38 lines
1.4 KiB
Python
38 lines
1.4 KiB
Python
from scapy.all import * #pull in all of scapy -- you could do it other ways, but this makes it isomorphic to using scapy command line
|
|
import socket
|
|
import sys
|
|
import time
|
|
|
|
def main():
|
|
if len(sys.argv) > 1: #if we have a command line argument
|
|
try:
|
|
packets: PacketList = rdpcap(sys.argv[1])
|
|
#rdpcap is how we read a previously captured pcap file
|
|
except:
|
|
print("File read failure: %s not found" % sys.argv[1])
|
|
sys.exit(1)
|
|
else:
|
|
print("Need a pcap file to read!")
|
|
sys.exit(1)
|
|
#bpf = 'tcp and src host 192.168.86.228 and src port 80 and dst host 192.168.86.167'
|
|
#filtered = packets.filter(bpf)
|
|
#print(packets) #this gives us a nice summary of what we have in the pcap file
|
|
|
|
for p in packets[:5]: #let's only look at the first 100
|
|
packet : Packet = p
|
|
#we can filter based on what scapy calls "layers"
|
|
#each layer is a portion of a packet
|
|
#so a DNS packet would have an IP layer, a UDP layer, and a DNS layer
|
|
#ICMP would be IP, TCP, ICMP layers
|
|
#and because we're on an ethernet network, all of the above also has an ether layer
|
|
#let's not print DNS packets
|
|
#if not packet.haslayer(DNS):
|
|
# print(packet.summary)
|
|
lsc()
|
|
#packet.show() #print the contents of the packet
|
|
#print(packet.summary()) #we also can print out a summary of the packet, similar to tcpdump default output
|
|
time.sleep(0.2) #small pause between packets
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main() |