Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #37402
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin3!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <kdawg44@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.009 |
| X-Spam-Evidence | '*H*': 0.98; '*S*': 0.00; 'url:pypi': 0.03; 'output': 0.04; 'importerror:': 0.05; 'matches': 0.07; 'subject:file': 0.07; 'python': 0.09; '22,': 0.09; 'craft': 0.09; 'get.': 0.09; 'https': 0.09; 'cc:addr:python-list': 0.10; 'files.': 0.13; 'michigan': 0.16; 'pairs': 0.16; 'sure.': 0.16; 'wrote:': 0.17; 'thanks,': 0.18; 'jan': 0.18; 'module': 0.19; 'trying': 0.21; 'import': 0.21; 'do.': 0.21; 'http': 0.22; 'parse': 0.22; 'password.': 0.22; 'help.': 0.22; 'cc:2**0': 0.23; 'kevin': 0.23; 'idea': 0.24; 'script': 0.24; 'tried': 0.25; 'cc:addr:python.org': 0.25; 'header :In-Reply-To:1': 0.25; 'message-id:@mail.gmail.com': 0.27; 'run': 0.28; 'post': 0.28; '"do': 0.29; 'act,': 0.29; 'url:mailman': 0.29; 'url:python': 0.32; 'file': 0.32; 'mac': 0.32; 'url:listinfo': 0.32; 'extract': 0.33; 'science,': 0.33; 'received:google.com': 0.34; 'screen': 0.34; 'thanks': 0.34; 'filter': 0.35; 'pm,': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'but': 0.36; 'url:org': 0.36; 'why': 0.37; 'received:209': 0.37; 'data': 0.37; 'subject:: ': 0.38; 'university': 0.38; 'some': 0.38; 'instead': 0.39; 'url:mail': 0.40; 'your': 0.60; '&': 0.61; 'matter': 0.61; 'traffic': 0.61; 'here:': 0.62; 'information': 0.63; 'today': 0.67; 'business': 0.70; 'sans': 0.71; 'hoping': 0.72; 'goal': 0.74; '"do': 0.84; '"we': 0.84; '2013': 0.84; 'excellence,': 0.84; 'illustrated': 0.84; 'mcp': 0.84; 'western': 0.89; 'angel': 0.93; 'tomorrow': 0.96 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=Q6DckrEBIiar8upm3S+87YClu1OMFhq8ajKNDSwPs10=; b=E3QTvnAxtuVzu/72R2dJn3gyn60/OhdC5UxfTHaRojMkoEfqfooS6cr4/glob3Im7w qDmipOW2KZ5MYk6EZ8Xs8dLBVD9mc9dDD0K6jgxtd3z1rMHmIuKW9rrChKZEBqjD57bM 5IQZIZHSfap7JO9iWQuHmURr3YCl0+WS08xc8jt1mLN3nODJjik44cDOz0kqvJ5GY3X7 oPdSgqX+DlJnrUOG/RFufx3nqJk46aJefJbq2HcNrO7c5EEo1Y2YxUuPkMsjoGgrgYTe 9vY3/Y3Py/Vg34qDgaRP1AJ0m1SpJJxZrvYqCuOjYoLBmd4l2EiVPQ4k5n6HZdvqipc0 +l1w== |
| MIME-Version | 1.0 |
| X-Received | by 10.112.10.39 with SMTP id f7mr86722lbb.41.1358910929707; Tue, 22 Jan 2013 19:15:29 -0800 (PST) |
| In-Reply-To | <50FF5312.50309@davea.name> |
| References | <CAN4UfGzwzHJvpY=Er2B2otZMBm=8eVA6FDGejJbirXLZFTXvsg@mail.gmail.com> <50FF5312.50309@davea.name> |
| Date | Tue, 22 Jan 2013 22:15:29 -0500 |
| Subject | Re: Parse a Wireshark pcap file |
| From | Kevin Holleran <kdawg44@gmail.com> |
| To | Dave Angel <d@davea.name> |
| Content-Type | multipart/alternative; boundary=e0cb4efe31103f248b04d3ec1b1b |
| Cc | "python-list@python.org" <python-list@python.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.856.1358910937.2939.python-list@python.org> (permalink) |
| Lines | 124 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1358910937 news.xs4all.nl 6888 [2001:888:2000:d::a6]:38182 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:37402 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Thanks, I have been trying to get it to work but I am on Mac OS 10.8.2. I tried to get it from Macports and download/install it myself. Both seem to get me to here: ImportError: No module named dnet I tried to download libdnet but no matter what I do this is what I get. Granted I am doing; from scapy.all import * But I have no idea what I need. I am not trying to craft packets but filter packets based on tcp.dstport 80 & frame matches signin.aspx. Then my goal is to parse the data looking for post vars txtUserId & txtPwd and extract them, dumping them to the screen as userid_value => password. Thanks for your help. -- Kevin Holleran Master of Science, Computer Information Systems Grand Valley State University Master of Business Administration Western Michigan University SANS GCFA, SANS GCFE, CCNA, ISA, MCSA, MCDST, MCP "Do today what others won't, do tomorrow what others can't" - SEALFit "We are what we repeatedly do. Excellence, then, is not an act, but a habit." - Aristotle On Tue, Jan 22, 2013 at 10:03 PM, Dave Angel <d@davea.name> wrote: > On 01/22/2013 08:32 PM, Kevin Holleran wrote: > >> Is there a way to parse out a wireshark pcap file and extract key value >> pairs from the data? I am illustrated a sniff of some traffic and why it >> needs utilize HTTPS instead of HTTP but I was hoping to run the pcap >> through a python script and just output some interesting key value >> pairs.... >> >> > Sure. scapy can create and/or parse pcap files. > > http://pypi.python.org/pypi/**Scapy <http://pypi.python.org/pypi/Scapy> > > > -- > DaveA > -- > http://mail.python.org/**mailman/listinfo/python-list<http://mail.python.org/mailman/listinfo/python-list> >
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Parse a Wireshark pcap file Kevin Holleran <kdawg44@gmail.com> - 2013-01-22 22:15 -0500
csiph-web