I'm using rdpcap
function of Scapy to read a PCAP file.
I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets.
I noticed that parsing a large PCAP file the rdpcap
function takes too much time to read it.
Is there a solution to read a pcap
file faster?
Scapy has another method sniff
which you can use to read the pcap files too:
def method_filter_HTTP(pkt):
#Your processing
sniff(offline="your_file.pcap",prn=method_filter_HTTP,store=0)
rdpcap
loads the entire pcap file to the memory. Hence it uses a lot of memory and as you said its slow. While sniff
reads one packet at a time and passes it to the provided prn
function. That store=0
parameter ensures that the packet is deleted from memory as soon as it is processed.