Reputation: 5084
creating a pcap file using python
I'm trying to create a very simple PCAP file (1 UDP message).
Tried using dpkt (pcap.Writer), no luck, and the documentation is scarce.
Can anyone post a working example?
(or any other alternative - I'm not bound to dpkt)
Upvotes: 3
Views: 17414
Answers (4)
Reputation: 382
You can try the code below :
#!/usr/bin/env python3
import sys
import struct
import os
import argparse
from scapy.all import sniff, sendp, hexdump, linehexdump, get_if_list, get_if_hwaddr
from scapy.all import Packet, IPOption
from scapy.all import ShortField, IntField, LongField, BitField, FieldListField, FieldLenField
from scapy.all import IP, TCP, UDP, Raw
from scapy.layers.inet import _IPOption_HDR
from scapy.all import raw
from scapy.all import bytes_hex
import hashlib
import pcapng.blocks as blocks
from pcapng import FileWriter
counter = 1
def get_if():
ifs=get_if_list()
iface=None
for i in get_if_list():
if "enp1s0f1" in i:
iface=i
break;
if not iface:
print("Cannot find eth0 interface")
exit(1)
return iface
def main():
global counter
ifaces = [i for i in os.listdir('/sys/class/net/') ]
iface = get_if()
print(("sniffing on %s" % iface))
sys.stdout.flush()
writer = FileWriter(args.outfile, shb)
orig_packets = sniff(filter='tcp and port 5201',iface = iface)
for packet in orig_packets:
spb = shb.new_member(blocks.SimplePacket)
spb.packet_data = bytes(packet)
writer.write_block(spb)
print("C=",counter)
counter=counter+1
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument("outfile", type=argparse.FileType("wb"))
args = parser.parse_args()
shb = blocks.SectionHeader(
options={
"shb_hardware": "artificial",
"shb_os": "python",
"shb_userappl": "python-pcapng",
})
idb = shb.new_member(
blocks.InterfaceDescription,
link_type=1,
options={
"if_description": "Hand-rolled",
"if_os": "Python",
"if_filter": [(0, b"tcp port 5201 and host 192.168.1.3")],
},)
main()
Upvotes: 0
Reputation: 28036
construct's cap (broken link) shows how to use construct for this. Construct also has a rudimentary ip stack (broken link) example. The nice thing about Construct is that it is symmetrical, i.e. you can put data into it, convert it to a set of Python objects and you can then dump out the objects to create the original data blob again.
Upvotes: 0
Reputation: 5882
You may use Scapy.
https://scapy.readthedocs.io/en/latest/installation.html
If using Python 3:
pip3 install scapy
Then in Python:
from scapy.all import wrpcap, Ether, IP, UDP
packet = Ether() / IP(dst="1.2.3.4") / UDP(dport=123)
wrpcap('foo.pcap', [packet])
Upvotes: 14
Reputation: 76
you need to write the packet into a libpcap format
Global Header + Packet Header + Packet Data + Packet Header + Packet Data this link should help you
http://www.codeproject.com/Tips/612847/Generate-a-quick-and-easy-custom-pcap-file-using-P
Upvotes: 2
Related Questions
- Reading PCAP file with scapy
- reading Pcap and writing it to csv file python
- Using Python to Read and Print Out a PCAP
- Python scapy: pcap file read, manipulate and write pcap
- Parsing the pcap file through scapy
- Import pcap on raspberry
- opening a pcap file in python
- Parsing PCAP in Python 2.6
- PCAP modification with Python
- how to install pcap in ubuntu using python