Skip to main content


This Script is part of the PCAP Analysis Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Extract payloads of each stream from a pcap file.

Script Data#

Script Typepython3
Tagspcap, file, Utility


Argument NameDescription
entry_idThe entry_id of the pcap file from which to extract streams.
bin2txt_modeThe mode of how to convert the binary to text.
pcap_filterFilter to apply on pcap. Wireshark syntax as can be found here:
rsa_decrypt_key_entry_idThe entry ID for the RSA decryption key.
wpa_passwordThe WPA password. By providing the password you will be able to decrypt encrypted traffic data.
filter_keysKeys of output items by which to filter them.
verboseSet to true to generate stream entries, otherwise false.
server_portsDefault server port numbers by which to decide the direction.


PCAPStream.entry_idThe entry ID of the pcap file parsed.string
PCAPStream.client_ipClient IP address.string
PCAPStream.client_portClient port number.number
PCAPStream.server_ipServer IP address.string
PCAPStream.server_poprtServer port nream data in bytes.number
PCAPStream.stream_textThe data stream in text.string
PCAPStream.stream_base64The data stream in base64.string
PCAPStream.outgoing_sizeSize of the outgoing data in bytes.number
PCAPStream.outgoing_textThe outgoing data stream in text.string
PCAPStream.outgoing_base64The outgoing data stream in base64.string
PCAPStream.incoming_sizeSize of the incoming data in bytes.number
PCAPStream.incoming_textThe incoming data stream in text.string
PCAPStream.incoming_base64The incoming data stream in base64.string