This is a duplicate to an unsolved question
My code is very simple:
for pcap_path in pcaps:
f = open(pcap_path)
pcap = dpkt.pcap.Reader(f)
i = 1
for ts, buf in pcap:
eth = dpkt.ethernet.Ethernet(buf)
ip = eth.data
tcp = ip.data
if tcp.dport == 80 and len(tcp.data) > 0:
http = dpkt.http.Request(tcp.data)
lst.append(http.headers['host'])
f.close()
and here is the pcap
I don't wanna use other pcap parsers because dpkt is BY FAR the fastest.
It's like x50 times faster than scapy for example.
It fails in the following packets:
Failed in packet 1
Failed in packet 6
Failed in packet 7
Failed in packet 8
Failed in packet 10
Failed in packet 12
Failed in packet 14
Failed in packet 19
Failed in packet 21
Failed in packet 22
Failed in packet 24
Failed in packet 26
Failed in packet 28
Failed in packet 30
Failed in packet 32
Failed in packet 34
Failed in packet 36
Failed in packet 38
Failed in packet 41
Failed in packet 42
Failed in packet 45
Failed in packet 46
Failed in packet 48
Failed in packet 50
Failed in packet 52
Failed in packet 54
Failed in packet 57
Failed in packet 58
Failed in packet 60
Failed in packet 62
Failed in packet 64
Failed in packet 68
Failed in packet 70
Failed in packet 72
Failed in packet 78
Failed in packet 80
Failed in packet 90
Failed in packet 92
Failed in packet 94
Failed in packet 98
Failed in packet 100
Failed in packet 102
Failed in packet 106
Failed in packet 108
Failed in packet 110
Failed in packet 114
Failed in packet 116
Failed in packet 118
Failed in packet 120
Failed in packet 124
Failed in packet 126
Failed in packet 128
Failed in packet 130
Failed in packet 132
Failed in packet 134
Failed in packet 137
Failed in packet 143
Failed in packet 145
Failed in packet 155
Failed in packet 157
Failed in packet 159
Failed in packet 161
Failed in packet 163
Failed in packet 165
Failed in packet 169
Failed in packet 171
Failed in packet 173
Failed in packet 175
Failed in packet 178
Failed in packet 180
Failed in packet 184
Failed in packet 186
Failed in packet 188
Failed in packet 190
Failed in packet 193
Failed in packet 194
Failed in packet 196
Failed in packet 200
Failed in packet 202
Failed in packet 204
Failed in packet 208
Failed in packet 210
Failed in packet 212
Failed in packet 216
Failed in packet 218
Failed in packet 220
Failed in packet 226
Failed in packet 228
Failed in packet 238
Failed in packet 240
Failed in packet 242
Failed in packet 244
Failed in packet 248
Failed in packet 250
Failed in packet 252
Failed in packet 256
Failed in packet 258
Failed in packet 260
Failed in packet 264
Failed in packet 266
Failed in packet 268
Failed in packet 272
Failed in packet 274
Failed in packet 276
Failed in packet 280
Failed in packet 282
Failed in packet 284
Failed in packet 288
Failed in packet 290
Failed in packet 292
Failed in packet 296
Failed in packet 298
Failed in packet 300
Failed in packet 304
Failed in packet 306
Failed in packet 308
Failed in packet 312
Failed in packet 314
Failed in packet 316
dpkt checks if the value of the HTTP Content-Length header, and the length of the actual data match. This is enforced strictly. It will be fixed soon.
In the interim, you can make this work my commenting this line in the dpkt library, and adding a dummy pass statement in its stead.