Skip to main content

Cython libpcap

Project description

python-libpcap

pypi.python.org pypi.python.org travis-ci.org pypi.python.org readthedocs.org img.shields.io img.shields.io

This is the Cython encapsulated of the C libpcap library for python.

Features

  • Read pcap file
  • Write pcap file
  • Merge pcap file
  • Multi-file quick merge
  • Get first iface
  • Get iface list
  • Send raw packet
  • Capture data

Install

To install python-libpcap, run this command in your terminal:

$ sudo apt-get install libpcap-dev
$ pip3 install python-libpcap

Or

$ git clone https://github.com/caizhengxin/python-libpcap.git
$ cd python-libpcap
$ pip3 install -e .

Usage

Command

# Multi-file quick merge
$ libpcap-merge -i test.pcap -o pcap.pcap port 502
$ libpcap-merge -i pcap/ -o pcap.pcap port 502

# Capture data packet
$ sudo libpcap-capture -i enp0s3 -v -p port 22
$ sudo libpcap-capture -i enp0s3 -o pcap.pcap port 22

# Write packet
$ libpcap-write --output pcap.pcap ac64175ffa41000ec6c9157e08004500004b8a1e400080060000c0a80002c0a80001c794006618e119b56ef0831d5018faf081910000030000231ee00000001d00c1020600c20f53494d415449432d524f4f542d4553c0010a

# Read packet
$ libpcap-read -i test.pcap -v -p port 502

Read pcap file

from pylibpcap.pcap import rpcap


for len, t, pkt in rpcap("tests/dns.pcap"):
    print("Time:", t)
    print("Buf length:", len)
    print("Buf:", pkt)

Write pcap file

from pylibpcap import wpcap


buf = b'\x00\xc0\x9f2A\x8c\x00\xe0\x18\xb1\x0c\xad\x08\x00E\x00\x008' \
        b'\x00\x00@\x00@\x11eG\xc0\xa8\xaa\x08\xc0\xa8\xaa\x14\x80\x1b' \
        b'\x005\x00$\x85\xed\x102\x01\x00\x00\x01\x00\x00\x00\x00\x00' \
        b'\x00\x06google\x03com\x00\x00\x10\x00\x01'


wpcap(buf, "pcap.pcap")
wpcap([buf, buf], "pcap.pcap")

Or

from pylibpcap import OpenPcap


with OpenPcap("pcap.pcap", "a") as f:
    f.write(buf)

Merge pcap file

from pylibpcap.pcap import mpcap


mpcap("demo.pcap", "demo2.pcap")
mpcap("pcap/", "output.pcap", "port 502")

Get first iface

from pylibpcap import get_first_iface

print(get_first_iface())

Get iface list

from pylibpcap import get_iface_list

print(get_iface_list())

Send raw packet

from pylibpcap import send_packet


buf = b'\x00\xc0\x9f2A\x8c\x00\xe0\x18\xb1\x0c\xad\x08\x00E\x00\x008' \
        b'\x00\x00@\x00@\x11eG\xc0\xa8\xaa\x08\xc0\xa8\xaa\x14\x80\x1b' \
        b'\x005\x00$\x85\xed\x102\x01\x00\x00\x01\x00\x00\x00\x00\x00' \
        b'\x00\x06google\x03com\x00\x00\x10\x00\x01'

send_packet("enp2s0", buf)

Capture packet

from pylibpcap.pcap import sniff


for plen, t, buf in sniff("enp2s0", filters="port 53", count=-1, promisc=1, out_file="pcap.pcap"):
    print("[+]: Payload len=", plen)
    print("[+]: Time", t)
    print("[+]: Payload", buf)

Or

from pylibpcap.base import Sniff

sniffobj = None

try:
    sniffobj = Sniff("enp2s0", filters="port 53", count=-1, promisc=1, out_file="pcap.pcap")

    for plen, t, buf in sniffobj.capture():
        print("[+]: Payload len=", plen)
        print("[+]: Time", t)
        print("[+]: Payload", buf)
except KeyboardInterrupt:
    pass
except LibpcapError as e:
    print(e)

if sniffobj is not None:
    stats = sniffobj.stats()
    print(stats.capture_cnt, " packets captured")
    print(stats.ps_recv, " packets received by filter")
    print(stats.ps_drop, "  packets dropped by kernel")
    print(stats.ps_ifdrop, "  packets dropped by iface")

Credits

This package was created with Cookiecutter and the caizhengxin/cookiecutter-package project template.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python_libpcap-0.5.1.tar.gz (122.0 kB view details)

Uploaded Source

File details

Details for the file python_libpcap-0.5.1.tar.gz.

File metadata

  • Download URL: python_libpcap-0.5.1.tar.gz
  • Upload date:
  • Size: 122.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.10.0 readme-renderer/34.0 requests/2.26.0 requests-toolbelt/1.0.0 urllib3/1.26.7 tqdm/4.64.1 importlib-metadata/4.6.0 keyring/23.4.1 rfc3986/1.5.0 colorama/0.4.5 CPython/3.6.9

File hashes

Hashes for python_libpcap-0.5.1.tar.gz
Algorithm Hash digest
SHA256 0158bcb2f65c67318982a05849a24debf0780013dbb225a30891e34e1ee2c403
MD5 50c6c5a9dbe4338a4bb81e241e3e2c75
BLAKE2b-256 b6e93ddf7eb87e8ef701007eb078208d24b31ee484cc4cd01edf9312284d90c3

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page