使用 pyshark 从 Pcap 文件打印 tcp payload
Print tcp payload from Pcap file with pyshark
下载 pcap 文件
import binascii
import pyshark
cap = pyshark.FileCapture('200722_tcp_anon.pcapng')
for pkt in cap:
text = pkt.tcp.payload.raw_payload
print(text)
cap.close()
但是我得到一个错误
Traceback (most recent call last):
File "main.py", line 7, in <module>
text = pkt.tcp.payload.raw_payload
File "C:\Users\User\AppData\Local\Programs\Python\Python37-32\lib\site-packages\pyshark\packet\layer.py", line 36, in __getattr__
raise AttributeError()
AttributeError
这是为什么?
这个 AttributeError 被抛出,因为这一行的这个:
text = pkt.tcp.payload.raw_payload
您需要在查询和打印 TCP 负载
之前进行一些过滤
import pyshark
pcap_file = '200722_tcp_anon.pcapng'
capture = pyshark.FileCapture(pcap_file, display_filter='tcp')
for packet in capture:
field_names = packet.tcp._all_fields
field_values = packet.tcp._all_fields.values()
for field_name in field_names:
for field_value in field_values:
if field_name == 'tcp.payload':
print(f'{field_name} -- {field_value}')
打印输出
tcp.payload -- 7875
tcp.payload -- 2000
tcp.payload -- 7875
tcp.payload -- 0
tcp.payload -- 6
tcp.payload -- 1
tcp.payload -- 532420307
tcp.payload -- 7
tcp.payload -- 1
tcp.payload -- 2978637660
tcp.payload -- 20
tcp.payload -- 0x00000018
...truncated
这是我使用 pyshark.
编写的 GitHub 文档
import binascii
import pyshark
cap = pyshark.FileCapture('200722_tcp_anon.pcapng')
for pkt in cap:
text = pkt.tcp.payload.raw_payload
print(text)
cap.close()
但是我得到一个错误
Traceback (most recent call last):
File "main.py", line 7, in <module>
text = pkt.tcp.payload.raw_payload
File "C:\Users\User\AppData\Local\Programs\Python\Python37-32\lib\site-packages\pyshark\packet\layer.py", line 36, in __getattr__
raise AttributeError()
AttributeError
这是为什么?
这个 AttributeError 被抛出,因为这一行的这个:
text = pkt.tcp.payload.raw_payload
您需要在查询和打印 TCP 负载
之前进行一些过滤import pyshark
pcap_file = '200722_tcp_anon.pcapng'
capture = pyshark.FileCapture(pcap_file, display_filter='tcp')
for packet in capture:
field_names = packet.tcp._all_fields
field_values = packet.tcp._all_fields.values()
for field_name in field_names:
for field_value in field_values:
if field_name == 'tcp.payload':
print(f'{field_name} -- {field_value}')
打印输出
tcp.payload -- 7875
tcp.payload -- 2000
tcp.payload -- 7875
tcp.payload -- 0
tcp.payload -- 6
tcp.payload -- 1
tcp.payload -- 532420307
tcp.payload -- 7
tcp.payload -- 1
tcp.payload -- 2978637660
tcp.payload -- 20
tcp.payload -- 0x00000018
...truncated
这是我使用 pyshark.
编写的 GitHub 文档