i want to filter some headers in a wireshark capture (converted to text format) so i can analyse these set of headers.i need a python script to do this. any help would be appreciated
+1
A:
You might want to look at dpkt. It's a Python library to simplify reading (or generating) network data. Just save your Wireshark data as a Pcap stream and it can easily be opened from within Python.
I don't know exactly which headers you want or how you need them filtered and formatted, but here's an example of what you could write: (taken from a contributor's blog post)
import dpkt
pcap = dpkt.pcap.Reader(open('test.pcap'))
for timestamp, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
print 'Got data from port ' + str(tcp.port)
Karmastan
2010-07-01 17:58:25
i saved the test.cap file in the directory of python26 but eacht ime i run this script it keeps telling me there is no directory file named "test.pcap". is there a particular way that i have to save the pcap stream?
hollandspur
2010-07-02 10:43:18
Well, you said it yourself: you saved to "test.cap" and you're trying to open "test.pcap" (note the extra 'p').
Karmastan
2010-07-02 16:18:44