Converting a sniffed scapy packet to bytes

Question

When sniffing packets with scapy I can save them to a variable

sniffed = sniff(count=1)

Now I would like to see what\'s inside the packet by do

Answer 1

You are probably searching for scapy Hexdump(pkt) or hexraw(pkt) or repr(str(pkt)) for string encoded output. Note that sniff returns a list, not a single pkt.

If you want to access serialized packet bytes one by one just serialize the layers str(pkt) to get a python (char/byte)-string.

for b in str(pkt):
    print "char: %s ord/value: %d hex: %x"%(b,ord(b),ord(b))

Answer 2

If you have already read the packet as pkt you may see bytes by time :

pktBytes=[]
pktTimes=[]
from datetime import datetime
#Read each packet and append to the lists.
for p in pkt:
    if IP in p:
        try:
            pktBytes.append(p[IP].len)
            pktTime=datetime.fromtimestamp(p.time)
            pktTimes.append(pktTime.strftime("%Y-%m-%d %H:%M:%S.%f"))
        except:
            pass

# Convert list to series
bytes = pd.Series(pktBytes).astype(int)

# Convert the timestamp list to a pd date_time with the option “errors=coerce” to handle errors.
times = pd.to_datetime(pd.Series(pktTimes).astype(str),  errors='coerce')

# Build the dataframe, set time as index
df  = pd.DataFrame({'Bytes': bytes, 'Times':times})
df = df.set_index('Times')

# See how it looks in 2 seconds sums
df.resample('2S').sum().plot()