pcaputils - python module to help analyze packet captures


# pcaputils: a python module to help analyze packet captures
# in standard pcap format from libpcap or winpcap

import sys
import pcaputils

def handle_dns(sec, usec, pkt, headers):
    print "%s:%d %s:%d (%d bytes)" % (headers['ip']['srcAddr'], headers['udp']['srcPort'],
                                      headers['ip']['dstAddr'], headers['udp']['dstPort'],
                                      len(pkt))
    print pcaputils.hexdump(pkt)

if __name__ == "__main__":
    p = pcaputils.pcaputils("capture.pcap")
    p.subscribe("udp['srcPort'] == 53 or udp['dstPort'] == 53", handle_dns)
    p.auto()

#Update: check out dpkt, it's way better than this hacked together script! More info here.