from scapy.all import *
# online sniffing
# pkts = sniff(filter="tcp and host search.yahoo.com", count=300)
# saving for later
# wrpcap("data/yahoo_search.cap", pkts)
# importing pcap file
sample_http = 'data/yahoo_search.cap'
pkts = sniff(offline=sample_http)
pkts
<Sniffed: TCP:300 UDP:0 ICMP:0 Other:0>
pkts.nsummary()
0000 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http S 0001 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http S 0002 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http S 0003 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 SA 0004 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0005 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 SA 0006 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A 0007 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 SA 0008 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A 0009 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw 0010 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0011 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0012 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0013 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw 0014 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0015 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0016 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0017 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0018 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0019 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0020 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0021 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0022 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0023 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0024 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0025 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0026 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0027 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0028 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0029 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0030 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0031 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0032 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0033 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0034 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0035 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0036 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0037 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0038 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0039 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0040 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0041 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0042 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0043 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0044 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0045 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0046 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0047 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0048 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0049 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0050 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0051 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0052 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0053 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0054 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0055 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0056 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0057 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0058 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0059 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0060 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0061 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0062 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0063 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0064 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0065 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0066 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0067 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0068 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0069 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http FA 0070 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http FA 0071 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 A 0072 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 FA 0073 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 A 0074 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A 0075 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A 0076 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A 0077 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 FA 0078 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A 0079 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw 0080 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw 0081 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0082 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0083 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0084 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0085 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0086 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0087 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0088 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0089 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0090 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0091 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0092 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0093 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0094 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0095 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0096 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0097 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0098 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0099 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0100 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0101 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0102 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0103 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0104 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0105 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0106 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0107 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0108 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0109 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0110 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0111 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0112 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0113 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0114 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0115 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0116 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0117 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0118 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0119 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0120 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0121 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0122 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0123 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0124 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0125 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0126 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0127 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0128 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0129 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0130 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0131 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0132 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0133 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0134 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0135 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0136 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0137 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0138 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0139 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0140 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0141 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0142 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0143 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0144 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0145 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0146 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0147 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0148 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw 0149 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw 0150 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0151 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0152 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0153 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0154 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0155 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0156 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0157 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0158 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0159 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0160 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0161 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0162 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0163 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0164 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0165 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0166 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0167 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0168 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0169 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0170 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0171 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0172 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0173 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0174 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0175 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0176 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0177 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0178 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0179 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0180 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0181 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0182 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0183 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0184 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0185 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0186 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0187 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0188 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0189 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0190 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0191 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0192 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0193 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0194 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0195 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0196 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0197 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0198 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0199 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0200 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0201 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0202 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0203 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0204 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0205 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0206 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0207 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0208 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0209 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0210 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0211 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0212 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0213 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0214 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0215 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0216 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0217 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0218 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0219 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0220 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0221 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0222 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0223 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0224 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0225 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0226 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0227 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw 0228 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw 0229 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0230 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A 0231 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0232 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0233 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0234 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0235 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0236 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0237 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0238 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0239 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0240 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0241 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0242 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0243 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0244 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0245 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0246 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0247 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0248 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0249 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0250 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0251 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0252 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0253 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0254 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0255 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0256 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0257 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0258 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0259 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0260 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0261 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0262 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0263 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0264 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0265 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0266 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0267 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0268 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0269 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0270 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0271 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0272 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0273 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0274 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0275 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0276 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0277 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0278 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0279 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0280 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0281 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0282 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0283 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0284 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0285 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0286 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0287 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0288 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0289 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0290 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0291 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0292 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0293 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0294 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0295 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding 0296 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0297 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw 0298 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A 0299 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw
pkts[79].show()
###[ Ethernet ]### dst = 00:1d:70:df:2d:11 src = 14:10:9f:e1:54:9b type = 0x800 ###[ IP ]### version = 4L ihl = 5L tos = 0x0 len = 1420 id = 51853 flags = DF frag = 0L ttl = 64 proto = tcp chksum = 0x2448 src = 10.25.3.61 dst = 74.6.239.58 \options \ ###[ TCP ]### sport = 53261 dport = http seq = 3423577226 ack = 4075984347 dataofs = 8L reserved = 0L flags = A window = 8192 chksum = 0xe4ca urgptr = 0 options = [('NOP', None), ('NOP', None), ('Timestamp', (1222799014, 196990643))] ###[ Raw ]### load = 'GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\r\nHost: search.yahoo.com\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\r\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0'
pkts[79].getlayer(Raw)
<Raw load='GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\r\nHost: search.yahoo.com\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\r\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0' |>
first_query = pkts[79].getlayer(Raw)
print first_query.fields.get('load').split('?p=')[1].split('&')[0]
Madrid
second_query = pkts[148].getlayer(Raw)
print second_query.fields.get('load').split('?p=')[1].split('&')[0]
I+love+chocolate
third_query = pkts[227].getlayer(Raw)
print third_query.fields.get('load').split('?p=')[1].split('&')[0]
Blue+Bottle+Coffe