Parsing large tcpdump files in python

python wireshark tcpdump
11,496

Take a look at the dpkt module. It should be able to parse the pcap file on demand. Jon Oberheide has a great blog post showing how you can access the parsed representation of packets within a pcap packet capture file.

Share:
11,496
DaTaBomB
Author by

DaTaBomB

I like to fool around with stuff

Updated on June 25, 2022

Comments

  • DaTaBomB
    DaTaBomB almost 2 years

    I have a large tcpdump capture ( with > 1gb of data in a .dump file) which I would like to parse to get some statistics like the number of different IPs involved in sending traffic, etc. I would like to know if there is a clean way of accessing such data in the binary trace file through python? The way I tried doing it is by running tcpdump -r something.dump > myfile.out And then try to parse myfile.out with python code to get the data i want. But the command above is taking forever to complete and would like to use a better way of doing this.

    Edit: Wireshark runs out of memory while trying to open the file.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Server sends [ACK] followed by [PSH,ACK]
How to see full HTTPS URL in wireShark
frame contains "\x03\x00\x0e\xa8" display filter in wireshark displays packets not containing these bytes
Stripping payload from a tcpdump?
Use Tshark to view json data
pyshark - data from TCP packet
Parsing pcap taken from wireshark file using - Java
How can I run tcpdump from a Python script without AppArmor complaining?
tcpdump read both ipv4 and ipv6 packets from pcap
Capture packets on Asus router