Skip to main content


This Script is part of the Common Scripts Pack.#

Allows to parse and extract http flows (requests & responses) from a pcap/pcapng file.

Script Data#

Script Typepython3
Tagspcap, http
Cortex XSOAR Version5.0.0


Argument NameDescription
pcapFileNameget file entry from file name
entryIDFile entry from the WarRoom
limitLimit the output of the capture file output's flows (starts from 0).
startIndex of where to output flows (starts from 0).
limitDataLimit the HttpFileData field (in bytes)
allowedContentTypesThe allowed content types to display, separated with comma, uses startswith to find a match (ie text,image will display text\html, and image\png).


PcapHTTPFlowsFlows extracted from the pcap file.String
PcapHttpFlows.ResultIndexThe index of the http packet in the pcap file.String
PcapHttpFlows.HttpContentTypeHttp content type of the response.String
PcapHttpFlows.HttpResponseVersionHttp version used in the response.String
PcapHttpFlows.HttpResponseCodeHttp response code from the serverString
PcapHttpFlows.HttpDateHttp date returned from the severString
PcapHttpFlows.HttpRequestMethodHttp request method used.String
PcapHttpFlows.HttpRequestUriHttp request URI (path)String
PcapHttpFlows.HttpFileDataHttp content of the responseString
PcapHttpFlows.HttpServerThe server signature in the responseString
PcapHttpFlows.HttpUserAgentHttp user agent sent in the requestString
PcapHttpFlows.HttpAcceptHttp request accept typeString
PcapHttpFlows.MetaSniffTimeStampTime the packet was sniffed (unixtime).String