I have a application which capture's and displays the network packets. The packets are represented in two forms in a TableView and as a TreeView. I am using scapy to capture the network packets.
I wish to display the highest protocol level of the packet (highest being application layer for any packet) , the problem that i am facing is that some packets have their final payload named as the protocol itself (for example , DNS payload is named as DNS) , but some payloads are just named as Raw (for example , HTTP payload is named as Raw).
So i was wondering is their any way i could detect these protocols, in python .
This is the output for a DNS packet.
This is the output for a HTTP packet.
Here is the code that generates the Tree .
def packet2Tree(self,pkt):
if len(pkt.fields.keys()) == 0 or pkt.name == "":
return
self.rootNode = Node(pkt.name , self.RootNode )
field = pkt.fields_desc
for xfield in field:
self.childNode = Node(xfield.name , self.rootNode , str(pkt.getfieldval(xfield.name)))
self.packet2Tree(pkt.payload)
return self.RootNode
Any guess how to solve this problem