Python¶
Basics¶
>>> import disspcap
>>> pcap = disspcap.Pcap('path_to_pcap')
>>> packet = pcap.next_packet()
Now we can inspect packet.
>>> packet.ethernet.source
73:15:B8:A6:58:73
>>> packet.ethernet.type
IPv4
>>> packet.ipv4.destination
105.190.108.167
>>> packet.ipv4.protocol
TCP
>>> packet.tcp.destination_port
22
Examples¶
Simple statistics¶
import disspcap
ethernet_packets = 0
ipv4_packets = 0
ipv6_packets = 0
tcp_packets = 0
udp_packets = 0
pcap = disspcap.Pcap('path_to_pcap')
packet = pcap.next_packet()
while packet:
if (packet.ethernet):
ethernet_packets += 1
if (packet.ipv4):
ipv4_packets += 1
if (packet.ipv6):
ipv6_packets += 1
if (packet.udp):
udp_packets += 1
if (packet.tcp):
tcp_packets += 1
packet = pcap.next_packet()
print(f'Number of ethernet packets {ethernet_packets}')
print(f'Number of ipv4 packets {ipv4_packets}')
print(f'Number of ipv6 packets {ipv6_packets}')
print(f'Number of udp packets {udp_packets}')
print(f'Number of tcp packets {tcp_packets}')
DNS¶
import disspcap
i = 1
pcap = disspcap.Pcap('path_to_pcap')
packet = pcap.next_packet()
while packet:
if packet.dns:
if packet.dns.qr == 1:
print(f'\nPacket #{i}:')
print(' Answers: ')
for ans in packet.dns.answers:
print(f' {ans}')
print(' Authoritatives: ')
for auth in packet.dns.authoritatives:
print(f' {auth}')
print(' Additionals: ')
for add in packet.dns.additionals:
print(f' {add}')
i += 1
packet = pcap.next_packet()