Python-pcapng
#############
Python library to parse the pcap-ng format used by newer versions
of dumpcap & similar tools (wireshark, winpcap, ...).
Documentation
=============
If you prefer the RTD theme, or want documentation for any version
other than the latest, head here:
http://python-pcapng.readthedocs.org/en/latest/
If you prefer the more comfortable, page-wide, default sphinx theme,
a documentation mirror is hosted on GitHub pages:
http://rshk.github.io/python-pcapng/
CI build status
===============
+----------+--------------------------------------------------------------------------+
| Branch | Status |
+==========+==========================================================================+
| master | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=master |
| | :target: https://travis-ci.org/rshk/python-pcapng |
+----------+--------------------------------------------------------------------------+
| develop | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=develop |
| | :target: https://travis-ci.org/rshk/python-pcapng |
+----------+--------------------------------------------------------------------------+
Source code
===========
Source, issue tracker etc. on GitHub: https://github.com/rshk/python-pcapng
Get the source from git::
git clone https://github.com/rshk/python-pcapng
Download zip of the latest version:
https://github.com/rshk/python-pcapng/archive/master.zip
Install from pypi::
pip install python-pcapng
PyPI status
===========
The official page on the Python Package Index is: https://pypi.python.org/pypi/python-pcapng
.. image:: https://img.shields.io/pypi/v/python-pcapng.svg
:target: https://pypi.python.org/pypi/python-pcapng
:alt: Latest PyPI version
.. image:: https://img.shields.io/pypi/dm/python-pcapng.svg
:target: https://github.com/rshk/python-pcapng.git
:alt: Number of PyPI downloads
.. image:: https://img.shields.io/pypi/pyversions/python-pcapng.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: Supported Python versions
.. image:: https://img.shields.io/pypi/status/python-pcapng.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: Development Status
.. image:: https://img.shields.io/pypi/l/python-pcapng.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: License
..
.. image:: https://pypip.in/wheel/python-pcapng/badge.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: Wheel Status
.. image:: https://pypip.in/egg/python-pcapng/badge.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: Egg Status
.. image:: https://pypip.in/format/python-pcapng/badge.svg
:target: https://pypi.python.org/pypi/python-pcapng/
:alt: Download format
Why this library?
=================
- I need to decently extract some information from a bunch of pcap-ng
files, but apparently tcpdump has some problems reading those files,
I couldn't find other nice tools nor Python bindings to a library
able to parse this format, so..
- In general, it appears there are (quite a bunch of!) Python modules
to parse the old (much simpler) format, but nothing for the new one.
- And, they usually completely lack any form of documentation.
Isn't it slow?
==============
Yes, I guess it would be much slower than something written in C,
but I'm much better at Python than C.
..and I need to get things done, and CPU time is not that expensive :)
(Maybe I'll give a try porting the thing to Cython to speed it up, but
anyways, pure-Python libraries are always useful, eg. for PyPy).
How do I use it?
================
Basic usage is as simple as:
.. code-block:: python
from pcapng import FileScanner
with open('/tmp/mycapture.pcap', 'rb') as fp:
scanner = FileScanner(fp)
for block in scanner:
pass # do something with the block...
Have a look at the blocks documentation to see what they do; also, the
``examples`` directory contains some example scripts using the library.
Hacking
=======
Format specification is here:
https://github.com/pcapng/pcapng/
Contributions are welcome, please contact me if you're planning to do
some big change, so that we can sort out the best way to integrate it.
Or even better, open an issue so the whole world can participate in
the discussion :)
Pcap-ng write support
=====================
Write support exists as of version 2.0.0. See the file
``examples/generate_pcapng.py`` for an example of the minimum code
needed to generate a pcapng file.
In most cases, this library will prevent you from creating broken
data. If you want to create marginal pcapng files, e.g. as test cases
for other software, you can do that by adjusting the "strictness" of
the library, as in:
.. code-block:: python
from pcapng.strictness import Strictness, set_strictness
set_strictness(Strictness.FIX)
Recognized values are ``Strictness.FORBID`` (the default),
``Strictness.FIX`` (warn about problems, fix *if possible*),
``Strictness.WARN`` (warn only), and ``Strictness.NONE`` (no warnings).
