pcaputils: a python module to help parse/analyze packet captures
This used to be a page hosting pcaputils.py, the beginnings of my own pcap parser. You can still download that code if you like, but these days I use dpkt. It's got significant support for the upper level protocols as well as raw pcap parsing support.
dpkt 1.6 [info] [source tarball]
pcaputils 0.1.0 [download] [changelog] [example]
How to use dpkt to parse pcap files
import socket
import dpkt
import sys
pcapReader = dpkt.pcap.Reader(file(sys.argv[1], "rb"))
for ts, data in pcapReader:
ether = dpkt.ethernet.Ethernet(data)
if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
ip = ether.data
src = socket.inet_ntoa(ip.src)
dst = socket.inet_ntoa(ip.dst)
print "%s -> %s" % (src, dst)
dpkt includes built-in parsers for ethernet, ip, tcp, udp and most major application protocols. There's not much documentation, but the interactive debugger and the source should be enough.
14 Nov 09 - jjguy - jjg@jjguy.com