Re: want to export some of the packets from a big pacp file to another file.

2018-04-07 Thread supswain 
Hi Anders,

Actually in my setup I am capturing packets from Spirent using wire-shark and 
need to parse those captured files using python code.

Sometimes captured .pcap file is too big so parsing each packet one by one is 
being too time consuming during TC automation.

So instead of that I was searching for a python library package which will help 
me to export the required packets(IP,TCP,UDP,Ethernet frame) from te big 
captured file and store in another .pcap file.

Later I can use dpkt package to parse the content of the smaller captured file.





-- 
https://mail.python.org/mailman/listinfo/python-list

Re: want to export some of the packets from a big pacp file to another file.

2018-04-05 Thread Grant Edwards 
On 2018-04-05, supsw...@gmail.com  wrote:
> Hi,
>
> I am using dpkt python package to parse .pcap file and I am able to do 
> successfully.
>
> My requirement is to filter some of the traffic from the big .pcap
> file and to export the result to another file.
>
> I don't know how to do this.

The easiest way is to use tcpdump on the command line.

Let's say you've got a huge file (huge.pcap), and all you want to see is TCP 
traffic to/from 
10.0.0.104:

  tcpdump -r huge.pcap -w output.pcap tcp and host 10.0.0.104

If you insist on doing it in Python, then use can use pylibpcap to
read/parse the file.

https://sourceforge.net/projects/pylibpcap/files/pylibpcap/

When reading the file, you can use the normal capture filters that you
use with tcpdump.  Once you've read the packet, you can apply your own
logic if you want.  I don't recall ever trying to install it on
windows. It requires the pcap library, which is available for Windows.
I don't recall that it has methods to write a file, so you may have to
roll that bit yourself.

If you want to write something from scratch, here's the file format:

https://wiki.wireshark.org/Development/LibpcapFileFormat

You should be able to use ctypes to directly access the winpcap
library if you want to:

https://www.winpcap.org/

-- 
Grant Edwards   grant.b.edwardsYow! !  Up ahead!  It's a
  at   DONUT HUT!!
  gmail.com

-- 
https://mail.python.org/mailman/listinfo/python-list

Re: want to export some of the packets from a big pacp file to another file.

2018-04-05 Thread Anders Wegge Keller 
På Thu, 5 Apr 2018 08:06:10 -0700 (PDT)
supsw...@gmail.com skrev:
> Hi,
> 
> I am using dpkt python package to parse .pcap file and I am able to do
> successfully.
> 
> My requirement is to filter some of the traffic from the big .pcap file
> and to export the result to another file.
> 
> I don't know how to do this.

 What kind of filtering do you need? In many cases it would be faster and
more convenient to use wireshark or other similar tools as a pass-through
filter, rather than rolling your own. 

-- 
//Wegge
-- 
https://mail.python.org/mailman/listinfo/python-list

want to export some of the packets from a big pacp file to another file.

2018-04-05 Thread supswain 
Hi,

I am using dpkt python package to parse .pcap file and I am able to do 
successfully.

My requirement is to filter some of the traffic from the big .pcap file and to 
export the result to another file.

I don't know how to do this.

PFB the setup details I am using.
###
OS-windows 7 32 bit
python->2.7.6 32 bit


Highly appreciating your effort to help me.


Thanks,
Supriya
-- 
https://mail.python.org/mailman/listinfo/python-list