> cap = pyshark.FileCapture('/tmp/mycapture.cap')ĭifferentiated Services Field: 0x00 (DSCP 0x00: Default ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Here’s a simple example taken from pyshark’s Github page that shows how the Python command line interpreter (I used python3 and not the older python 2.x) can be used to access packets in a pcap file: > import pyshark Pyshark makes it almost trivial to analyze network traffic in Python as everything Wireshark decodes in each packet is made available as a variable! Recently, a colleague of mine introduced me to pyshark, a wrapper for Wireshark’s command line companion tshark. On top of that wouldn’t it be great if you could analyze network packets in your own code and act when a defined set of conditions are met? For a long time I thought that this would be a lot of hassle to pull off but it’s actually a lot easier than I thought. It’s great to analyze things manually in real time or from saved packet captures after the fact.
Wireshark is a great tool and sometimes I wonder if I use it more often than a word processor.
0 kommentar(er)
