Update another_scapy_sniffer_walkthrough.md

2024-11-24 11:53:02 +00:00 · 2023-01-12 13:43:57 -05:00 · 2023-01-12 13:43:57 -05:00 · e38d19f966
commit e38d19f966
parent 46886af1b2
1 changed files with 32 additions and 0 deletions
--- a/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md
+++ b/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md
@ -39,3 +39,35 @@ sniff(prn=packet_callback, filter="tcp", count=1)
 ```

 This script uses the `wrpcap()` function from Scapy to save the captured packets to a `pcap` file named "captured_packets.pcap". The `append=True` argument is used to append the packets to the file instead of overwriting it.
+
+## Reading pcap files and manipulating the packets
+
+Here is a Python script that uses the Scapy library to read a pcap file and import it:
+
+```
+from scapy.all import *
+
+# read the pcap file
+packets = rdpcap("captured_packets.pcap")
+
+# iterate through the packets
+for packet in packets:
+    print(packet.show())
+    
+```
+This script uses the `rdpcap()` function from Scapy to read the pcap file named "captured_packets.pcap" and store it in the packets variable. The packets are then iterated through using a for loop, and the `show()` function is used to display the packet information.
+
+You can also use `ls()` function to list out the layers of the packet.
+
+```
+for packet in packets:
+    print(packet.ls())
+```
+It's also possible to filter the packets based on specific layer or field.
+
+```
+# filter packets based on destination IP
+filtered_packets = [p for p in packets if p.haslayer(IP) and p[IP].dst == "10.1.1.2"]
+```
+
+It's important to note that this script assumes that the pcap file is in the same directory as the script, and the file name is "captured_packets.pcap".