I am trying to use pyshark to put all of the ip src or dst into a list, which I later want to graph with matplotlib, to see which IP addresses sent or received the most traffic(not trying to do both at once). However, when I iterate through the packets of my capture, I print the list after each packet until I hit an IPV6 packet(I think) with a destination address of 'ff02::fb', and I get an error that says "KeyError: 'layer does not exist in packet'" I am trying to find a way around this so I can graph the results.
cap = pyshark.FileCapture('p-02.pcap')
ipList = []
for packet in cap:
if ("IP" in str(packet.layers)):
thisip = packet['ip'].dst
ipList.append(thisip)
print(ipList)
Here are the results:
IPv6 packets are in the IPV6 Layer in packet.layers
and standard IPv4 packers are in the IP Layer in packet.layers
Here is some basic code to access these packets.
import pyshark
capture = pyshark.FileCapture(input_file='your_pcap_file_name')
for packet in capture:
if 'IPV6 Layer' in str(packet.layers):
print('do something with IPV6 packets')
if 'IP Layer' in str(packet.layers):
print('do something with IPV4 packets')
output
do something with IPV4 packets
do something with IPV6 packets
do something with IPV4 packets
do something with IPV6 packets
do something with IPV4 packets
Also here is an older Github Project that I did on using Pyshark for packet analysis. I'm in the process of updating this project with more formal documentation.