All geek questions in one place

Get the full hexdump of the analyzed package in Pyshark

I use Pyshark to parse a package from a pcap file.

I have a parsed package object. Separately, I can get the hex_value of each field after changing the raw_mode attribute to True.

>>> packet = pyshark.FileCapture("ip_packet.pcap") >>> packet_1 = packet[0] >>> packet_1.layers() [<ETH Layer>, <IP Layer>, <DATA Layer>] >>> packet_1.ip.addr '192.168.1.5' >>> packet_1.ip.raw_mode = True >>> packet_1.ip.addr 'c0a80105'

How can I get the hexdump of the full package?

+5
source share
2 answers

Sorry, you cannot right now. Pyshark parses the output of tshark, which does not contain the source bytes of the packet. You can try to โ€œreassembleโ€ the package yourself, but I would not recommend it.

Be that as it may, this function can be added, but at the moment it is not possible if you want me to specifically suggest you use another package or analyze only packages (without any protocols) myself or using construct (or other similar packages).

+1
source

If you need to analyze your package (before having the hexdump of the full package), you can look at pyshark_parser

0
source

Source: https://habr.com/ru/post/1208836/

More articles:


All Articles