In [ ]:
from scapy.all import *
In [ ]:
sample_irc = "data/SkypeIRC.cap"
pkts = sniff(offline=sample_irc)
In [ ]:
pkts
In [ ]:
pkts.show()
In [ ]:
pkts.summary(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
In [ ]:
def filter_packet_by_string(pkt, string):
try:
raw_load = pkt.getlayer(Raw).fields.get('load')
if string in raw_load:
print pkt.sprintf("QUERY FOUND:\nFrom {IP:%IP.src% -> %IP.dst%\n}")
print raw_load
except Exception:
pass
In [ ]:
for pkt in pkts:
filter_packet_by_string(pkt, 'amarok')
In [ ]: