Closed montagsmodell closed 3 years ago
Possibility 2 looks pretty close, you just need to descend 1 more layer into the UDP data (Ethernet -> IP -> UDP -> payload). Something like
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
udp = ip.data
print(udp.data)
or simply
print(eth.ip.udp.data)
Hey, thanks for the fast answer @obormot ! This might actually work, but I am not sure, maybe you can clarify for me: Does this command only print out the content of the packet without the header, IP adress etc.? I cant check for myself because the traffic im capturing is encrypted additionally right now.
@montagsmodell I've shown how you could print the UDP payload with dpkt. This is not an issue with dpkt - closing the ticket.
Dears, I have a pcap file containing one sniffed packet which was sent via UDP protocol. I need the content (not source or destination port etc. as shown in the examples but really the payload) of said package. I have two intermediate successful codes that run but do not give me what I want.
Possibility 1:
That returns:
Possibility 2 is:
That returns
Can somebody please help me figure out how to get only the payload of the packet without destination ip or source ip etc.
Thanks! any help is appreciated.