Circumstances that will result in strictness warnings include:
* Adding multiples of a non-repeatable option to a block
* Adding a SPB to a file with more than one interface
* Writing a PB (PBs are obsolete and not to be used in new files)
* Writing EPB/SPB/PB/ISB before writing any IDBs
Creating a release
==================
1. Create a tag for the new version::
git tag v2.0.0 -m 'Version 2.0.0'
2. Install build dependencies in a virtualenv::
python -m venv ./.build-venv
./.build-venv/bin/python -m pip install build twine
3. Build source and wheel distributions::
rm -rf ./dist *.egg-info
./.build-venv/bin/python -m build
4. Use Twine to upload to pypi::
twine upload dist/*
Troubleshooting
---------------
If you get some crazy version number like
``2.0.1.dev0+g7bd8575.d20220310`` instead of what you expect (eg
``2.0.0``), it's because you have uncommitted or untracked files in
your local working copy, or you created more commits after creating
the tag. Such a version number will be refused by pypi (and it's not a
good version number anyways), so make sure you have a clean working
copy before building.
Raw data
{
"_id": null,
"home_page": "https://github.com/rshk/python-pcapng",
"name": "python-pcapng",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.5",
"maintainer_email": "",
"keywords": "",
"author": "Samuele Santi",
"author_email": "samuele@samuelesanti.com",
"download_url": "https://files.pythonhosted.org/packages/3c/2f/72534730a81205cd3ca32d65b4760c927e6ffc69a3d06ff3d1edda64ae3e/python-pcapng-2.1.1.tar.gz",
"platform": null,
"description": "Python-pcapng\n#############\n\nPython library to parse the pcap-ng format used by newer versions\nof dumpcap & similar tools (wireshark, winpcap, ...).\n\n\nDocumentation\n=============\n\nIf you prefer the RTD theme, or want documentation for any version\nother than the latest, head here:\n\nhttp://python-pcapng.readthedocs.org/en/latest/\n\nIf you prefer the more comfortable, page-wide, default sphinx theme,\na documentation mirror is hosted on GitHub pages:\n\nhttp://rshk.github.io/python-pcapng/\n\n\nCI build status\n===============\n\n+----------+--------------------------------------------------------------------------+\n| Branch | Status |\n+==========+==========================================================================+\n| master | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=master |\n| | :target: https://travis-ci.org/rshk/python-pcapng |\n+----------+--------------------------------------------------------------------------+\n| develop | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=develop |\n| | :target: https://travis-ci.org/rshk/python-pcapng |\n+----------+--------------------------------------------------------------------------+\n\n\nSource code\n===========\n\nSource, issue tracker etc. on GitHub: https://github.com/rshk/python-pcapng\n\nGet the source from git::\n\n git clone https://github.com/rshk/python-pcapng\n\nDownload zip of the latest version:\n\nhttps://github.com/rshk/python-pcapng/archive/master.zip\n\nInstall from pypi::\n\n pip install python-pcapng\n\n\nPyPI status\n===========\n\nThe official page on the Python Package Index is: https://pypi.python.org/pypi/python-pcapng\n\n.. image:: https://img.shields.io/pypi/v/python-pcapng.svg\n :target: https://pypi.python.org/pypi/python-pcapng\n :alt: Latest PyPI version\n\n.. image:: https://img.shields.io/pypi/dm/python-pcapng.svg\n :target: https://github.com/rshk/python-pcapng.git\n :alt: Number of PyPI downloads\n\n.. image:: https://img.shields.io/pypi/pyversions/python-pcapng.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: Supported Python versions\n\n.. image:: https://img.shields.io/pypi/status/python-pcapng.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: Development Status\n\n.. image:: https://img.shields.io/pypi/l/python-pcapng.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: License\n\n..\n .. image:: https://pypip.in/wheel/python-pcapng/badge.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: Wheel Status\n\n .. image:: https://pypip.in/egg/python-pcapng/badge.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: Egg Status\n\n .. image:: https://pypip.in/format/python-pcapng/badge.svg\n :target: https://pypi.python.org/pypi/python-pcapng/\n :alt: Download format\n\n\n\nWhy this library?\n=================\n\n- I need to decently extract some information from a bunch of pcap-ng\n files, but apparently tcpdump has some problems reading those files,\n\n I couldn't find other nice tools nor Python bindings to a library\n able to parse this format, so..\n\n- In general, it appears there are (quite a bunch of!) Python modules\n to parse the old (much simpler) format, but nothing for the new one.\n\n- And, they usually completely lack any form of documentation.\n\n\nIsn't it slow?