Skip to main content

User-friendly packet captures

Project description

capture-packets: User-friendly packet captures

Please read before using

All network traffic occurring on your machine is captured (unless you specify a more specific interface, default is all interfaces). Any TLS handshakes that occur within the capture_packets will have their secrets dumped as well so that TLS traffic within the packet capture can be decrypted. Any TLS handshakes not occurring within the capture_packets context manager are unaffected.

Do not send this data to anyone you do not trust. If you're using any authentication those secrets will likely be included in the packet capture. You should consider rotating your credentials after you've captured the packets to ensure there is zero chance of services being compromised. Use a secure channel (like magic-wormhole) to distribute these files.

Any maintainers who receives files from this utility should delete them as soon as possible after completing the requiring task.

Installing and instructions

To use this library you must have the dumpcap utility from tshark installed. Learn how to install dumpcap.

Now we install the Python package from PyPI:

$ python -m pip install capture-packets

After that's installed we create a script and place the problematic code within the capture_packets context manager:

from capture_packets import capture_packets

# Wrap *all* of your networking code
# in the capture_packets() context manager:
with capture_packets() as pcap:

    # You put the code that you want to capture below here:
    import urllib3
    http = urllib3.PoolManager()
    http.request("GET", "https://service-that-is-not.working")

    # By the way, it's okay if an error happens in here. The
    # context manager still works and outputs the paths to stdout.

# After capturing you can explore the captured packets:
from scapy.layers.dns import DNSQR
packets = pcap.packets(layers=DNSQR)
assert packets[0][DNSQR].qname == b"service-that-is-not.working."

Once you see the last message your packets have been captured and are stored at the displayed path (in the above example, at /tmp/tmpcaxb58kt/captured-packets.tar). You can send the tarball to the maintainer requesting packets.

IMPORTANT: Make sure that all of your code is enclosed within the capture_packets() context manager. Otherwise a crucial setup step to configure TLS secrets may be missed:

import urllib3

# === DON'T DO THIS ===

# This won't work because TLS will get
# configured outside the context manager.
http = urllib3.HTTPSConnectionPool("service-that-is-not.working", 443)

with capture_packets():
    http.request("GET", "/")

# === DO THIS INSTEAD ===
with capture_packets():
    # TLS is configured within capture_packets() block :tada:
    http = urllib3.HTTPSConnectionPool("service-that-is-not.working", 443)
    http.request("GET", "/")

Why is this useful?

There are networking issues that are impossible to debug without a packet capture and it's typically a difficult task for users to capture packets and TLS secrets themselves. This library is an attempt to make packet captures as simple as possible for users while still being comprehensive.

What libraries are supported?

If TLS isn't being used, then in theory any networking library will work.

If TLS is being used then the library must support the SSLKEYLOGFILE environment variable to have TLS secrets dumped automatically as well. To name a few, urllib3, Requests, and any libraries that use those two libraries for HTTP will work with TLS.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

capture-packets-0.1.2.tar.gz (4.8 kB view details)

Uploaded Source

Built Distribution

capture_packets-0.1.2-py3-none-any.whl (5.3 kB view details)

Uploaded Python 3

File details

Details for the file capture-packets-0.1.2.tar.gz.

File metadata

  • Download URL: capture-packets-0.1.2.tar.gz
  • Upload date:
  • Size: 4.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.11.0

File hashes

Hashes for capture-packets-0.1.2.tar.gz
Algorithm Hash digest
SHA256 f6e54973d221d3a0319908841b4c94405c087ce7b0525471c0acb3cd00c9a2e4
MD5 5a9310d5116cd1ef5c87e053c50a5ec5
BLAKE2b-256 49d587b613617bb3bb0cb59b86a373101effd0b760ada7a091ef7e2bdf2ce958

See more details on using hashes here.

File details

Details for the file capture_packets-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for capture_packets-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 1496d5ecc961750ba1e4cefc01645553bd533f8881cf7b248d472a12797bc85d
MD5 370a23c10b81d928e63ae20b5244674d
BLAKE2b-256 6652952c5df9d13b8076ff7d036f61204627fc2688899509fb1fab61dfccab77

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page