pip install pyshark

pip install dpkt

f = open('new1.pcap','rb')
pcap = dpkt.pcap.Reader(f)
# ts是timestemp時(shí)間戳，buf（二進(jìn)制數(shù)據(jù)）是主體的數(shù)據(jù)包信息。
for ts,buf in pcap:
    pass

#由buf這個(gè)二進(jìn)制數(shù)據(jù)轉(zhuǎn)化為Ethernet類的對(duì)象
eth = dpkt.ethernet.Ethernet(buf)
 
ip_src = eth.data.src #這里是獲取這個(gè)數(shù)據(jù)包的源ip
#要注意的是，這里的源ip是以二進(jìn)制的方式返回的，如果我們要獲取點(diǎn)分十進(jìn)制的ip地址
#可以這樣做
def inet_to_str(inet):
    try:
        return socket.inet_ntop(socket.AF_INET,inet)
    except:
        return False#這里因?yàn)榫唧w需要把IPv6給丟棄了
        #如果希望IPv6也能獲取可以這樣
        #return socket.inet_ntop(socket.AF_INET6,inet)
ip_src = inet_to_str(eth.data.src)
ip_dst = inet_to_str(eth.data.dst)#目的ip\

#coding=utf-8
import dpkt
import socket
import time
 
def inet_to_str(inet):
    try:
        return socket.inet_ntop(socket.AF_INET,inet)
    except:
        return False
 
def getip():
    f = open('new1.pcap','rb')#要以rb方式打開(kāi)，用r方式打開(kāi)會(huì)報(bào)錯(cuò)
    pcap = dpkt.pcap.Reader(f)
    for ts,buf in pcap:
        print(ts)打印時(shí)間戳
        eth=dpkt.ethernet.Ethernet(buf)
 
        #這里也是對(duì)沒(méi)有IP段的包過(guò)濾掉
        if eth.type != dpkt.ethernet.ETH_TYPE_IP:
            continue
 
        ip = eth.data
        ip_src = inet_to_str(ip.src)
        ip_dst = inet_to_str(ip.dst)
        print(ip_src+'-->'+ip_dst)
 
if __name__=='__main__':
getip()

import dpkt
import os
import socket

test = open("new.pcap","wb")
writer = dpkt.pcap.Writer(test)
f=open("old.pcap",'rb')
packets = dpkt.pcap.Reader(f)
for ts,buf in packets:
    eth = dpkt.ethernet.Ethernet(buf)

    # 這里是將點(diǎn)分十進(jìn)制轉(zhuǎn)化成二進(jìn)制
    eth.data.src = socket.inet_pton(socket.AF_INET, "192.168.1.1")
    eth.data.dst = socket.inet_pton(socket.AF_INET, "192.168.1.2")
    writer.writepkt(eth,ts=ts)#不加ts參數(shù)，數(shù)據(jù)包時(shí)間戳?xí)J(rèn)為當(dāng)前時(shí)間
    test.flush()
test.close()