I've just try to use PYSHARK and filtering using BPF_filter = 'tcp' packets, however I am looking for filtering by source and destination IP addresses. The spript is shown below:
import pyshark
capture = pyshark.LiveCapture(interface=r'\Device\NPF_{707B2864-16B6-4E63-A44E-18BA00FC87EA}', bpf_filter='tcp and src.address=192.168.74.253 and dst.address=172.16.0.121', output_file=('../logs_capture/20221013_cap1.xdoc'))
capture.sniff(timeout=5)
capture
capture[3]
#<UDP/HTTP Packet>
for packet in capture.sniff_continuously(packet_count=5):
print ('Just arrived:', packet)
Can anyone give me an hint?
BPF filters are specified using pcap-filter syntax. So in your case you'd use 'ip and tcp and src host 192.168.74.253 and dst host 172.16.0.121'.