Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Writing to a pcap with scapy

Tags:

python

pcap

scapy

I'm trying to write to a pcap file once I filter out all NBNS traffic. This is giving me a syntax error.

from scapy.all import *

Capture = raw_input("Enter file path of pcap file: " )
pcap = rdpcap(Capture)

ports=137

filtered = (pkt for pkt in Capture if
    (UDP in pkt and 
    (pkt[UDP].sport in str(ports)))

wrpcap("filtered.pcap",filtered)

I found the answer for the syntax error was just a missing parenthesis at the end of ...str(ports)))) but now I have a different error. 

  File "receiver2.py", line 18, in <module>
    wrpcap("filtered.pcap",filtered)
  File "/usr/lib/python2.7/dist-packages/scapy/utils.py", 
    line 470, in wrpcap
  PcapWriter(filename, *args, **kargs).write(pkt)
  File "/usr/lib/python2.7/dist-packages/scapy/utils.py", line 652, in write
    for p in pkt:
  File "receiver2.py", line 13, in <genexpr>
    (UDP in pkt and 
  TypeError: 'in <string>' requires string as left operand, not Packet_metaclass
like image 547
Julie Brady Avatar asked Nov 16 '15 16:11

Julie Brady

People also ask

How do I send packets with Scapy?

Sending packets The send() function will send packets at layer 3. That is to say, it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.

How do I read a pcap file in Scapy?

Reading a pcap file with Scapy, is commonly done by using rdpcap() . This function reads the whole file and load it up in memory, depending on the size of the file you're trying to read can take quite some memory.

Is Scapy safe to use?

Is scapy safe to use? The python package scapy was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use.

1 Answers

I was trying out your script but couldn't get it going the way it was written. I changed it a bit and I think it does what you need. Hope this helps.

from scapy.all import *

capture = raw_input("Enter file path of pcap file: " )
pcap = rdpcap(capture)

ports=137

def write(pkt):
    wrpcap('filtered.pcap', pkt, append=True)  #appends packet to output file

for pkt in pcap:
    if pkt.haslayer(UDP) and pkt.getlayer(UDP).sport == ports:  #checks for UDP layer and sport 137
        write(pkt)  #sends the packet to be written if it meets criteria
    else:
        pass
like image 129
Noob123 Avatar answered Sep 30 '22 22:09

Noob123
Sign in to Comment

Related questions

Efficiently find indices of nearest points on non-rectangular 2D grid
Django Rest Framework, passing attributes in the url
Returning ranked search results using gin index with sqlalchemy
Importing a Python module works from command line, but not from PyCharm
Using same library with different version across virtual environment
In Python, how do I refer to an XML tag that contains a hyphen
Pandas: Exponentially decaying sum with variable weights
Cython ndarray with arbitrary dimensions
Vaultier is unusable for docker/ubuntu/debian (Python)
How to detect black and gray from an image
Open a file, read content, make content into a list using regex, then print list in python
Use Python alongside C# in Windows UWP app
Use Regex to extract file path and save it in python
how to read Mat v7.3 files in python ?
How to get the path of the Python library from within Python
cython: relative cimport beyond main package is not allowed
Recursive traversal of a dictionary in python (graph traversal)
Python3 - 'Lock wait timeout exceeded; try restarting transaction' and only process on the database
Find same data in two DataFrames of different shapes
Django Rest Framework: redirect to Amazon S3 fails when using Token Authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!