I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file.
There is a tool called openDPI, and it's perfect for what I need, but there is no wrapper for python language.
Does anyone knows any python modules that can do what I need?
Thanks
Edit 1:
HTTP filtering was just an example, there is a lot of protocols that I want to filter.
Edit 2:
I tried Scapy, but I don't figure how to filter correctly. The filter only accepts Berkeley Packet Filter expression, i.e., I can't apply a msn, or HTTP, or another specific filter from upper layer. Can anyone help me?
To only display packets containing a particular protocol, type the protocol name in the display filter toolbar of the Wireshark window and press enter to apply the filter.
PCAP comes in a range of formats including Libpcap, WinPcap, and PCAPng. These PCAP files can be used to view TCP/IP and UDP network packets.
sniff supports a offline option wherein you can provide the pcap file as input. This way you can use the filtering advantages of sniff command on pcap file.
>>> packets = sniff(offline='mypackets.pcap')
>>>
>>> packets
<Sniffed: TCP:17 UDP:0 ICMP:0 Other:0>
Hope that helps !
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With