\n==============\n\nYes, I guess it would be much slower than something written in C,\nbut I'm much better at Python than C.\n\n..and I need to get things done, and CPU time is not that expensive :)\n\n(Maybe I'll give a try porting the thing to Cython to speed it up, but\nanyways, pure-Python libraries are always useful, eg. for PyPy).\n\n\nHow do I use it?\n================\n\nBasic usage is as simple as:\n\n.. code-block:: python\n\n from pcapng import FileScanner\n\n with open('/tmp/mycapture.pcap', 'rb') as fp:\n scanner = FileScanner(fp)\n for block in scanner:\n pass # do something with the block...\n\nHave a look at the blocks documentation to see what they do; also, the\n``examples`` directory contains some example scripts using the library.\n\n\nHacking\n=======\n\nFormat specification is here:\n\nhttps://github.com/pcapng/pcapng/\n\nContributions are welcome, please contact me if you're planning to do\nsome big change, so that we can sort out the best way to integrate it.\n\nOr even better, open an issue so the whole world can participate in\nthe discussion :)\n\n\nPcap-ng write support\n=====================\n\nWrite support exists as of version 2.0.0. See the file\n``examples/generate_pcapng.py`` for an example of the minimum code\nneeded to generate a pcapng file.\n\nIn most cases, this library will prevent you from creating broken\ndata. If you want to create marginal pcapng files, e.g. as test cases\nfor other software, you can do that by adjusting the \"strictness\" of\nthe library, as in:\n\n.. code-block:: python\n\n from pcapng.strictness import Strictness, set_strictness\n set_strictness(Strictness.FIX)\n\nRecognized values are ``Strictness.FORBID`` (the default),\n``Strictness.FIX`` (warn about problems, fix *if possible*),\n``Strictness.WARN`` (warn only), and ``Strictness.NONE`` (no warnings).\nCircumstances that will result in strictness warnings include:\n\n * Adding multiples of a non-repeatable option to a block\n\n * Adding a SPB to a file with more than one interface\n\n * Writing a PB (PBs are obsolete and not to be used in new files)\n\n * Writing EPB/SPB/PB/ISB before writing any IDBs\n\n\nCreating a release\n==================\n\n1. Create a tag for the new version::\n\n git tag v2.0.0 -m 'Version 2.0.0'\n\n2. Install build dependencies in a virtualenv::\n\n python -m venv ./.build-venv\n ./.build-venv/bin/python -m pip install build twine\n\n3. Build source and wheel distributions::\n\n rm -rf ./dist *.egg-info\n ./.build-venv/bin/python -m build\n\n4. Use Twine to upload to pypi::\n\n twine upload dist/*\n\n\nTroubleshooting\n---------------\n\nIf you get some crazy version number like\n``2.0.1.dev0+g7bd8575.d20220310`` instead of what you expect (eg\n``2.0.0``), it's because you have uncommitted or untracked files in\nyour local working copy, or you created more commits after creating\nthe tag. Such a version number will be refused by pypi (and it's not a\ngood version number anyways), so make sure you have a clean working\ncopy before building.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Library to read/write the pcap-ng format used by various packet sniffers.",
"version": "2.1.1",
"project_urls": {
"Homepage": "https://github.com/rshk/python-pcapng"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c6a4141a5fbb51c8e3dee10445d02785d44f8a66a150af6916b4e1776e5065c6",
"md5": "fb404d5c5372f26aa10f4b7201adbbbe",
"sha256": "2c83e9f9f60d61cbb6c86f80fa9e3d722f1bb606a59a64a96d6ba0179d97ffcf"
},
"downloads": -1,
"filename": "python_pcapng-2.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "fb404d5c5372f26aa10f4b7201adbbbe",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.5",
"size": 33503,
"upload_time": "2022-08-23T18:59:08",
"upload_time_iso_8601": "2022-08-23T18:59:08.754057Z",
"url": "https://files.pythonhosted.org/packages/c6/a4/141a5fbb51c8e3dee10445d02785d44f8a66a150af6916b4e1776e5065c6/python_pcapng-2.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "3c2f72534730a81205cd3ca32d65b4760c927e6ffc69a3d06ff3d1edda64ae3e",
"md5": "ba452d8f0b085735192390016e34232d",
"sha256": "6477e72513165954e56d5836ebbd43ac7f8d28c4640f78d63d6506d1692ddc74"
},
"downloads": -1,
"filename": "python-pcapng-2.1.1.tar.gz",
"has_sig": false,
"md5_digest": "ba452d8f0b085735192390016e34232d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.5",
"size": 82317,
"upload_time": "2022-08-23T18:59:11",
"upload_time_iso_8601": "2022-08-23T18:59:11.266463Z",
"url": "https://files.pythonhosted.org/packages/3c/2f/72534730a81205cd3ca32d65b4760c927e6ffc69a3d06ff3d1edda64ae3e/python-pcapng-2.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-08-23 18:59:11",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "rshk",
"github_project": "python-pcapng",
"travis_ci": true,
"coveralls": true,
"github_actions": true,
"tox": true,
"lcname": "python-pcapng"
}
JSON
