Library to read/write the pcap-ng format used by various packet sniffers
Project description
Python-pcapng
Python library to parse the pcap-ng format used by newer versions of dumpcap & similar tools (wireshark, winpcap, …).
Documentation
If you prefer the RTD theme, or want documentation for any version other than the latest, head here:
http://python-pcapng.readthedocs.org/en/latest/
If you prefer the more comfortable, page-wide, default sphinx theme, a documentation mirror is hosted on GitHub pages:
CI build status
Branch |
Status |
|---|---|
master |
|
develop |
|
Source code
Source, issue tracker etc. on GitHub: https://github.com/rshk/python-pcapng
Get the source from git:
git clone https://github.com/rshk/python-pcapng
Download zip of the latest version:
https://github.com/rshk/python-pcapng/archive/master.zip
Install from pypi:
pip install python-pcapng
PyPI status
The official page on the Python Package Index is: https://pypi-hypernode.com/pypi/python-pcapng
Why this library?
I need to decently extract some information from a bunch of pcap-ng files, but apparently tcpdump has some problems reading those files,
I couldn’t find other nice tools nor Python bindings to a library able to parse this format, so..
In general, it appears there are (quite a bunch of!) Python modules to parse the old (much simpler) format, but nothing for the new one.
And, they usually completely lack any form of documentation.
Isn’t it slow?
Yes, I guess it would be much slower than something written in C, but I’m much better at Python than C.
..and I need to get things done, and CPU time is not that expensive :)
(Maybe I’ll give a try porting the thing to Cython to speed it up, but anyways, pure-Python libraries are always useful, eg. for PyPy).
How do I use it?
Basic usage is as simple as:
from pcapng import FileScanner
with open('/tmp/mycapture.pcap') as fp:
scanner = FileScanner(fp)
for block in scanner:
pass # do something with the block...Have a look at the blocks documentation to see what they do; also, the examples directory contains some example scripts using the library.
Hacking
Format specification is here:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
Contributions are welcome, please contact me if you’re planning to do some big change, so that we can sort out the best way to integrate it.
Or even better, open an issue so the whole world can partecipate in the discussion :)
History
v0.1
Support for “scanning” streams of pcap-ng data
Support for decoding the “standard” pcap-ng blocks:
Section headers
Interface description
Enhanced packet
Simple packet (deprecated)
Packet (deprecated)
Name resolution
Interface statistics
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file python-pcapng-0.1a0.tar.gz.
File metadata
- Download URL: python-pcapng-0.1a0.tar.gz
- Upload date:
- Size: 21.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8becf9a9c6e583cfab7bdba2974802dd57409439fbc3cad5225350f7b3512351 |
|
| MD5 | a14038ccc25006e7a7134900ffd250a9 |
|
| BLAKE2b-256 | 8175ea2557249793b6280beff93c224e8c7da8baef83ad252d20e5a546dc2942 |
