Re: Parse a Wireshark pcap file

Discussion in 'Python' started by Kevin Holleran, Jan 23, 2013.

  1. Thanks, I have been trying to get it to work but I am on Mac OS 10.8.2. I
    tried to get it from Macports and download/install it myself. Both seem to
    get me to here:

    ImportError: No module named dnet

    I tried to download libdnet but no matter what I do this is what I get.
    Granted I am doing;

    from scapy.all import *


    But I have no idea what I need. I am not trying to craft packets but
    filter packets based on tcp.dstport 80 & frame matches signin.aspx. Then
    my goal is to parse the data looking for post vars txtUserId & txtPwd and
    extract them, dumping them to the screen as userid_value => password.


    Thanks for your help.

    --
    Kevin Holleran
    Master of Science, Computer Information Systems
    Grand Valley State University
    Master of Business Administration
    Western Michigan University
    SANS GCFA, SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP

    "Do today what others won't, do tomorrow what others can't" - SEALFit

    "We are what we repeatedly do. Excellence, then, is not an act, but a
    habit." - Aristotle


    On Tue, Jan 22, 2013 at 10:03 PM, Dave Angel <> wrote:

    > On 01/22/2013 08:32 PM, Kevin Holleran wrote:
    >
    >> Is there a way to parse out a wireshark pcap file and extract key value
    >> pairs from the data? I am illustrated a sniff of some traffic and why it
    >> needs utilize HTTPS instead of HTTP but I was hoping to run the pcap
    >> through a python script and just output some interesting key value
    >> pairs....
    >>
    >>

    > Sure. scapy can create and/or parse pcap files.
    >
    > http://pypi.python.org/pypi/**Scapy <http://pypi.python.org/pypi/Scapy>
    >
    >
    > --
    > DaveA
    > --
    > http://mail.python.org/**mailman/listinfo/python-list<http://mail.python.org/mailman/listinfo/python-list>
    >
     
    Kevin Holleran, Jan 23, 2013
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave Angel

    Re: Parse a Wireshark pcap file

    Dave Angel, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    116
    Dave Angel
    Jan 23, 2013
  2. Kevin Holleran

    Re: Parse a Wireshark pcap file

    Kevin Holleran, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    174
    Kevin Holleran
    Jan 23, 2013
  3. Dave Angel

    Re: Parse a Wireshark pcap file

    Dave Angel, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    159
    Dave Angel
    Jan 23, 2013
  4. Kevin Holleran

    Re: Parse a Wireshark pcap file

    Kevin Holleran, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    188
    Kevin Holleran
    Jan 23, 2013
  5. Dennis Lee Bieber

    Re: Parse a Wireshark pcap file

    Dennis Lee Bieber, Jan 23, 2013, in forum: Python
    Replies:
    0
    Views:
    153
    Dennis Lee Bieber
    Jan 23, 2013
Loading...

Share This Page