How to store scapy packet data?

Question

I have a DNS packet sniffer built with Scapy that I'd like to store packet data from.

I understand that packet data is stored as a dictionary, which should make it ideal to store in another dictionary or array. I can see using pkt[0].summary that the data is correct and I am getting packets but I cannot figure out how to correctly store it.

As I am new to Python / Scapy, my question is how to store / append this packet data to a dictionary or array as the packets come through.

This is what the code looks like:

#!/usr/bin/env python

from scapy.all import *
from datetime import datetime
import time
import datetime
import sys

# Select interface and ports of interest
interface = 'ens33'
bpf = 'udp and port 53'

# SELECT/FILTER MSGS
def select_DNS(pkt):
    pkt_time = pkt.sprintf('%sent.time%')


# SELECT/FILTER DNS MSGS
    try:

        dict = []

        # queries
        if DNSQR in pkt and pkt.dport == 53:
            domain = pkt.getlayer(DNS).qd.qname.decode() # .decode() gets rid of the b''
            print('Q - Time: ' + pkt_time + ' , source IP: ' + pkt[IP].src + ' , domain: ' + domain)

        # responses
        elif DNSRR in pkt and pkt.sport == 53:
            domain = pkt.getlayer(DNS).qd.qname.decode()
            print('R - Time: ' + pkt_time + ' , source IP: ' + pkt[IP].src + ' , domain: ' + domain)

    except:
        pass

# START SNIFFER
sniff(iface=interface, filter=bpf, store=0,  prn=select_DNS)

Answer 1

I'm fairly sure the packet structure is not a dictionary, even though it provides some dictionary like features (overriding the slicing notation).

If you want to store the packets in a list (array), just append them as you go.

cache = []
def select_DNS(pkt):
    cache.append(pkt)

If you want to store packets to disk, I would suggest writing them out using the wrpacp function to save them in "pcap" format.

wrpcap("temp.cap",pkts)