我怎么能通过使用python的特定协议过滤pcap文件？ [英] How can I filter a pcap file by specific protocol using python?

问题描述

我有一些pcap文件，我想按协议过滤，即如果我想通过HTTP协议进行过滤，除了HTTP数据包以外的任何内容都将保留在pcap文件中。

有一个名为 openDPI 的工具，它是完美的我所需要的，但没有包装的Python语言。

有谁知道任何python模块，可以做我所需要的？

谢谢

编辑1：

HTTP过滤只是一个例子，我想过滤的协议有很多。

编辑2：

我试过Scapy，但我不知道如何正确过滤。该过滤器只接受Berkeley数据包过滤器表达式，即，我不能应用msn或HTTP或来自上层的另一个特定过滤器。任何人都可以帮助我吗？

解决方案

也许这可以帮助 Scapy ？

I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file.

There is a tool called openDPI, and it's perfect for what I need, but there is no wrapper for python language.

Does anyone knows any python modules that can do what I need?

Thanks

Edit 1:

HTTP filtering was just an example, there is a lot of protocols that I want to filter.

Edit 2:

I tried Scapy, but I don't figure how to filter correctly. The filter only accepts Berkeley Packet Filter expression, i.e., I can't apply a msn, or HTTP, or another specific filter from upper layer. Can anyone help me?

解决方案

maybe this can help Scapy?

这篇关于我怎么能通过使用python的特定协议过滤pcap文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！