I download pcap file from Wiki this PCAP
import binascii
import pyshark
cap = pyshark.FileCapture('200722_tcp_anon.pcapng')
for pkt in cap:
text = pkt.tcp.payload.raw_payload
print(text)
cap.close()
But I got an error
Traceback (most recent call last):
File "main.py", line 7, in <module>
text = pkt.tcp.payload.raw_payload
File "C:\Users\User\AppData\Local\Programs\Python\Python37-32\lib\site-packages\pyshark\packet\layer.py", line 36, in __getattr__
raise AttributeError()
AttributeError
Why is that?
This AttributeError is being thrown, because this of this line:
text = pkt.tcp.payload.raw_payload
You need to do some filtering prior to querying and printing the TCP payloads
import pyshark
pcap_file = '200722_tcp_anon.pcapng'
capture = pyshark.FileCapture(pcap_file, display_filter='tcp')
for packet in capture:
field_names = packet.tcp._all_fields
field_values = packet.tcp._all_fields.values()
for field_name in field_names:
for field_value in field_values:
if field_name == 'tcp.payload':
print(f'{field_name} -- {field_value}')
Print output
tcp.payload -- 7875
tcp.payload -- 2000
tcp.payload -- 7875
tcp.payload -- 0
tcp.payload -- 6
tcp.payload -- 1
tcp.payload -- 532420307
tcp.payload -- 7
tcp.payload -- 1
tcp.payload -- 2978637660
tcp.payload -- 20
tcp.payload -- 0x00000018
...truncated
Here is a GitHub document that I wrote on using pyshark.