Python Bindings for Wireshark and libpcap using cffi
Project description
Python Bindings for Wireshark and libpcap
What wishpy is?
Uses cffi to generate Python bindings for wireshark and libpcap
You can write applications like tshark in Python
Makes wireshark’s dissectors available in Python and makes libpcap easily available in Python for packet capture
This is in active development, but should work on common Linux distributions, if it doesn’t please file an issue.
Also,a drop-in replacement for pcapy. Supports all the major pcapy APIs.
Early Windows support. Please check README-windows .
Getting Started
This packages right now is tested only on Linux (specifically Ubuntu 16.04) To be able to get started, following development environment is required -
gcc and it’s toolset
Python 3.5 or higher and Python development environment.
Supports PyPy 7.3 or higher (compatible with Python 3.6)
It is highly recommended to start with a virtual environment, something like virtualenv venv
Typically simply doing a python setup.py install should be enough to get you started. If everything goes well, one will have the modules installed in the site-packages.
Once the packages are installed, you can run the example code -
Alternatively, if you just want to use wrapped APIs, they are used in - 1. wishpy/scripts/tcpdump.py <interface_name> (For live capturing the packets and dumping json, NOTE: Requires sudo permissions.) 2. wishpy/scripts/tshark.py <pcap-file-path> (For dumping packets from a pcap``ish file as ``json)
Wireshark support
Right now both Wireshark 2.6.x and wireshark 3.2.x are supported.
The best way to make sure this works is through pkg-config. Right now, default support is for wireshark 2.6 that ships with Ubuntu. If you have both the versions installed, it’s a little bit tricky. If building wireshark from source, If you perform a make install (or sudo make install), the right wireshark.pc file is created and will be used during build.
libpcap support
libpcap library > 1.7 is supported. Also, there is a pcapy module, that can be used as a drop in replacement for pcapy. Similar APIs as pcapy are supported. We have performed quick testing with following versions of libpcap on Ubuntu (based on git tag) - libpcap-1.7.4, libpcap-1.8.1, libpcap-1.9.1.
Documentation
We have started with some very ‘basic’ Dissector/Capturer API. See wishpy/scripts/tshark.py to see how it can be used. This API is very early (in fact this is not really an API, but just a hint about what API might look like.) and very likely to change going forward. A very early version of the API Documentation is available.
Examples
See the code in wishpy/scripts/ directory for how to use wishpy API.
A More detailed example using wishpy for publishing to Redis is available at the following repo -
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file wishpy-0.1.1.tar.gz.
File metadata
- Download URL: wishpy-0.1.1.tar.gz
- Upload date:
- Size: 248.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.5.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
52c5dc344e10db9d5aa5c08382d5890ca9f4365acfecfaf067ce98fb0286e7b5
|
|
| MD5 |
5a02a5e52702cc4af163d9d0b13f4f66
|
|
| BLAKE2b-256 |
1fcc8fbb02c0c876fb2458482bc7bfd934c85824ef89184cf0ac7d919e310b49
|
