pcap.py

#!/usr/bin/python
import os, sys, struct

f = open('./blog.pcap').read()
total = len(f)

index = 0;

magic = f[index:index+4].encode('hex')
# pcap file is generated in my pc, which is little endian 
major = struct.unpack('<H', f[index+4:index+6])[0]
minor = struct.unpack('<H', f[index+6:index+8])[0]
zone = struct.unpack('<I', f[index+8:index+12])[0]
sigfigs = struct.unpack('<I', f[index+12:index+16])[0]
snaplen = struct.unpack('<I', f[index+16:index+20])[0]
network = struct.unpack('<I', f[index+20:index+24])[0]

print "magic num = ", magic
print "major num = ", major, "minor num = ", minor
print "zone = ", zone
print "sigfigs = ", sigfigs
print "snaplen = ", snaplen
print "network = ", network

index += 24
w = open('pcap_data.txt', 'w')

while index < total:
    # pcap file is generated in my pc, which is little endian 
    cap_len = struct.unpack('<I', f[index+8:index+12])[0]
    packet_len = struct.unpack('<I', f[index+12:index+16])[0]
    print "cap_len = ", cap_len, "packet_len = ", packet_len
    w.write(f[index+16+54:index+16+cap_len+54])
    w.flush()
    index += 16+cap_len

w.close()