I'm new to python and I'm trying to write a script that will open and parse a pcap file. I have managed to do that but now I need to extract email addresses present in the fields To: and From: included in the packets and then print them. I have been using wireshark on the side to check where the email addresses where but I just can't find how to extract them. What I know so far is that I can find when looking for smtp or tcp.dstport == 587 but I don't know how to use that in python. Any help would be apreciated
Below you can find the code I have to parse the file
import dpkt
pcapfile = 'test.pcap'
f = open(pcapfile, 'rb')
pcap = dpkt.pcap.Reader(f)
for ts,buf in pcap:
eth=dpkt.ethernet.Ethernet(buf)
ip=eth.data
tcp=ip.data
print(repr(tcp))
break