def filter_packets(file_path, disp_filter):Ĭapture = pyshark.FileCapture(file_path, display_filter=disp_filter) Since Pyshark is just a wrapper of Thsark, you can even use the same filter in Wireshark as well or you can use your saved display filter from Wireshark. Step-2: Creating a display filter for interesting trafficĬreate a function that takes a file and display filter. “ ip_address” will be used to eliminate private IP addresses since we have private IP addresses in our capture file and Virustotal does not have any idea of them.ĪLSO READ: How to analyze LDAP traffic with Wireshark - Tutorial.“ pyshark” module will be used to extract resources from the capture file.“ time” module will be used to create a request per 16 seconds, since we have a limit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |