from scapy.all import *
data = "Eavesdrop_Data.pcap"
a = rdpcap(data)
os.system("tshark -T fields -e _ws.col.Info -e http -e frame.time -e"
"data.data -w Eavesdrop_Data.pcap > Eavesdrop_Data.txt -c 1000")
os.system("tshark -r Eavesdrop_Data.pcap -Y Eavesdrop_Data_http.pcap")
sessions = a.sessions()
i = 1
for session in sessions:
http_payload = ""
for packet in sessions[session]:
print packet
source
share