PyPCAPKit: comprehensive network packet analysis library
Project description
For any technical and/or maintenance information, please kindly refer to the Official Documentation.
The PyPCAPKit project is an open source Python program focus on PCAP parsing and analysis, which works as a network packet extraction, construction and analysis library. With support of DictDumper, it shall support multiple output report formats.
The whole project supports Python 3.6 or later.
About
PyPCAPKit is an independent open source library, using only DictDumper as its formatted output dumper.
There is a project called jspcapy works on pcapkit, which is a command line tool for PCAP extraction.
Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.
Module Structure
In pcapkit, all files can be described as following eight parts.
Interface (pcapkit.interface)
User interface for the pcapkit library, which standardises and simplifies the usage of this library.
Foundation (pcapkit.foundation)
Synthesises file I/O and protocol analysis, coordinates information exchange in all network layers, as well as provides the foundamental functions for pcapkit.
Protocols (pcapkit.protocols)
Collection of all protocol family, with detailed implementation and methods.
Utilities (pcapkit.utilities)
Auxiliary functions and tools for pcapkit.
CoreKit (pcapkit.corekit)
Core utilities for pcapkit implementation, mainly for internal data structure and processing.
ToolKit (pcapkit.toolkit)
Auxiliary tools for pcapkit to support the multiple extraction engines with a unified interface.
DumpKit (pcapkit.dumpkit)
File output formatters for pcapkit.
Constants (pcapkit.const)
Constant enumerations used in pcapkit for protocol family extraction and representation.
Engine Comparison
Due to the general overhead of pcapkit, its extraction procedure takes around 0.2 milliseconds per packet, which is already impressive but not enough comparing to other popular extration engines availbale on the market, given the fact that pcapkit is a comprehensive packet processing module.
Additionally, pcapkit introduced alternative extractionengines to accelerate this procedure. By now pcapkit supports Scapy, DPKT, and PyShark.
Test Environment
Operating System |
macOS Ventura 13.4 Beta (22F5037d) |
Chip |
Apple M2 Pro |
Memory |
16 GB |
Test Results
Engine |
Performance (ms per packet) |
---|---|
dpkt |
0.010694_027361 |
scapy |
0.093399_399399 |
pcapkit |
0.199796_296296 |
pyshark |
25.066692_025359 |
Installation
Simply run the following to install the current version from PyPI:
pip install pypcapkit
Or install the latest version from the gi repository:
git clone https://github.com/JarryShaw/PyPCAPKit.git
cd pypcapkit
pip install -e .
# and to update at any time
git pull
And since pcapkit supports various extraction engines, and extensive plug-in functions, you may want to install the optional ones:
# for DPKT only
pip install pypcapkit[DPKT]
# for Scapy only
pip install pypcapkit[Scapy]
# for PyShark only
pip install pypcapkit[PyShark]
# and to install all the optional packages
pip install pypcapkit[all]
# or to do this explicitly
pip install pypcapkit dpkt scapy pyshark
For CLI usage, you will need to install the optional packages:
pip install pypcapkit[cli]
# or explicitly...
pip install pypcapkit emoji
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pypcapkit-1.0.1.post3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 675afdd3c98eeb744472fcf788548f3d005af9360d49a6d4f284950e5b2de1fa |
|
MD5 | 54de880ef8b2dd6264dc4b47d8b83a27 |
|
BLAKE2b-256 | f2aac7af89deaefe73b67076e111d21abde2a2d623684001224d1ee645129a2e |