Skip to content

FileCapture Usage

FileCapture is designed to query a Packet Capture (PCAP) file. This mode has various filters that can be applied to the packets being processed.

FileCapture basic usage🔗

import pyshark

capture = pyshark.FileCapture(input_file='your pcap file')
for packet in capture:
   # do something with the packet

FileCapture with bpf_filter🔗

FileCapture has a featured named BPF_Filter (Berkeley Packet Filter) that allows you to prefilter the packets being captured. The example below show how to parse Domain Name System (DNS) packets from a FileCapture session. 

import pyshark

capture = pyshark.FileCapture(input_file='your pcap file', bpf_filter='udp port 53')
for packet in capture:
   # do something with the packet

FileCapture with display_filter🔗

FileCapture has a featured named display_filter that allows you to prefilter the packets being captured. The example below show how to parse Domain Name System (DNS) packets using display_filter from a FileCapture session. 

import pyshark

capture = pyshark.FileCapture(input_file='your pcap file', display_filter='dns')
for packet in capture:
   # do something with the packet