tcpdump Wireshark ,抓报分析脚本

import dpkt,os,sys
os.chdir(sys.path[0])

f = open('12.cap','rb')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    tcp = ip.data
    try:
        if tcp.dport==80 and len(tcp.data)>0:
            http=dpkt.http.Request(tcp.data)
            if http.method=='POST':
                print http.headers['host']+http.uri+'\n'+http.body,#,http.headers['user-agent']
                print '\n\n'
    except:pass
f.close()


你可能感兴趣的:(tcpdump Wireshark ,抓报分析脚本)