Python parsing HTTP packets in the Pcap file

HTTP packets in the PCAP package can be easily parsed using scapy, scapy_http

Scapy_http can be downloaded in https://github.com/invernizzi/scapy-http, the address is also given a simple example program, according to this sample program I modified an output PCAP packet in the source destination address of the HTTP packet, The payload applet is as follows:

where P is a packet, scapy_http divides it into:

Ethernet->tcp->raw three levels,

Use the P.show () function to print the following results:

###[Ethernet]###
  DST       = 02:00:00:00:00:39
  src       = 00:00:00 : 01:02:09
  type      = 0x800
###[IP]###
     version   = 4L
     IHL       = 5L
     tos       = 0x0
     le n       = 1014
     id        = 7180
     flags &NB Sp   =&NBSP
     frag      = 0L
     TTL       = 45     proto     = TCP
     chksum    = 0xbbf9
    &NBSP ; src       = 126.209.59.13
     DST       = 121.113.176.25
  &NBSP ;  \options   \
###[Raw]###
        load      = ' ... '

The first layer is the network layer, including the source, the destination Mac, the IP protocol number, the second layer is the TCP layer, the third layer contains the port number, the HTTP message

Each of these layers is a payload member of the previous layer

In the process of running the program, if you are prompted for dnet or Pcap library exceptions, you need to download and reinstall the appropriate libraries here:

Pcap Http://files.cnblogs.com/Jerryshome/pcap-1.1.win32-py2.7.rar

Dnet Http://files.cnblogs.com/Jerryshome/dnet-1.12.win32-py2.7.rar

Python parsing HTTP packets in the Pcap file