'How can I save a filtered pyshark FileCapture to a new pcap file?

I have a program that can scan a pcap file using pyshark.FileCapture and then print the filtered packets.

I want to save those packets to a new pcap file.

Code:

import pyshark
import os
import sys
from scapy.all import *

def save_to_pcap(cap, filename):
    new_cap = PcapWriter(filename, append=True)

    for packet in cap:
        new_cap.write(packet.get_raw_packet())

def load_pcap(filter_str, path):
    cap = pyshark.FileCapture(path, display_filter=filter_str)
    return cap

def main():
    cap = load_pcap('http', 'file.pcap')
    cap
    save_to_pcap(cap, 'results.pcap')

main()

I tried using scapy, but save_to_pcap() function does not work and this exception pops up:

Traceback (most recent call last):
  File "SharkAn.py", line 116, in <module>
    main()
  File "SharkAn.py", line 108, in main
    save_to_pcap(cap, filename)
  File "SharkAn.py", line 81, in save_to_pcap
    pcap = rdpcap(cap)
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 860, in rdpcap
    with PcapReader(filename) as fdesc:
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 883, in __call__
    filename, fdesc, magic = cls.open(filename)
  File "C:\Users\Gal\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 914, in open
    magic = fdesc.read(4)
AttributeError: 'FileCapture' object has no attribute 'read'
pythonwiresharkscapypysharknode.jsreactjsexpresssequelize.js


Solution 1:[1]

Just did exactly what you want:

cap = pyshark.FileCapture('path.pcap', display_filter=filter_str, output_file='path_to_save.pcap')
cap.load_packets()

And this will save packets to 'path_to_save.pcap'

This method will loade captured file to memory. So scapy is not needed.

Solution 2:[2]

Your problem comes from the attributes which you indicated in your query: You told SEQUELIZE to return only TOTAL. I suggest you this::

db.product.findAll({
   attributes:[[sequelize.fn('sum',sequelize.col('profit_total')),'total'], 'startedDate', 'endDate'],
   where : {
     "createdAt" : {
        [Op.between] : [new Date(startedDate).setHours(0,0,0,0), new Date(endDate).setHours(23,59,59,999) ]}
   },
})

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 kazhem
Solution 2

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?