How to parse packets in a python library? [closed] How to parse packets in a python library? [closed] python python

How to parse packets in a python library? [closed]


python tcp pcap

Try scapy. It is a very powerful program for packet inspection, manipulation and creation.

You can use it to build your own tools.

python tcp pcap

I tried that and then tried pcapy. I choose pcapy because my use was similar to an example which I found googling.

http://snipplr.com/view/3579/live-packet-capture-in-python-with-pcapy/ (or see the same code copied below)

import pcapyfrom impacket.ImpactDecoder import *# list all the network devicespcapy.findalldevs()max_bytes = 1024promiscuous = Falseread_timeout = 100 # in millisecondspc = pcapy.open_live("name of network device to capture from", max_bytes,     promiscuous, read_timeout)pc.setfilter('tcp')# callback for received packetsdef recv_pkts(hdr, data):    packet = EthDecoder().decode(data)    print packetpacket_limit = -1 # infinitepc.loop(packet_limit, recv_pkts) # capture packets

python tcp pcap

I recommend you to use Pyshark. this is wrapper for tshark. it also support all of tshark filter, decoder lib, ... and easy to use!This is a great package for parsing .pcap file and also livecapturing

https://pypi.python.org/pypi/pyshark

sample code (from the link):

import pysharkcap = pyshark.FileCapture('/root/log.cap')cap>>> <FileCapture /root/log.cap>print cap[0]Packet (Length: 698)Layer ETH:        Destination: BLANKED        Source: BLANKED        Type: IP (0x0800)Layer IP:        Version: 4        Header Length: 20 bytes        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))        Total Length: 684s        Identification: 0x254f (9551)        Flags: 0x00        Fragment offset: 0        Time to live: 1        Protocol: UDP (17)        Header checksum: 0xe148 [correct]        Source: BLANKED        Destination: BLANKED  ...dir(cap[0])['__class__', '__contains__', '__delattr__', '__dict__', '__dir__', '__doc__', '__format__', '__getattr__', '__getattribute__', '__getitem__', '__getstate__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setstate__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_packet_string', 'bssgp', 'captured_length', 'eth', 'frame_info', 'gprs-ns', 'highest_layer', 'interface_captured', 'ip', 'layers', 'length', 'number', 'pretty_print', 'sniff_time', 'sniff_timestamp', 'transport_layer', 'udp']cap[0].layers[<ETH Layer>, <IP Layer>, <UDP Layer>, <GPRS-NS Layer>, <BSSGP Layer>]....

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last