Closed SaigeGithub closed 3 years ago
pcap = dpkt.pcap.Reader(f)
for timestamp, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
if eth.type != dpkt.ethernet.ETH_TYPE_IP6 and eth.type != dpkt.ethernet.ETH_TYPE_IP:
print('Non IP Packet type not supported %s\n' % eth.data.__class__.__name__)
continue
if eth.type == dpkt.ethernet.ETH_TYPE_IP:
ip = eth.data
if ip.p == dpkt.ip.IP_PROTO_TCP:
tcp = ip.data
try:
request = dpkt.http.Request(tcp.data)
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
continue
print ('HTTP Message: %s\n' % repr(request))
But the output is empty, there is something wrong when dpkt tried to parser the http
The command I use on a MacOS: tcpdump -i en0 -w test.pcap This pcap file can be parsed, the IP, TCP could be extracted. but the HTTP header had an 'invalid header' error and if I add a try and catch, it would be empty. The pcap is too big to be attached here. Thank you!!!