CODEWITHSUNDEEP
pythonipv6packet-captureimpacketpcapy
bortzmeyer
bortzmeyer

Reputation: 35519

IPv6 decoder for pcapy/impacket

I use the pcapy/impacket library to decode network packets in Python. It has an IP decoder which knows about the syntax of IPv4 packets but apparently no IPv6 decoder.

Does anyone get one?

In a private correspondance, the Impacket maintainers say it may be better to start with Scapy

Upvotes: 1

Views: 3785

Answers (4)

Miles
Miles

Reputation: 32478

You may want to look into dpkt, yet another packet parsing/building library. It was written by the author of pypcap, a different libpcap wrapper, but it shouldn't be too difficult to get it working with pcapy to see if it's faster for your purposes than Scapy.

Upvotes: 1

Emilio
Emilio

Reputation: 4031

You can use a really useful one-file library from google from

http://code.google.com/p/ipaddr-py/

that supports IPv4, IPv6, ip validation, netmask and prefix managements, etc. It's well coded and documented.

Good luck
Emilio

Upvotes: -1

bortzmeyer
bortzmeyer

Reputation: 35519

Scapy, recommended by the Impacket maintainers, has no IPv6 decoding at this time. But there is an unofficial extension to do so.

With this extension, it works:

for packet in traffic:
  if packet.type == ETH_P_IPV6 or packet.type == ETH_P_IP:
    ip = packet.payload
    if (ip.version == 4 and ip.proto == UDP_PROTO) or \
       (ip.version == 6 and ip.nh == UDP_PROTO):
        if ip.dport == DNS_PORT and ip.dst == ns:
            all_queries = all_queries + 1

but it is awfully slow for large traces. So, I may have to try Impacket nevertheless or even go back to C.

Upvotes: 2

Fernando Miguélez
Fernando Miguélez

Reputation: 11316

I have never used pcapy before, but I do have used libpcap in C projects. As the pcapy page states it is not statically linked to libcap, so you can upgrade to a newer one with IPv6 support.

According to libpcap changelog, version 1.0 released on October 27, 2008, has default IPv6 support (it is supposed to have IPv6 from much longer but it is now default compiled with that option), so you should be able to capture IPv6 traffic with this version. Latest pcapy release is from March 27, 2007, so at most it should include a 0.9.8 version of libcap released on September 10, 2007.

I don't know if that would be enough for you to be able to capture IPv6 traffic since pcapy API would probably requiere some changes to support it, and that's on pcapy developer's roof.

Update: Apparently pylibpcap, a python wrapper to libpcap, has newer releases than pcapy, so newer libpcap features should be better supported.

More information about PCAP (libpcap) in general here.

Upvotes: -1

Related Questions