I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True.
>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'
>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'
How can I get hexdump of full packet?
Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.
As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With