5

I am using Pyshark to parse packet from pcap file.
I have object of parsed packet. Separately I can get hex_value of each fields after changed raw_mode attribute to True. 

>>> packet = pyshark.FileCapture("ip_packet.pcap")
>>> packet_1 = packet[0]
>>> packet_1.layers()
[<ETH Layer>, <IP Layer>, <DATA Layer>]
>>> packet_1.ip.addr
'192.168.1.5'

>>> packet_1.ip.raw_mode = True
>>> packet_1.ip.addr
'c0a80105'

How can I get hexdump of full packet?

Braiam
  • 1
  • 11
  • 47
  • 78
Misha
  • 136
  • 1
  • 7

2 Answers2

1

Unfortunately, you cannot at the moment. Pyshark parses the output of tshark which does not contain the original packet bytes. You can try "reassembling" the packet yourself but I wouldn't recommend it.

As it stands, this feature can be added but is not possible at the moment, if you want that specifically I suggest you use a different package or parse only the packets (without any protocols) yourself or using construct (or other similar packages).

KimiNewt
  • 501
  • 3
  • 14
0

If you need to parse your packet (before having the hexdump of full packet) you may have you a look on pyshark_parser

A. STEFANI
  • 6,707
  • 1
  • 23
  • 48
  • On the github project, we can read: "Looking for contributors - for various reasons I have a hard time finding time to maintain and enhance the package at the moment. Any pull-requests will be reviewed and if any one is interested and is suitable, I will be happy to include them in the project. – A. STEFANI Aug 04 '16 at 22:39
  • 1
    This project has no documentation, could you please refer me to the class or method which gives the hexdump value of a packet? I cannot seem to find it. – B Faley Aug 06 '16 at 04:41