2
votes

I have a diameter packet capture pcap file (using tcpdump) containing some AVPs. I'd like to parse the pcap file and access/retrieve the AVPs.

I'm using python3.5.1. The dpkt library apparently supports diameter well but it's not yet available for python3. I tried converting it via 2to3-3.5 script but the conversion isn't full-proof and I'm hitting unicode errors while parsing the pcap.

I am trying to use scapy now. I need some help/examples in how to use scapy to:

  1. parse a pcap file
  2. retrieve/parse AVPs from the pcap.

Any help would be appreciated.

Regards Sharad

1
You can read a pcap in scapy with the rdpcap function. You can then parse the packets using one of summary(), show(), or show2() depending on what you need. I am not familiar with a diameter packet but you could take a look at it doing this: pcap = rdpcap(capture) for p in pcap: p.show()This would show you how scapy sees it. Hope that helps.Noob123
I'll try and update. Thanks!Sharad
If the processing time does not matter for you, you can use pyshark based on tshark). it can decode diameter protocol.Giac
pcap=rdpcap(capture) for p in pcap: p.show() only gives you raw data.Tiina
Did you figure the best way for this? I am looking for the same thing.Patz

1 Answers

0
votes

I would suggest you to use tshark. Using tshark you can convert the pcap files to text files containing the AVPs that you are interested in. Once you have the text file, I believe it would be easy to extract the information using python.