Parse a Wireshark pcap file

Kevin Holleran kdawg44 at
Wed Jan 23 04:15:29 CET 2013

Thanks, I have been trying to get it to work but I am on Mac OS 10.8.2.  I
tried to get it from Macports and download/install it myself.  Both seem to
get me to here:

ImportError: No module named dnet

I tried to download libdnet but no matter what I do this is what I get.
 Granted I am doing;

from scapy.all import *

But I have no idea what I need.  I am not trying to craft packets but
filter packets based on tcp.dstport 80 & frame matches signin.aspx.  Then
my goal is to parse the data looking for post vars txtUserId & txtPwd and
extract them, dumping them to the screen as userid_value => password.

Thanks for your help.

Kevin Holleran
Master of Science, Computer Information Systems
Grand Valley State University
Master of Business Administration
Western Michigan University

"Do today what others won't, do tomorrow what others can't" - SEALFit

"We are what we repeatedly do. Excellence, then, is not an act, but a
habit." - Aristotle

On Tue, Jan 22, 2013 at 10:03 PM, Dave Angel <d at> wrote:

> On 01/22/2013 08:32 PM, Kevin Holleran wrote:
>> Is there a way to parse out a wireshark pcap file and extract key value
>> pairs from the data?  I am illustrated a sniff of some traffic and why it
>> needs utilize HTTPS instead of HTTP but I was hoping to run the pcap
>> through a python script and just output some interesting key value
>> pairs....
> Sure.  scapy can create and/or parse pcap files.
>**Scapy <>
> --
> DaveA
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Python-list mailing list