want to export some of the packets from a big pacp file to another file.
grant.b.edwards at gmail.com
Thu Apr 5 14:33:56 EDT 2018
On 2018-04-05, supswain at gmail.com <supswain at gmail.com> wrote:
> I am using dpkt python package to parse .pcap file and I am able to do successfully.
> My requirement is to filter some of the traffic from the big .pcap
> file and to export the result to another file.
> I don't know how to do this.
The easiest way is to use tcpdump on the command line.
Let's say you've got a huge file (huge.pcap), and all you want to see is TCP traffic to/from
tcpdump -r huge.pcap -w output.pcap tcp and host 10.0.0.104
If you insist on doing it in Python, then use can use pylibpcap to
read/parse the file.
When reading the file, you can use the normal capture filters that you
use with tcpdump. Once you've read the packet, you can apply your own
logic if you want. I don't recall ever trying to install it on
windows. It requires the pcap library, which is available for Windows.
I don't recall that it has methods to write a file, so you may have to
roll that bit yourself.
If you want to write something from scratch, here's the file format:
You should be able to use ctypes to directly access the winpcap
library if you want to:
Grant Edwards grant.b.edwards Yow! ! Up ahead! It's a
at DONUT HUT!!
More information about the Python-list