16: Analyzing capture files in Python with PyShark

Показать описание

The title of this class is: "Analyzing capture files in Python with PyShark" and was taught by Dor Green. This was recorded on July 13th in Kansas City, MO.

SharkFest™, launched in 2008, is a series of annual educational conferences staged in various parts of the globe and focused on sharing knowledge, experience and best practices among the Wireshark® developer and user communities.

SharkFest attendees hone their skills in the art of packet analysis by attending lecture and lab-based sessions delivered by the most seasoned experts in the industry. Wireshark core code contributors also gather during the conference days to enrich and evolve the tool to maintain its relevance in ensuring the productivity of modern networks.

SharkFest’s aim is to support ongoing Wireshark development, to educate and inspire current and future generations of computer science and IT professionals responsible for managing, troubleshooting, diagnosing and securing legacy and modern networks, and to encourage widespread use of the free analysis tool. Per Gerald Combs, Wireshark project Founder …“Wireshark is a tool and a community. My job is to support both."

Chapters:
0:00 Intro
0:48 Packet Parsing in Python
2:35 Pyshark uses Wireshark
3:23 Let's get started/read our capture
6:15 Getting an overview
8:09 Accessing Fields
9:19 I want my HTTP fields!
10:40 Getting user agents from a PCAP
12:19 More field actions
13:51 Accessing various field values
15:50 Duplicate fields + Accessing them
21:07 JSON/EK parsing
25:55 More efficient packet analysis techniques
28:59 Other capture types
33:00 Integrating Pyshark into exisiting applications
34:39 Conclusion + Q&A

Рекомендации по теме

Комментарии

Thank you for providing this video. It is much appreciated! Please thank Mr Green on my behalf.

aqeebhussain

Could I use pyshark for TCP packets reassembly into original request?

radwaahmed

I am getting the following error. Basically I am trying to search a string inside the packet.

if 'gtpv2' in packet:
# Access GTPv2 protocol fields
gtpv2_packet = packet.gtpv2

if 'create_session_request' in gtpv2_packet:
print('Present')
Error : Error processing packet: argument of type 'XmlLayer' is not iterable

please help on this.

LOFI_indian-lt

16: Analyzing capture files in Python with PyShark

16: Analyzing capture files in Python with PyShark

Wireshark #16. Working With Capture Files

FTP Wireshark File analysis | Vulnfreak CTF | File in wire | Network Capture | Walkthrough

How to Capture a Log File using Zenith Z7

Basic Capture and Save

Tracking Down Hackers Through a Packet Capture - MetaCTF

Lecture16(300-206)-Configure & Analyze Packet Capture Using CLI/ASDM

SF18ASIA: 16 - extcap – Packet Capture beyond libpcap/winpcap (Roland Knall)

How to DECRYPT HTTPS Traffic with Wireshark

2. Firepower Threat Defense 6 2: Advanced Troubleshooting (Packet Capture)

'How to capture 100G Ethernet traffic at wire speed to local disk' - Christoph Lameter (LC...

PRSG016: A Simple Capture, Analyze and Report (Part 1)

Rapid Data Analysis with F# - Part 1 - Scripts and Data Capture

Wireshark | 02 | Capture and analyse TCP and IP packets

Linux Memory Capture and Analysis - Volatility Tutorial for Linux Memory Forensics

Linux Memory Forensics - Memory Capture and Analysis

Capture Plan Cache Removal

Ram Lakshmanan - 16 artifacts to capture when there is a production problem

Motion capture system calibration #1 - check camera masks

How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN

OrCAD 16 6 Capture and PSpice - Sensitivity Analysis

11 Setting of 'File Set' option for capturing packet

packet capture tutorial using tcpdump

Hacking Lab 0x01 Packet Capturing and Analysis