Pyshark - data from TCP packet

Question

Pyshark - data from TCP packet

Is there anyway to get the TCP packet payload using pyshark?

I am trying to compare data sections of different packets over multiple TCP streams, but I cannot find a way to get the packet data. pkt['tcp'].data

doesn't seem to exist.

+3

python wireshark packet-capture pyshark

Cru jones May 09 '15 at 18:34

source to share

2 answers

Chandan · Answer 1 · 2015-10-04T09:12:20+0000

If you are using a .pcap file, once you read the file using

cap = pyshark.FileCapture('vox.pcap')

and say that you want to read the data of the second packet and you are sure that such a field exists, try:

pkt = cap[1]
print pkt.tcp.data

To view the options available for pkt.tcp use:

dir(pkt.tcp)

It will return all available options for pkt.tcp

bennyk · Answer 2 · 2017-11-21T14:23:59+0000

You can do:

import pyshark
import sys

cap = pyshark.FileCapture(sys.argv[-1])
for i in cap:
    try:
        print(i.data.data)
    except:
        print("no data")

Pyshark - data from TCP packet

More articles: