How to read TCP protocol data in a saved pcap file using scapy?

Question

I am trying to read a Pcap file using scapy

from scapy.all import *


logfile = rdpcap('./Pcap/112400.pcap')

print(logfile)

output

pcap: TCP:0 UDP:0 ICMP:0 Other:313

Now when I open the same file in wireshark I can see under protocol column TCP is present & under info column below data is present

`309    14:48:49.054000 2409:4040:f11:6385::fca:8000    2405:200:1601:c6e2:49:40:6:206  TCP [TCP Keep-Alive ACK] 59275 → 1883 [ACK] Seq=329 Ack=9 Win=23032 Len=0

How can I capture this info using scapy plz guide ?

Answer 1

It may be that what you want is to create a list where you can further process the individual packets.

from scapy.all import *
from pprint import pprint


logfile = rdpcap('test.pcap')

pprint(list(logfile))

Scapy has alot of capabilities built in. Odds are whatever you are trying to do its built in. Scapy recipes

Hope it helps and best of luck.

If you have mixed protocols then this may help with filtering what you ar looking for and further serve as an example of how to access packet details.

for p in logfile:
    if TCP in p:
        print(p[TCP])