While developing some tasks for a course I’m taking on Computer Security, I had some trouble figuring out how to work with Scapy and Python.
This post is somewhat a record for myself for future reference.
Hopefully it can be useful to someone else =)
I may update this in the future (or not).
# Reads a pcap capture file
pkts = rdpcap("file.pcap")
# Shows packets contents
for pkt in pkts:
print '=' * 78
pkt.show()
# Get sessions
sessions = pkts.sessions()
# A filter example
newPkts = pkts.filter(lambda pkt: TCP in pkt and pkt[TCP].sport==80)
# Deleting an atribute (eg. checksum) from a packet
del pkt2.chksum
Useful links:
- Scapy
- Scapy Usage
- Scapy Quick demo : an interactive session
- Reconstruct HTTP Webpage from libpcap python script
Some scripts:
Etc: