pyshark - data from TCP packet

python wireshark packet-capture pyshark
Cru Jones picture Cru Jones · May 9, 2015 · Viewed 12.2k times · Source

Is there anyway to get the payload of a TCP packet using pyshark?

I am trying to compare the data sections of different packets across multiple TCP streams but I can't find a way to get at the data of the packet. pkt['tcp'].data does not seem to exist.

Answer

Chandan picture Chandan · Oct 4, 2015

If you are using a .pcap file, once you have read the file using

cap = pyshark.FileCapture('vox.pcap')

and say, you want to read the data of the 2nd packet, and you are sure such a field exists, try:

pkt = cap[1]
print pkt.tcp.data

To see the options available for pkt.tcp, use:

dir(pkt.tcp)

It will return all the available options for pkt.tcp

Related questions

Is there an API for Wireshark, to develop programs/plugins that interact with it/enhance it?

Googling didn't give me great results. Is there any sort of API for Wireshark that abstracts away from the main source code so we can develop programs that interact with it and deal with the data it provides? edit: I …

Read More
How to parse protobuf packets in Wireshark

My goal is to have a plugin/dissector that can parse a protocol based on protobuf (UDP). I found on the web an Auto-generate Wireshark/Ethereal dissector plugins for Protocol Buffer messages: https://code.google.com/archive/p/protobuf-wireshark/ when …

Read More
How do I list all files of a directory?

How can I list all files of a directory in Python and add them to a list?

Read More