pocc/parse_pcap_parts.py

## parse_pcap_parts.py
"""This script will print the header, packet headers, packets, and the footer for any format."""
import subprocess as sp
import re
import os

def create_pcap():
    if not os.path.exists("temp.pcapng"):
        sp.call(["tshark", "-w", "temp.pcapng", "-c", "3"])
    return "temp.pcapng"

def get_hexdump(filename):
    output = sp.check_output(["xxd", "-ps", filename], text=True)
    return re.sub(r"\s", "", output)

def get_pcap_header_footer(filename):
    """Get a combination of header/footer from the file."""
    capture_type_text = sp.check_output(["captype", filename], text=True)
    capture_type = re.findall(r"[^:]*: (.*)", capture_type_text)[0]
    sp.call(["tshark", "-r", filename, "-F", capture_type, "-Y", "ipx", "-w", "temp.file"])
    header = get_hexdump("temp.file")
    print(header)
    os.remove("temp.file")
    return header

def get_packets(filename):
    packet_text = sp.check_output(["tshark", "-r", filename, "-x"], text=True)
    packets = packet_text.split("\n\n")  # tshark outputs new packets on a newline
    packets = list(filter(None, packets))
    for i, _ in enumerate(packets):
        # Delete the bytes that are not part of the packet
        packets[i] = re.sub(r"(?:^|\n)\d*  |   .*| ", "", packets[i])

    return packets

def run():
    message = ""
    filename = create_pcap()
    hexdump = get_hexdump(filename)
    pcap_header_footer = get_pcap_header_footer(filename)
    packets = get_packets(filename)
    if
      pkt0 = re.search(packets[0], hexdump)
    message += "Packet 0:\n" + packets[0] + "\n\n"
    hexdump_remainder = hexdump[pkt0.end():]
    for i, packet in enumerate(packets):
        packet_match = re.search(packet, hexdump_remainder)
        packet_header = hexdump_remainder[:packet_match.start()]
        message += "Packet Header " + str(1) + ":\n" + packet_header + '\n\n'
        message += "Packet " + str(1) + ":\n" + packet + '\n\n'
        hexdump_remainder = hexdump_remainder[packet_match.end():]
    header_search = re.search(hexdump_remainder, pcap_header_footer)
    header = hexdump[:header_search.start()]
    message += "Header+packet0 header:\n" + header + "\n\n" + "Footer:\n", hexdump_remainder
    print(message)

if __name__ == '__main__':
    run()
	"""This script will print the header, packet headers, packets, and the footer for any format."""
	import subprocess as sp
	import re
	import os

	def create_pcap():
	if not os.path.exists("temp.pcapng"):
	sp.call(["tshark", "-w", "temp.pcapng", "-c", "3"])
	return "temp.pcapng"

	def get_hexdump(filename):
	output = sp.check_output(["xxd", "-ps", filename], text=True)
	return re.sub(r"\s", "", output)

	def get_pcap_header_footer(filename):
	"""Get a combination of header/footer from the file."""
	capture_type_text = sp.check_output(["captype", filename], text=True)
	capture_type = re.findall(r"[^:]: (.)", capture_type_text)[0]
	sp.call(["tshark", "-r", filename, "-F", capture_type, "-Y", "ipx", "-w", "temp.file"])
	header = get_hexdump("temp.file")
	print(header)
	os.remove("temp.file")
	return header

	def get_packets(filename):
	packet_text = sp.check_output(["tshark", "-r", filename, "-x"], text=True)
	packets = packet_text.split("\n\n") # tshark outputs new packets on a newline
	packets = list(filter(None, packets))
	for i, _ in enumerate(packets):
	# Delete the bytes that are not part of the packet
	packets[i] = re.sub(r"(?:^\|\n)\d* \| .*\| ", "", packets[i])

	return packets

	def run():
	message = ""
	filename = create_pcap()
	hexdump = get_hexdump(filename)
	pcap_header_footer = get_pcap_header_footer(filename)
	packets = get_packets(filename)
	if
	pkt0 = re.search(packets[0], hexdump)
	message += "Packet 0:\n" + packets[0] + "\n\n"
	hexdump_remainder = hexdump[pkt0.end():]
	for i, packet in enumerate(packets):
	packet_match = re.search(packet, hexdump_remainder)
	packet_header = hexdump_remainder[:packet_match.start()]
	message += "Packet Header " + str(1) + ":\n" + packet_header + '\n\n'
	message += "Packet " + str(1) + ":\n" + packet + '\n\n'
	hexdump_remainder = hexdump_remainder[packet_match.end():]
	header_search = re.search(hexdump_remainder, pcap_header_footer)
	header = hexdump[:header_search.start()]
	message += "Header+packet0 header:\n" + header + "\n\n" + "Footer:\n", hexdump_remainder
	print(message)

	if __name__ == '__main__':
	run()