Pyshark get specific protocol name not just TCP/UDP
I'm building a tool to inspect PCAP files using PyShark, however am struggling to extract the specific protocols from the packets (e.g. SSH, MQTT, ARP) rather than just TCP or UDP.
I'm wondering if anyone has experience with this? I've tried packet.ip.proto but that just returns TCP and UDP ID numbers, not names such as SSH or ARP.
I'm trying to get the same information as Wireshark shows in the below example:
Thanks!
Solution
Think I've figured it out. Looks like each specific type of protocol adds its own layer to the packet, so by printing out all the layers in a packet, you can identify any non-standard layers.
with pyshark.FileCapture(TEST_FILE) as cap:
for i, pkt in enumerate(cap):
print(pkt.layers)
Output:
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SYNERGY Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SYNERGY Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SYNERGY Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SSH Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SSH Layer>]
[<ETH Layer>, <IP Layer>, <TCP Layer>, <SSH Layer>]
You can get a usable list of the layer names like so:
with pyshark.FileCapture(TEST_FILE) as cap:
for i, pkt in enumerate(cap):
try:
print([pkt.layers[i].layer_name for i, lay in enumerate(pkt.layers)])
except AttributeError as ex:
print(ex)
Output:
['eth', 'ip', 'tcp', 'synergy']
['eth', 'ip', 'tcp', 'synergy']
['eth', 'ip', 'tcp', 'synergy']
['eth', 'ip', 'tcp']
['eth', 'ip', 'tcp', 'ssh']
['eth', 'ip', 'tcp', 'ssh']
['eth', 'ip', 'tcp', 'ssh']
- AttributeError: install_layout when attempting to install a package in a virtual environment
- Python list comprehension - want to avoid repeated evaluation
- Hash algorithm for dynamic growing/streaming data?
- matplotlib - making labels for violin plots
- Python How to I check if last element has been reached in iterator tool chain?
- Polars and the Lazy API: How to drop columns that contain only null values?
- Why are my Mean, Var, and Std outputs from NumPy different from what the online grader expects?
- Correlation dataframe convertion from results from pl.corr
- Polars DataFrame transformation
- Discord rate limiting while only sending 1 request per minute
- Check if column contains (/,-,_, *or~) and split in another column - Pandas
- How to draw a rectangle at (x,y) in a PyQt GraphicsView?
- how to calculate correlation between ten columns with polars
- How to set class attribute with await in __init__
- Detect hindi encoding, response received from Facebook API in Python
- Is it possible to write a horizontal if statement with a multi-line body?
- Max length of items in list
- Cannot subclass multiprocessing Queue in Python 3.5
- How can I get notified of updates to Python packages in a unified way?
- Using python AST to traverse code and extract return statements
- merge groups of columns in a polars dataframe to single columns
- Group Pandas DataFrame by Continuous Date Ranges
- Flask login @login_required not working
- Odoo: one2many and many2one? KeyError:'___'
- merge some columns in a Polars dataframe and duplicate the others
- Python: Create table from string mixed with separators using FOR loops
- How do I type hint a method with the type of the enclosing class?
- How can I verify an emails DKIM signature in Python?
- Writing a class that accepts a callback in Python?
- Python Paramiko channel.exec_command not returning output intermittently