pcaplib Python版本的pcaplib的编程接口

https://pythonhosted.org/pcaplib/api.html

The pcaplib API reference

classpcaplib.Reader(filename)[source]

Construct a Reader which reads the content of a PCAP file and can be consumed as an Iterable. An FileFormatError is raised if the file is not a valid PCAP file.

Example:

import pcaplib
pcap_reader = pcaplib.Reader('capture.pcap')
for ts in pcap_reader:
    print(packet)

(1494608771, 459378, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9')
(1494608771, 459556, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9')

filename

a filename.

version_major

Major version, currently 2.

version_minor

Minor version, currently 4.

thiszone

the correction time in seconds between GMT (UTC) and the local timezone of the following packet header timestamps. In practice, time stamps are always in GMT, so thiszone is always 0.

sigfigs

in theory, the accuracy of time stamps in the capture; in practice, all tools set it to 0.

snaplen

the snapshot length for the capture (typically 65535 or even more, but might be limited by the user).

network

link-layer header type.

ts_sec

the date and time when this packet was captured. This value is in seconds since January 1, 1970 00:00:00 GMT.

ts_usec

the microseconds when this packet was captured, as an offset to ts_sec.

incl_len

the number of bytes of packet data actually captured and saved in the file. This value should never become larger than orig_len or the snaplen value of the global header.

orig_len

the length in bytes of the packet as it appeared on the network when it was captured. If incl_len and orig_len differ, the actually saved packet size was limited by snaplen.

classpcaplib.Writer(filename, packets_iterable, network=<Network.EN10MB: 1>, big_endian=True)[source]

Construct a Writer which will write in filename packets using the PCAP format.

Example:

import pcaplib

pkt_list = [
    (1494608771, 459378, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9'),
    (1494608771, 459556, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9'),
]

pcap_writer = pcaplib.Writer('capture.pcap', pkt_list)
pcap_writer.writer()

Parameters:	filename (str) – a filename packets_iterable (iterable) – An iterable of 5-tuples, each tuple should have the following format (ts_sec, ts_usec, incl_len, orig_len, pkt_data) network – the network type, defaults to Ethernet Network.EN10B or 1.

packets_iterable.

An iterable of 5-tuples,

write()[source]

Iterates over packets_iterables and writes the content in a PCAP file.

Custom Enum

classpcaplib.Network(IntEnum)[source]

An enumeration.

An IntEnum representing the network types

Custom Exceptions

exceptionpcaplib.FileFormatError(Exception)[source]

Error if the file is not a valid PCAP file