packets = rdpcap("/home/pcap_evidence/"+date+"/"+list_time[0]+"")
for data in packets:
if IP in data:
if data[IP].src == ip and data[IP].dst == ip:
list_.append(data)
In this code i am reading a pcap using rdpcap and then iterating it using for loop by this way i am getting row wise data of packets and on evry pcaket i am searching for a particular ip and if ip matchs with any src_ip or dst_ip then storing that pcaket and making a new filtered pcap.
And all this takes 5 mins for searching a 600 mb of file and i want to do it alot faster then that. how can i do it.
scapy in known to be slow. I would avoid scapy for big files.
the best way, is to use tshark exemple:
tshark -r my_capture.pcap -Y "(ip.src == 192.168.1.10) && (ip.dst == 172.27.224.70)" -w /tmp/my_filtered_capture.pcap
If you need the result in python, you can call that then parser the result after.