Get full hexdump of parsed packet in Pyshark

Question

I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True.

>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'

>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'

How can I get hexdump of full packet?

Answer 1

Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.

As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).