How to read pcapng (wireshark) files in Python?

I have a capture of some TCP packets in pcapng format and I’d like to open it in python to inspect the TCP payloads with address 192.168.1.198. I’ve only found this library: https://python-pcapng.readthedocs.io/en/latest/api/blocks.html but it does not support inspecting TCP payloads.

Is there an easy way?

Answer

You can use python-pcapng package. First install python-pcapng package by following command.

pip install python-pcapng

pip install python-pcapng

​

Then use following sample code.

from pcapng import FileScanner

with open(r'C:UserszahangirDownloadsMDS19 Wireshark Log 08072021.pcapng', 'rb') as fp:
    scanner = FileScanner(fp)
    for block in scanner:
        print(block)
        print(block._raw) #byte type raw data

from pcapng import FileScanner

​

with open(r'C:UserszahangirDownloadsMDS19 Wireshark Log 08072021.pcapng', 'rb') as fp:

    scanner = FileScanner(fp)

    for block in scanner:

        print(block)

        print(block._raw) #byte type raw data

​

Above code worked for me.

Reference: https://pypi.org/project/python-pcapng/