install

pip install pyshark

Use

for example ： Analyze existing pcap file ：

import pyshark

pcap = pyshark.FileCapture("test1.pcap", tshark_path="/Applications/Wireshark.app/Contents/MacOS/tshark")

The two parameters specify the input file and tshark route

then , You can use loop traversal pcap file （ You can also use subscripts ）：

for p in pcap:
    print(p)

Output structure and wireshark What you see is consistent , give the result as follows ：

If you want to see it alone IP Layer or TCP or UDP In the words of the first floor , It only needs ：

print(pcap[0].ip)

Output ：

With IP Layer as an example , If you want to extract one of these parameters separately ：

print(pcap[0].ip.src)
print(pcap[0].ip.ttl)
print(pcap[0].ip.version)
print(pcap[0].ip.proto)

Output is as follows ：

How to see pcap What fields are available for the object ？ Yes pcap Object use dir() Function ：

print(dir(pcap[0]))

give the result as follows ：

Empathy , How to see what fields are available in a certain layer ？ With IP Layer as an example ：

print(dir(pcap[0].ip))

Output is as follows ：

summary

It is OK for daily use , But the speed is average