Skip to content

Instantly share code, notes, and snippets.

@econchick

econchick/search-term-query.ipynb

Last active December 29, 2015 04:29
Show Gist options
  • Save econchick/7614870 to your computer and use it in GitHub Desktop.
Save econchick/7614870 to your computer and use it in GitHub Desktop.
Download ZIP
Display the source blob
Display the rendered blob
Raw
search-term-query.ipynb
{
"metadata": {
"name": ""
},
"nbformat": 3,
"nbformat_minor": 0,
"worksheets": [
{
"cells": [
{
"cell_type": "code",
"collapsed": false,
"input": [
"from scapy.all import *"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stderr",
"text": [
"WARNING: No route found for IPv6 destination :: (no default route?)\n"
]
},
{
"output_type": "stream",
"stream": "stderr",
"text": [
"WARNING:scapy.runtime:No route found for IPv6 destination :: (no default route?)\n"
]
}
],
"prompt_number": 1
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"# online sniffing\n",
"# pkts = sniff(filter=\"tcp and host search.yahoo.com\", count=300)\n",
"# saving for later\n",
"# wrpcap(\"data/yahoo_search.cap\", pkts)"
],
"language": "python",
"metadata": {},
"outputs": []
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"# importing pcap file\n",
"sample_http = 'data/yahoo_search.cap'\n",
"pkts = sniff(offline=sample_http)"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 2
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pkts"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 3,
"text": [
"<Sniffed: TCP:300 UDP:0 ICMP:0 Other:0>"
]
}
],
"prompt_number": 3
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pkts.nsummary()"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"0000 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http S\n",
"0001 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http S\n",
"0002 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http S\n",
"0003 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 SA\n",
"0004 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0005 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 SA\n",
"0006 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A\n",
"0007 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 SA\n",
"0008 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A\n",
"0009 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw\n",
"0010 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0011 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0012 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0013 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw\n",
"0014 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0015 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0016 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0017 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0018 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0019 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0020 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0021 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0022 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0023 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0024 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0025 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0026 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0027 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0028 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0029 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0030 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0031 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0032 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0033 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0034 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0035 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0036 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0037 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0038 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0039 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0040 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0041 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0042 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0043 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0044 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0045 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0046 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0047 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0048 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0049 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0050 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0051 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0052 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0053 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0054 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0055 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0056 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0057 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0058 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0059 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0060 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0061 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0062 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0063 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0064 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0065 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0066 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0067 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0068 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0069 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http FA\n",
"0070 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http FA\n",
"0071 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 A\n",
"0072 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53262 FA\n",
"0073 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 A\n",
"0074 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A\n",
"0075 Ether / IP / TCP 10.25.3.61:53262 > 74.6.239.58:http A\n",
"0076 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A\n",
"0077 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53263 FA\n",
"0078 Ether / IP / TCP 10.25.3.61:53263 > 74.6.239.58:http A\n",
"0079 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw\n",
"0080 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw\n",
"0081 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0082 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0083 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0084 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0085 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0086 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0087 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0088 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0089 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0090 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0091 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0092 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0093 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0094 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0095 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0096 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0097 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0098 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0099 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0100 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0101 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0102 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0103 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0104 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0105 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0106 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0107 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0108 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0109 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0110 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0111 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0112 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0113 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0114 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0115 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0116 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0117 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0118 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0119 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0120 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0121 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0122 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0123 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0124 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0125 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0126 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0127 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0128 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0129 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0130 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0131 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0132 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0133 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0134 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0135 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0136 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0137 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0138 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0139 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0140 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0141 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0142 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0143 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0144 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0145 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0146 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0147 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0148 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw\n",
"0149 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw\n",
