Skip to main content

PyPCAPKit: comprehensive network packet analysis library

Project description

For any technical and/or maintenance information, please kindly refer to the Official Documentation.

The PyPCAPKit project is an open source Python program focus on PCAP parsing and analysis, which works as a network packet extraction, construction and analysis library. With support of DictDumper, it shall support multiple output report formats.

The whole project supports Python 3.6 or later.


PyPCAPKit is an independent open source library, using only DictDumper as its formatted output dumper.

There is a project called jspcapy works on pcapkit, which is a command line tool for PCAP extraction.

Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.

Module Structure

In pcapkit, all files can be described as following eight parts.

  • Interface (pcapkit.interface)

    User interface for the pcapkit library, which standardises and simplifies the usage of this library.

  • Foundation (

    Synthesises file I/O and protocol analysis, coordinates information exchange in all network layers, as well as provides the foundamental functions for pcapkit.

  • Protocols (pcapkit.protocols)

    Collection of all protocol family, with detailed implementation and methods.

  • Utilities (pcapkit.utilities)

    Auxiliary functions and tools for pcapkit.

  • CoreKit (pcapkit.corekit)

    Core utilities for pcapkit implementation, mainly for internal data structure and processing.

  • ToolKit (pcapkit.toolkit)

    Auxiliary tools for pcapkit to support the multiple extraction engines with a unified interface.

  • DumpKit (pcapkit.dumpkit)

    File output formatters for pcapkit.

  • Constants (pcapkit.const)

    Constant enumerations used in pcapkit for protocol family extraction and representation.

Engine Comparison

Due to the general overhead of pcapkit, its extraction procedure takes around 0.2 milliseconds per packet, which is already impressive but not enough comparing to other popular extration engines availbale on the market, given the fact that pcapkit is a comprehensive packet processing module.

Additionally, pcapkit introduced alternative extractionengines to accelerate this procedure. By now pcapkit supports Scapy, DPKT, and PyShark.

Test Environment

Operating System

macOS Ventura 13.4 Beta (22F5037d)


Apple M2 Pro


16 GB

Test Results


Performance (ms per packet)










Simply run the following to install the current version from PyPI:

pip install pypcapkit

Or install the latest version from the gi repository:

git clone
cd pypcapkit
pip install -e .
# and to update at any time
git pull

And since pcapkit supports various extraction engines, and extensive plug-in functions, you may want to install the optional ones:

# for DPKT only
pip install pypcapkit[DPKT]
# for Scapy only
pip install pypcapkit[Scapy]
# for PyShark only
pip install pypcapkit[PyShark]
# and to install all the optional packages
pip install pypcapkit[all]
# or to do this explicitly
pip install pypcapkit dpkt scapy pyshark

For CLI usage, you will need to install the optional packages:

pip install pypcapkit[cli]
# or explicitly...
pip install pypcapkit emoji

Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pypcapkit-1.0.1.post3.tar.gz (435.8 kB view hashes)

Uploaded source

Built Distribution

pypcapkit-1.0.1.post3-py3-none-any.whl (733.5 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page