I have been looking for a way to get 802.11 Packets from a .cap file into an Array. So far I have found:
Scapy: which is kind of nice, documentation available, but too slow, when I try to open a file with size > 40 Mb, I just keeps hanging on until it consumes all my Ram (all 16 gigs of it) at which point my pc just blocks and I have to reboot it
Pyshark: doesn't have any of Scapy's problems, but documentation is too scarce, I can't find a way to handle and get attributes for 802.11 Packets
So I was thinking maybe there are better solutions out there, or maybe someone does have some experience with pyshark?
from scapy.all import *
import pyshark
from collections import defaultdict
import sys
import math
import numpy as np
counter=0
Stats = np.zeros((14))
filename='cap.cap'
a = rdpcap(filename)
print len(a)
for p in a:
pkt = p.payload
#Management packets
if p.haslayer(Dot11) and p.type == 0:
ipcounter = ipcounter +1
Stats[p.subtype] = Stats[p.subtype] + 1
print Stats
Note: when I launch the program with a 10 Mega bytes input (for instance) it takes about 20 seconds or so, but it does work, I wonder why is that, why is it so different from pyshark and what kind of computations is it doing?