Get IPs from a PCAP file in scapy

Question

Get IPs from a PCAP file in scapy

Is there a smart and quick way to get all IP addresses from a PCAP file? I only need (destination address address, source address).

I am currently using the Scapy function rdpcapas follows:

from scapy.all import *
pcap = rdpcap('file.pcap')

ips = set([(p[IP].fields['src'], p[IP].fields['dst']) for p in pcap if p.haslayer(IP) == 1])

But on my machine, it takes about two minutes to parse a 70 MB PCAP file with 370 unique extracted records ...

+4

optimization pcap scapy

reox Nov 20 '13 at 10:23

source share

1 answer

Pierre · Accepted Answer · 2014-01-25T15:28:46+0000

The "best" way to do what I think (based on the code you provided, I suppose you want pairs (source IP address, destination IP address), not IP packets), you want:

>>> set((p[IP].src, p[IP].dst) for p in PcapReader('file.pcap') if IP in p)

PCAP, set .

, Scapy IP, IP:

>>> IP.payload_guess = []

.

Get IPs from a PCAP file in scapy

More articles: