Python绝技笔记--------python简单利用dpkt操作pcap

要注意的是 wireshark抓包出来的是pcapng格式要转换

将pcapng转成pcap格式：
http://pcapng.com/
wireshark 抓包是可以保存pcap包格式的

# -*- coding: UTF-8 -*-
import dpkt
import socket
def printPcap(pcap):
    for (ts,buf) in pcap:
        try:
            eth = dpkt.ethernet.Ethernet(buf)
            ip = eth.data
            src = socket.inet_ntoa(ip.src)
            dst = socket.inet_ntoa(ip.dst)
            print '[+] Src:'+src+' -->Dst:'+dst
        except:
            pass
def main():
    f = open('test.s0i0.pcap')
    pcap = dpkt.pcap.Reader(f)
    printPcap(pcap)
if __name__ == '__main__':
    main()

解析出来回的ip访问