<div dir="ltr">I also found this:<div><br></div><div><a href="http://code.google.com/p/py-greppcap/">http://code.google.com/p/py-greppcap/</a><br></div><div><br></div><div style>Which I can leverage to do what I want but I also get that dnet error!</div>
<div style><br></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br>Kevin Holleran<br>Master of Science, Computer Information Systems<br>Grand Valley State University<br>Master of Business Administration<br>
Western Michigan University<br><span style="font-family:arial;font-size:small">SANS GCFA, </span>SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP<br><div><br>"Do today what others won't, do tomorrow what others can't" - SEALFit<div>
<br></div><div>"We are what we repeatedly do. Excellence, then, is not an act, but a habit." - Aristotle<br></div></div></div></div>
<br><br><div class="gmail_quote">On Tue, Jan 22, 2013 at 10:15 PM, Kevin Holleran <span dir="ltr"><<a href="mailto:kdawg44@gmail.com" target="_blank">kdawg44@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Thanks, I have been trying to get it to work but I am on Mac OS 10.8.2. I tried to get it from Macports and download/install it myself. Both seem to get me to here:<div><br></div><div><div>ImportError: No module named dnet</div>
</div><div><br></div><div>I tried to download libdnet but no matter what I do this is what I get. Granted I am doing;</div><div>
<p><span>from</span> scapy.all <span>import</span> *</p><p><br></p><p>But I have no idea what I need. I am not trying to craft packets but filter packets based on tcp.dstport 80 & frame matches signin.aspx. Then my goal is to parse the data looking for post vars txtUserId & txtPwd and extract them, dumping them to the screen as userid_value => password.</p>
<p><br></p><p>Thanks for your help.</p></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br>Kevin Holleran<br>Master of Science, Computer Information Systems<br>Grand Valley State University<br>
Master of Business Administration<br>Western Michigan University<br><span style="font-family:arial;font-size:small">SANS GCFA, </span>SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP<br><div><br>"Do today what others won't, do tomorrow what others can't" - SEALFit<div>
<br></div><div>"We are what we repeatedly do. Excellence, then, is not an act, but a habit." - Aristotle<br></div></div></div></div><div><div class="h5">
<br><br><div class="gmail_quote">On Tue, Jan 22, 2013 at 10:03 PM, Dave Angel <span dir="ltr"><<a href="mailto:d@davea.name" target="_blank">d@davea.name</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div>On 01/22/2013 08:32 PM, Kevin Holleran wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is there a way to parse out a wireshark pcap file and extract key value<br>
pairs from the data? I am illustrated a sniff of some traffic and why it<br>
needs utilize HTTPS instead of HTTP but I was hoping to run the pcap<br>
through a python script and just output some interesting key value<br>
pairs....<br>
<br>
</blockquote>
<br></div></div>
Sure. scapy can create and/or parse pcap files.<br>
<br>
<a href="http://pypi.python.org/pypi/Scapy" target="_blank">http://pypi.python.org/pypi/<u></u>Scapy</a><span><font color="#888888"><br>
<br>
<br>
-- <br>
DaveA<br>
-- <br>
<a href="http://mail.python.org/mailman/listinfo/python-list" target="_blank">http://mail.python.org/<u></u>mailman/listinfo/python-list</a><br>
</font></span></blockquote></div><br></div></div></div>
</blockquote></div><br></div>