while am trying to use pyshark for some ctf tasks i got this output:
traceback (most recent call last): File "test.py", line 5, in if ("TCP" or "TLSv1.2") and ((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100")) in packet: File "/home/shanx/.local/lib/python2.7/site-packages/pyshark/packet/packet.py", line 119, in getattr raise AttributeError("No attribute named %s" % item) AttributeError: No attribute named ip
here's my python code :
import pyshark
capture = pyshark.FileCapture("/home/shanx/Desktop/TASKS1.1/advancedNetwork")
val=""
for packet in capture:
if ("TCP" or "TLSv1.2") and ((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100")) in packet:
val= val+packet.sll.unused
val.replace(":","")
print(val)
note: it worked just fine without this instruction:
((packet.ip.src=="172.217.18.227" or packet.ip.src=="192.168.1.100"))
question: is there any fair documentation or tutorials for these kind of libraries ?
thank you so much for answering!
I found a way while searching deeply in the docs, so for example if I need to know all the fields that can be provided by Pyshark for the ICMP packets , you have to type :
val=pkt.icmp._all_fields
print(val)
You will get this output:
$python3 test.py
{'icmp.type': '0', 'icmp.code': '0', 'icmp.checksum': '0x0000fe60', 'icmp.checksum.status': '1', 'icmp.ident': '0', 'icmp.seq': '0', 'icmp.seq_le': '0', 'data': '5545734442425141434141494141422f65553841', 'data.data': '55:45:73:44:42:42:51:41:43:41:41:49:41:41:42:2f:65:55:38:41', 'data.text': 'UEsDBBQACAAIAAB/eU8A', 'data.len': '20'}
which is actually a dictionary that holds all the fields that you can access with python instructions !
Now you know what you can access and how !