In [18]:
from scapy.all import *
In [ ]:
# online sniffing
# pkts = sniff(filter="tcp and host search.yahoo.com", count=300)
# saving for later
# wrpcap("data/yahoo_search.cap", pkts)
In [19]:
# importing pcap file
sample_http = 'data/yahoo_search.cap'
pkts = sniff(offline=sample_http)
In [20]:
pkts
Out[20]:
<Sniffed: TCP:300 UDP:0 ICMP:0 Other:0>
In [21]:
pkts.nsummary()
0000 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http S
0001 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http S
0002 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http S
0003 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 SA
0004 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0005 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 SA
0006 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A
0007 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 SA
0008 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A
0009 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw
0010 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0011 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0012 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0013 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw
0014 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0015 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0016 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0017 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0018 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0019 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0020 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0021 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0022 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0023 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0024 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0025 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0026 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0027 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0028 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0029 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0030 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0031 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0032 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0033 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0034 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0035 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0036 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0037 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0038 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0039 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0040 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0041 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0042 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0043 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0044 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0045 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0046 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0047 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0048 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0049 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0050 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0051 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0052 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0053 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0054 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0055 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0056 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0057 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0058 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0059 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0060 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0061 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0062 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0063 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0064 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0065 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0066 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0067 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0068 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0069 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http FA
0070 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http FA
0071 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 A
0072 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 FA
0073 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 A
0074 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A
0075 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A
0076 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A
0077 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 FA
0078 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A
0079 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw
0080 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw
0081 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0082 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0083 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0084 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0085 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0086 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0087 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0088 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0089 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0090 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0091 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0092 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0093 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0094 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0095 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0096 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0097 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0098 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0099 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0100 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0101 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0102 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0103 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0104 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0105 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0106 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0107 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0108 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0109 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0110 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0111 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0112 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0113 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0114 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0115 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0116 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0117 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0118 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0119 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0120 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0121 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0122 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0123 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0124 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0125 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0126 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0127 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0128 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0129 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0130 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0131 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0132 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0133 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0134 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0135 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0136 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0137 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0138 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0139 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0140 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0141 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0142 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0143 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0144 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0145 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0146 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0147 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0148 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw
0149 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw
0150 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0151 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0152 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0153 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0154 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0155 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0156 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0157 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0158 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0159 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0160 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0161 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0162 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0163 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0164 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0165 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0166 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0167 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0168 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0169 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0170 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0171 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0172 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0173 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0174 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0175 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0176 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0177 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0178 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0179 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0180 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0181 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0182 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0183 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0184 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0185 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0186 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0187 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0188 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0189 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0190 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0191 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0192 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0193 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0194 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0195 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0196 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0197 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0198 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0199 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0200 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0201 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0202 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0203 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0204 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0205 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0206 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0207 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0208 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0209 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0210 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0211 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0212 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0213 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0214 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0215 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0216 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0217 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0218 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0219 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0220 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0221 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0222 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0223 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0224 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0225 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0226 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0227 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw
0228 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw
0229 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0230 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A
0231 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0232 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0233 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0234 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0235 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0236 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0237 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0238 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0239 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0240 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0241 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0242 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0243 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0244 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0245 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0246 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0247 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0248 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0249 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0250 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0251 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0252 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0253 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0254 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0255 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0256 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0257 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0258 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0259 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0260 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0261 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0262 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0263 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0264 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0265 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0266 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0267 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0268 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0269 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0270 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0271 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0272 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0273 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0274 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0275 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0276 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0277 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0278 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0279 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0280 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0281 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0282 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0283 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0284 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0285 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0286 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0287 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0288 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0289 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0290 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0291 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0292 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0293 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0294 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0295 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding
0296 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0297 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw
0298 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A
0299 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw
In [22]:
pkts[79].show()
###[ Ethernet ]###
  dst       = 00:1d:70:df:2d:11
  src       = 14:10:9f:e1:54:9b
  type      = 0x800
###[ IP ]###
     version   = 4L
     ihl       = 5L
     tos       = 0x0
     len       = 1420
     id        = 51853
     flags     = DF
     frag      = 0L
     ttl       = 64
     proto     = tcp
     chksum    = 0x2448
     src       = 10.25.3.61
     dst       = 74.6.239.58
     \options   \
###[ TCP ]###
        sport     = 53261
        dport     = http
        seq       = 3423577226
        ack       = 4075984347
        dataofs   = 8L
        reserved  = 0L
        flags     = A
        window    = 8192
        chksum    = 0xe4ca
        urgptr    = 0
        options   = [('NOP', None), ('NOP', None), ('Timestamp', (1222799014, 196990643))]
###[ Raw ]###
           load      = 'GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\r\nHost: search.yahoo.com\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\r\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0'
In [23]:
pkts[79].getlayer(Raw)
Out[23]:
<Raw  load='GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\r\nHost: search.yahoo.com\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\r\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0' |>
In [24]:
first_query = pkts[79].getlayer(Raw)
print first_query.fields.get('load').split('?p=')[1].split('&')[0]
Madrid
In [25]:
second_query = pkts[148].getlayer(Raw)
print second_query.fields.get('load').split('?p=')[1].split('&')[0]
I+love+chocolate
In [26]:
third_query = pkts[227].getlayer(Raw)
print third_query.fields.get('load').split('?p=')[1].split('&')[0]
Blue+Bottle+Coffe