"0150 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0151 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0152 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0153 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0154 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0155 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0156 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0157 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0158 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0159 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0160 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0161 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0162 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0163 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0164 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0165 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0166 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0167 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0168 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0169 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0170 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0171 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0172 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0173 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0174 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0175 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0176 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0177 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0178 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0179 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0180 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0181 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0182 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0183 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0184 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0185 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0186 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0187 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0188 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0189 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0190 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0191 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0192 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0193 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0194 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0195 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0196 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0197 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0198 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0199 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0200 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0201 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0202 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0203 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0204 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0205 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0206 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0207 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0208 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0209 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0210 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0211 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0212 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0213 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0214 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0215 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0216 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0217 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0218 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0219 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0220 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0221 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0222 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0223 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0224 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0225 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0226 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0227 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw\n",
"0228 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http PA / Raw\n",
"0229 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0230 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A\n",
"0231 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0232 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0233 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0234 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0235 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0236 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0237 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0238 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0239 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0240 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0241 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0242 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0243 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0244 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0245 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0246 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0247 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0248 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0249 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0250 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0251 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0252 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0253 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0254 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0255 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0256 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0257 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0258 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0259 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0260 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0261 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0262 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0263 "
]
},
{
"output_type": "stream",
"stream": "stdout",
"text": [
"Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0264 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0265 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0266 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0267 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0268 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0269 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0270 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0271 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0272 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0273 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0274 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0275 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0276 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0277 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0278 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0279 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0280 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0281 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0282 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0283 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0284 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0285 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0286 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0287 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0288 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0289 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0290 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0291 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0292 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0293 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0294 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0295 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 A / Raw / Padding\n",
"0296 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0297 Ether / IP / TCP 74.6.239.58:http > 10.25.3.61:53261 PA / Raw\n",
"0298 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A\n",
"0299 Ether / IP / TCP 10.25.3.61:53261 > 74.6.239.58:http A / Raw\n"
]
}
],
"prompt_number": 4
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pkts[79].show()"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"###[ Ethernet ]###\n",
" dst = 00:1d:70:df:2d:11\n",
" src = 14:10:9f:e1:54:9b\n",
" type = 0x800\n",
"###[ IP ]###\n",
" version = 4L\n",
" ihl = 5L\n",
" tos = 0x0\n",
" len = 1420\n",
" id = 51853\n",
" flags = DF\n",
" frag = 0L\n",
" ttl = 64\n",
" proto = tcp\n",
" chksum = 0x2448\n",
" src = 10.25.3.61\n",
" dst = 74.6.239.58\n",
" \\options \\\n",
"###[ TCP ]###\n",
" sport = 53261\n",
" dport = http\n",
" seq = 3423577226\n",
" ack = 4075984347\n",
" dataofs = 8L\n",
" reserved = 0L\n",
" flags = A\n",
" window = 8192\n",
" chksum = 0xe4ca\n",
" urgptr = 0\n",
" options = [('NOP', None), ('NOP', None), ('Timestamp', (1222799014, 196990643))]\n",
"###[ Raw ]###\n",
" load = 'GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\\r\\nHost: search.yahoo.com\\r\\nConnection: keep-alive\\r\\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\\r\\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\\r\\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\\r\\nAccept-Encoding: gzip,deflate,sdch\\r\\nAccept-Language: en-US,en;q=0.8\\r\\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0'\n"
]
}
],
"prompt_number": 5
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"pkts[79].getlayer(Raw)"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 6,
"text": [
"<Raw load='GET /search;_ylt=A0oG7mGUD49SBxcA3WpXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNmbWVsb2s1OTRqZ3UyJTI2YiUzRDQlMjZkJTNEOU15M2RnMXBZRUtpdVJyeG9BWlNlRGxLcjJFLSUyNnMlM0Q4ciUyNmklM0RTSjdlY2Y4ZURZakZnbS5DRWRucgRjc3JjcHZpZANHcC5VRjBnZXVyRDdPcmloVWtuRHdnWUFYWjUwR1ZLUEQ1UUFCc3hpBGZyA3lmcC10LTE0MARmcjIDc2ItdG9wBGdwcmlkA2NlVHN4WXhzUWIuOW51aGNlWG9TTUEEbXRlc3RpZANBRDAxJTNEU01FMzQxJTI2QURTUlAlM0RBRFNSUEMxJTI2QVNTVCUzRFZJUDI4OSUyNk1TRlQlM0RNU1kwMTAlMjZVSTAxJTNEVUlDMSUyNlVOSSUzRFJDRjA0NARuX3JzbHQDMTAEbl9zdWdnAzgEb3JpZ2luA3NlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDNgRxdWVyeQNNYWRyaWQEdF9zdG1wAzEzODUxMDczNTU4MzEEdnRlc3RpZANVSUMx?p=Madrid&fr2=sb-top&fr=yfp-t-140 HTTP/1.1\\r\\nHost: search.yahoo.com\\r\\nConnection: keep-alive\\r\\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\\r\\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36\\r\\nReferer: http://search.yahoo.com/search;_ylt=ApD.LW7jivmrlmZzNKxChqqbvZx4?p=Python&toggle=1&cop=mss&ei=UTF-8&fr=yfp-t-140\\r\\nAccept-Encoding: gzip,deflate,sdch\\r\\nAccept-Language: en-US,en;q=0.8\\r\\nCookie: B=fmelok594jgu2&b=4&d=9My3dg1pYEKiuRrxoAZSeDlKr2E-&s=8r&i=SJ7ecf8eDYjFgm.CEdnr; AO=o=0; YLS=v=1&p=1&n=1; F=a=I.qqZFgMvSp1SMQ7oNaJGIBu5DAJGO25SeRxXSKxg6_KZLWHQMHEkeFQrEOxAH9BOvMhwKs-&b=.hBp; Y=v=1&n=fr6nunkr11qks&l=he6k4bodd/o&p=f2m0' |>"
]
}
],
"prompt_number": 6
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"first_query = pkts[79].getlayer(Raw)\n",
"print first_query.fields.get('load').split('?p=')[1].split('&')[0]"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"Madrid\n"
]
}
],
"prompt_number": 7
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"second_query = pkts[148].getlayer(Raw)\n",
"print second_query.fields.get('load').split('?p=')[1].split('&')[0]"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"I+love+chocolate\n"
]
}
],
"prompt_number": 8
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"third_query = pkts[227].getlayer(Raw)\n",
"print third_query.fields.get('load').split('?p=')[1].split('&')[0]"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"Blue+Bottle+Coffe\n"
]
}
],
"prompt_number": 9
}
],
"metadata": {}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment