http layer is not detected

[alext234]

web3_clientVersion.pcap.tar.gz

When I do a packet.show() with the attached pcap file, there is no HTTP layer shown.

[githubMerge]

This module parses the HTTP request which has sport or dport == 80.
please check https://github.com/invernizzi/scapy-http/blob/master/scapy_http/http.py#L260

Your pcap does not satisfy the condition.

@invernizzi: can you please comment how to parse HTTP protocol on non-standard ports?

[arglucas]

My code which adds a new destination and source port (5000) to parse the HTTP layer with is as follows:

from scapy.layers.inet import TCP
import scapy.all as scapy
from  scapy_http.http import *

scapy.packet.bind_layers(TCP, HTTP, dport=5000)
scapy.packet.bind_layers(TCP, HTTP, sport=5000)

packets = scapy.rdpcap('./capture.pcap')

You can then show an HTTP packet as per the docs.

[githubMerge]

@arglucas
Is it possible for you to check the common HTTP words like "GET, POST, HOST, HTTP/" in TCP payload and concur that it is HTTP flow and parse the packet?

This will work irrespective of the source and destination port.
If the user does not know the port information, we are back to square one.

[cr0hn]

Hi! Maybe this could help:

https://gist.github.com/cr0hn/cfa4e6d04a20f6248a506c072ae0ba81