Read pcap and assemble HTTP requests

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gaainf from gravatar.com gaainf

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD-3-Clause)

Author: Alexander Grechin

Tags traffic, pcap, utilities, tcpdump, tshark, wireshark

Classifiers

Project description

https://travis-ci.org/travis-ci/travis-web.svg?branch=master https://codecov.io/gh/gaainf/pcaper/branch/master/graph/badge.svg

Pcaper provides class to read pcap file, assemble and iterate HTTP requests. The package based on dpkt.

Installation

pip install pcaper

Import

import pcaper
reader = pcaper.HTTPRequest()

or

from pcaper import HTTPRequest
reader = HTTPRequest()

Examples

Iterate HTTP requests

Read pcap file, assemble and iterate HTTP requests

reader = pcaper.HTTPRequest()
params = {
    'input': 'file.pcap',
}
for request in reader.read_pcap(params):
    print request['origin']

Extract http headers

You can extract header by name

reader = pcaper.HTTPRequest()
params = {
    'input': 'file.pcap',
}
for request in reader.read_pcap(params):
    print request['headers']['host']
    print request['headers']['content-length']

Filter packets

It is possible to filter out excess packets

reader = pcaper.HTTPRequest()
params = {
    'input': 'file.pcap',
    'filter': 'tcp.dst == 1.1.1.1'
}
for request in reader.read_pcap(params):
    print request['origin']

You can combine tcp and ip filters in dpkt style

params2 = {
    'input': 'file.pcap',
    'filter': '(ip.src == 10.4.0.136 or ip.dst == 10.1.40.61) and tcp.dport == 8888'
}

Notes

New pcapng format is not supported by dpkt package, but you can convert input file from pcapng to pcap format with standard utility, which is installed with wireshark package.

mergecap file.pcapng -w out.pcap -F pcap

Scripts

parse_http

The parse_http script is installed to Python directory and can be executed directly in command line

It simplify parsing of pcap files. Just extract HTTP requests including its headers and body and print out complete data to console or file.

Print HTTP requests from pcap file:

parse_http file.pcap

Filter HTTP requests and write to external file:

parse_http -f "tcp.dport == 8080" -o file.out file.pcap

Print statistics about counted requests:

parse_http -f "ip.src == 10.10.10.10" -S file.pcap

Stats:
    total: 1
    complete: 1
    incorrect: 0
    incomplete: 0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gaainf from gravatar.com gaainf

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD-3-Clause)

Author: Alexander Grechin

Tags traffic, pcap, utilities, tcpdump, tshark, wireshark

Classifiers

Release history Release notifications | RSS feed

1.0.11

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

This version

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcaper-1.0.2.tar.gz (6.3 kB view hashes)

Uploaded Source

Built Distribution

pcaper-1.0.2-py2.py3-none-any.whl (7.2 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page