HTTP packets in the PCAP package can be easily parsed using scapy, scapy_http
Scapy_http can be downloaded in https://github.com/invernizzi/scapy-http, the address is also given a simple example program, according to this sample program I modified an output PCAP packet in the source destination address of the HTTP packet, The payload applet is as follows:
where P is a packet, scapy_http divides it into:
Ethernet->tcp->raw three levels,
Use the P.show () function to print the following results:
###[Ethernet]###
DST = 02:00:00:00:00:39
src = 00:00:00 : 01:02:09
type = 0x800
###[IP]###
version = 4L
 IHL = 5L
tos = 0x0
le n = 1014
id = 7180
flags &NB Sp =&NBSP
frag = 0L
 TTL = 45 proto = TCP
chksum = 0xbbf9
&NBSP ; src = 126.209.59.13
 DST = 121.113.176.25
&NBSP ; \options \
###[Raw]###
load = ' ... '
The first layer is the network layer, including the source, the destination Mac, the IP protocol number, the second layer is the TCP layer, the third layer contains the port number, the HTTP message
Each of these layers is a payload member of the previous layer
In the process of running the program, if you are prompted for dnet or Pcap library exceptions, you need to download and reinstall the appropriate libraries here:
Pcap Http://files.cnblogs.com/Jerryshome/pcap-1.1.win32-py2.7.rar
Dnet Http://files.cnblogs.com/Jerryshome/dnet-1.12.win32-py2.7.rar
Python parsing HTTP packets in the Pcap file