TechQA.

Get full hexdump of parsed packet in Pyshark

4k views Asked by At

I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True. 

>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'

>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'

How can I get hexdump of full packet?

python pyshark
Original Q&A
2

There are 2 answers

2
KimiNewt On BEST ANSWER

Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.

As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).

3
A. STEFANI On

If you need to parse your packet (before having the hexdump of full packet) you may have you a look on pyshark_parser

Related Questions in PYTHON

Related Questions in PYSHARK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions