From e38d19f9666d3a7fcb2000eda30a086616501077 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Thu, 12 Jan 2023 13:43:57 -0500 Subject: [PATCH] Update another_scapy_sniffer_walkthrough.md --- .../another_scapy_sniffer_walkthrough.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md b/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md index f81a5ed..76ef21c 100644 --- a/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md +++ b/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md @@ -39,3 +39,35 @@ sniff(prn=packet_callback, filter="tcp", count=1) ``` This script uses the `wrpcap()` function from Scapy to save the captured packets to a `pcap` file named "captured_packets.pcap". The `append=True` argument is used to append the packets to the file instead of overwriting it. + +## Reading pcap files and manipulating the packets + +Here is a Python script that uses the Scapy library to read a pcap file and import it: + +``` +from scapy.all import * + +# read the pcap file +packets = rdpcap("captured_packets.pcap") + +# iterate through the packets +for packet in packets: + print(packet.show()) + +``` +This script uses the `rdpcap()` function from Scapy to read the pcap file named "captured_packets.pcap" and store it in the packets variable. The packets are then iterated through using a for loop, and the `show()` function is used to display the packet information. + +You can also use `ls()` function to list out the layers of the packet. + +``` +for packet in packets: + print(packet.ls()) +``` +It's also possible to filter the packets based on specific layer or field. + +``` +# filter packets based on destination IP +filtered_packets = [p for p in packets if p.haslayer(IP) and p[IP].dst == "10.1.1.2"] +``` + +It's important to note that this script assumes that the pcap file is in the same directory as the script, and the file name is "captured_packets.pcap".