user1634254 user1634254 - 15 days ago 6
Python Question

Get specific bytes in payload from a pcap file

I have a PCAP file which I am parsing using Scapy,

I have managed to dump the payload to a hexdump by using the code bellow

pkts = rdpcap('Sink.pcap')
print hexdump(pkts[0][2].load)


I get the output

0000 00 00 00 *01* 58 2F AC 47 01 D8 1E 5F 00 00 00 01 ....X/.G..._....
0010 00 0A 5E 32 08 00 08 00 08 00 08 00 08 00 08 00 ..^2............
0020 08 00 08 00 08 00 08 00 08 00 08 00 08 00 08 00 ................
0030 08 00 08 00 08 00 08 00 08 00 08 00 ............
None


What I want to do is for example print only the 4th byte (0x01) that is. (Surrounded by stars), how would I do this? Do I convert the hexdump to a string and then do string parsing or can I use the Scapy library to achieve this operation?

Answer

Do you mean

print pkts[0][2].load[3]

or maybe as hex and char

val = pkts[0][2].load[3]
print "%x %s" % (ord(val), val)

Of course you can use it with hexdump too

print hexdump( pkts[0][2].load[3] )
Comments