Skip to content

Instantly share code, notes, and snippets.

@alem0lars

alem0lars/pcap-remove-payload.py

Created July 26, 2017 15:16
Show Gist options
  • Save alem0lars/ca034b0644cf2512cbfb8a03b3388111 to your computer and use it in GitHub Desktop.
Save alem0lars/ca034b0644cf2512cbfb8a03b3388111 to your computer and use it in GitHub Desktop.
Download ZIP
Remove payload from a pcap (useful to fully anonymize a pcap)
Raw
pcap-remove-payload.py
#! /usr/bin/env python2
from scapy.all import *
import sys
INFILE = sys.argv[1]
OUTFILE = sys.argv[2]
with PcapWriter(OUTFILE) as dest:
with PcapReader(INFILE) as infile:
for pkt in infile:
if TCP in pkt:
pkt[TCP].remove_payload()
elif UDP in pkt:
pkt[UDP].remove_payload()
dest.write(pkt)
@jcoffland
Copy link 

#!/usr/bin/env python3
from scapy.all import *
from scapy.layers.inet import *
import sys

with PcapWriter(sys.argv[2]) as out:
    with PcapReader(sys.argv[1]) as in:
        for pkt in in:
            if   TCP in pkt: pkt[TCP].remove_payload()
            elif UDP in pkt: pkt[UDP].remove_payload()
            out.write(pkt)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment