How do I read cap files with python efficiently?
Question:
I have some .CAP files (not PCAP file) from capturing packages with tcpdump.
When I try to open with wireshark, the machine gets very slow, as I imagine that it tries to load everything into RAM.
I do not need to read the whole file at once. Imagine that I want to read the .CAP file only from time (time) = 9:15 p.m. to 11:12 p.m. instead of loading all into memory.
How can I do it in Python?
This is a CAP file:
Answers:
Installing scapy: pip install scapy
from scapy.all import *
pkts = rdpcap("file.cap")
u can use cap
import cap
captured_packets = cap.load(open("file.cap", "rb"))
I have some .CAP files (not PCAP file) from capturing packages with tcpdump.
When I try to open with wireshark, the machine gets very slow, as I imagine that it tries to load everything into RAM.
I do not need to read the whole file at once. Imagine that I want to read the .CAP file only from time (time) = 9:15 p.m. to 11:12 p.m. instead of loading all into memory.
How can I do it in Python?
This is a CAP file:
Installing scapy: pip install scapy
from scapy.all import *
pkts = rdpcap("file.cap")
u can use cap
import cap
captured_packets = cap.load(open("file.cap", "rb"))