pypcapkit 1.1.0

PyPCAPKit: comprehensive network packet analysis library

For any technical and/or maintenance information, please kindly refer to the Official Documentation.

The PyPCAPKit project is an open source Python program focus on network packet parsing and analysis, which works as a comprehensive PCAP file extraction, construction and analysis library.

The whole project supports Python 3.6 or later.

About

PyPCAPKit is a comprehensive Python-native network packet analysis library, with DictDumper as its formatted output dumper.

Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.

Module Structure

In pcapkit, all files can be described as following eight parts.

• Interface (pcapkit.interface)

  User interface for the pcapkit library, which standardises and simplifies the usage of this library.

• Foundation (pcapkit.foundation)

  Synthesises file I/O and protocol analysis, coordinates information exchange in all network layers, as well as provides the foundamental functions for pcapkit.

• Protocols (pcapkit.protocols)

  Collection of all protocol family, with detailed implementation and methods.

• Utilities (pcapkit.utilities)

  Auxiliary functions and tools for pcapkit.

• CoreKit (pcapkit.corekit)

  Core utilities for pcapkit implementation, mainly for internal data structure and processing.

• ToolKit (pcapkit.toolkit)

  Auxiliary tools for pcapkit to support the multiple extraction engines with a unified interface.

• DumpKit (pcapkit.dumpkit)

  File output formatters for pcapkit.

• Constants (pcapkit.const)

  Constant enumerations used in pcapkit for protocol family extraction and representation.

Engine Comparison

Due to the general overhead of pcapkit, its extraction procedure takes around 0.2 milliseconds per packet, which is already impressive but not enough comparing to other popular extration engines availbale on the market, given the fact that pcapkit is a comprehensive packet processing module.

Additionally, pcapkit introduced alternative extractionengines to accelerate this procedure. By now pcapkit supports Scapy, DPKT, and PyShark.

Test Environment

Operating System	macOS Ventura 13.4 Beta (22F5037d)
Chip	Apple M2 Pro
Memory	16 GB

Test Results

Engine	Performance (ms per packet)
dpkt	0.010694_027361
scapy	0.093399_399399
pcapkit	0.199796_296296
pyshark	25.066692_025359

Installation

Note

pcapkit supports Python versions since 3.6.

Simply run the following to install the current version from PyPI:

pip install pypcapkit

Or install the latest version from the gi repository:

git clone https://github.com/JarryShaw/PyPCAPKit.git
cd pypcapkit
pip install -e .
# and to update at any time
git pull

And since pcapkit supports various extraction engines, and extensive plug-in functions, you may want to install the optional ones:

# for DPKT only
pip install pypcapkit[DPKT]
# for Scapy only
pip install pypcapkit[Scapy]
# for PyShark only
pip install pypcapkit[PyShark]
# and to install all the optional packages
pip install pypcapkit[all]
# or to do this explicitly
pip install pypcapkit dpkt scapy pyshark

For CLI usage, you will need to install the optional packages:

pip install pypcapkit[cli]
# or explicitly...
pip install pypcapkit emoji