Skip to main content


This Script is part of the PCAP Analysis Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Extract payloads of each stream from a pcap. The payloads will be retrieved with an array of dictionaries of these keys:

  • protocol
  • client_ip
  • client_port
  • server_ip
  • server_port
  • stream_size
  • stream_text
  • stream_base64
  • outgoing_size
  • outgoing_text
  • outgoing_base64
  • incoming_size
  • incoming_text
  • incoming_base64

Script Data#

Script Typepython3
Tagspcap, Utility, transformer


Argument NameDescription
valueThe data of a pcap in base64 from which to extract streams.
pathThe context path to the pcap (e.g., PcapData.pcap). If you add a comma plus a node name after the path, the output will be set to the node (e.g., PcapData.pcap,out).
pcap_typeThe data type of the pcap data.
bin2txt_modeThe mode of how to convert the binary to text
pcap_filterFilter to apply on PCAP. Wireshark syntax as can be found here:
rsa_decrypt_keyThe RSA decryption key in base64.
wpa_passwordThe WPA password. By providing the password you will be able to decrypt encrypted traffic data.
filter_keysKeys of output items by which to filter them.
error_actionThe action on error to parsing pcap. Possible values are abort (default), ignore, and keep.
server_portsDefault server port numbers by which to decide the direction.


There are no outputs for this script.