Analyzing Networking Traffic using
We will be using the
dpkt library to analyse the network traffic.
dpkt is a python module for fast, simple packet creation/parsing, with definition for the basic TCP/IP protocols. In order to use
dpkt you first need to install it.
sudo pip install dpkt
Note: You can omit
sudo from the above command, if you are logged in as root user.
In this lesson we will extract the source IP and destination IP addressess for the packets on the network using python code, from our
.pcap file, in which we saved the Workshire traffic data. After saving your captured pcap file at some location(say Desktop). Run the following code:
# this code prints Source and Destination IP from the given 'pcap' file
for (ts,buf) in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
# read the source IP in src
src = socket.inet_ntoa(ip.src)
# read the destination IP in dst
dst = socket.inet_ntoa(ip.dst)
# Print the source and destination IP
print 'Source: ' +src+ ' Destination: ' +dst
# Open pcap file for reading
f = open('/home/codeplay/Desktop/first.pcap')
#pass the file argument to the pcap.Reader function
pcap = dpkt.pcap.Reader(f)
if __name__ == '__main__':
In the above code, in the method
buf are timestamp and buffer respectively. You might have noticed socket methods
inet_aton converts a 32-bit packed IPv4 address(a string of four characters in length) to its standard dotted-quad string representation(for example, 220.127.116.11).