caizhengxin / python-libpcap Goto Github PK

View Code? Open in Web Editor NEW

38.0 4.0 13.0 160 KB

Cython libpcap

Home Page: https://python-libpcap.readthedocs.io

License: BSD 3-Clause "New" or "Revised" License

Python 51.65% Cython 48.35%

python-libpcap libpcap python3 pcap pcapng

python-libpcap's Introduction

python-libpcap

This is the Cython encapsulated of the C libpcap library for python.

Github repo: https://github.com/caizhengxin/python-libpcap
Documentation: https://python-libpcap.readthedocs.io
Free software: BSD lincense

Features

Install

To install python-libpcap, run this command in your terminal:

$ sudo apt-get install libpcap-dev
$ pip3 install python-libpcap

Usage

Command

# Multi-file quick merge
$ libpcap-merge -i test.pcap -o pcap.pcap port 502
$ libpcap-merge -i pcap/ -o pcap.pcap port 502

# Capture data packet
$ sudo libpcap-capture -i enp0s3 -v -p port 22
$ sudo libpcap-capture -i enp0s3 -o pcap.pcap port 22

# Write packet
$ libpcap-write --output pcap.pcap ac64175ffa41000ec6c9157e08004500004b8a1e400080060000c0a80002c0a80001c794006618e119b56ef0831d5018faf081910000030000231ee00000001d00c1020600c20f53494d415449432d524f4f542d4553c0010a

# Read packet
$ libpcap-read -i test.pcap -v -p port 502

Read pcap file

from pylibpcap.pcap import rpcap


for len, t, pkt in rpcap("tests/dns.pcap"):
    print("Time:", t)
    print("Buf length:", len)
    print("Buf:", pkt)

Write pcap file

from pylibpcap import wpcap


buf = b'\x00\xc0\x9f2A\x8c\x00\xe0\x18\xb1\x0c\xad\x08\x00E\x00\x008' \
        b'\x00\x00@\x00@\x11eG\xc0\xa8\xaa\x08\xc0\xa8\xaa\x14\x80\x1b' \
        b'\x005\x00$\x85\xed\x102\x01\x00\x00\x01\x00\x00\x00\x00\x00' \
        b'\x00\x06google\x03com\x00\x00\x10\x00\x01'


wpcap(buf, "pcap.pcap")
wpcap([buf, buf], "pcap.pcap")

from pylibpcap import OpenPcap


with OpenPcap("pcap.pcap", "a") as f:
    f.write(buf)

Merge pcap file

from pylibpcap.pcap import mpcap


mpcap("demo.pcap", "demo2.pcap")
mpcap("pcap/", "output.pcap", "port 502")

Get first iface

from pylibpcap import get_first_iface

print(get_first_iface())

Get iface list

from pylibpcap import get_iface_list

print(get_iface_list())

Send raw packet

from pylibpcap import send_packet


buf = b'\x00\xc0\x9f2A\x8c\x00\xe0\x18\xb1\x0c\xad\x08\x00E\x00\x008' \
        b'\x00\x00@\x00@\x11eG\xc0\xa8\xaa\x08\xc0\xa8\xaa\x14\x80\x1b' \
        b'\x005\x00$\x85\xed\x102\x01\x00\x00\x01\x00\x00\x00\x00\x00' \
        b'\x00\x06google\x03com\x00\x00\x10\x00\x01'

send_packet("enp2s0", buf)

Capture packet

from pylibpcap.pcap import sniff


for plen, t, buf in sniff("enp2s0", filters="port 53", count=-1, promisc=1, out_file="pcap.pcap"):
    print("[+]: Payload len=", plen)
    print("[+]: Time", t)
    print("[+]: Payload", buf)

from pylibpcap.base import Sniff

sniffobj = None

try:
    sniffobj = Sniff("enp2s0", filters="port 53", count=-1, promisc=1, out_file="pcap.pcap")

    for plen, t, buf in sniffobj.capture():
        print("[+]: Payload len=", plen)
        print("[+]: Time", t)
        print("[+]: Payload", buf)
except KeyboardInterrupt:
    pass
except LibpcapError as e:
    print(e)

if sniffobj is not None:
    stats = sniffobj.stats()
    print(stats.capture_cnt, " packets captured")
    print(stats.ps_recv, " packets received by filter")
    print(stats.ps_drop, "  packets dropped by kernel")
    print(stats.ps_ifdrop, "  packets dropped by iface")

Credits

This package was created with Cookiecutter and the caizhengxin/cookiecutter-package project template.

python-libpcap's People

Contributors

Stargazers

Watchers

Forkers

drewp ityshchenko jakeogh tomkcook bbergner86 csb7929 lukas-w8less xiaospica thesablecz lambda sphill007 lukejbullard wesley-yang

python-libpcap's Issues

Support for the stats function in libcap?

Could you implement the status function in libcap, so it is possible to get stats out of the sniffing?

Incorrect Import For "Get first iface" Example

Import for the "Get first iface:" example is incorrect.

Should be:
from pylibpcap import get_first_iface

Optimizing packet capturing

Is it possible to optimize the packet capturing. Since when i test it with the new stat function, i capturing is falling behind packets received by the filter as shown in the image below

Compiling Error on Installation

Hello, I cannot install python-libpcap on Kali rolling. It has worked the past few months until just this week. python-libpcap is not installed by default on Kali. I tried to give all the versioning and information surrounding this error. Proxychains is working fine and the machine is up-to-date using Python 3.9 instead of Python 3.10. All pip installations have been using sudo. I've had python-libpcap working fine on Python 3.8 and 3.9 using PCredz up until this compiling error. Let me know if you need any more information.

┌──(kali㉿workstation)-[~]
└─$ sudo proxychains pip install python-libpcap
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] Strict chain  ...  192.168.1.69:10000  ...  pypi.org:443  ...  OK
Collecting python-libpcap
  Using cached python-libpcap-0.4.0.tar.gz (77 kB)
  Preparing metadata (setup.py) ... done
Requirement already satisfied: Cython>=0.29.13 in /usr/lib/python3/dist-packages (from python-libpcap) (0.29.30)
Building wheels for collected packages: python-libpcap
  Building wheel for python-libpcap (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py bdist_wheel did not run successfully.
  │ exit code: 1
  ╰─> [41 lines of output]
      [proxychains] DLL init: proxychains-ng 4.16
      /usr/lib/python3/dist-packages/setuptools/dist.py:723: UserWarning: Usage of dash-separated 'description-file' will not be supported in future versions. Please use the underscore name 'description_file' instead
        warnings.warn(
      running bdist_wheel
      running build
      running build_py
      creating build
      creating build/lib.linux-x86_64-3.9
      creating build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/cli.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/parse.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/pcap.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/open.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/__init__.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/__main__.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/utils.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/exception.py -> build/lib.linux-x86_64-3.9/pylibpcap
      running egg_info
      writing python_libpcap.egg-info/PKG-INFO
      writing dependency_links to python_libpcap.egg-info/dependency_links.txt
      writing entry points to python_libpcap.egg-info/entry_points.txt
      writing requirements to python_libpcap.egg-info/requires.txt
      writing top-level names to python_libpcap.egg-info/top_level.txt
      reading manifest file 'python_libpcap.egg-info/SOURCES.txt'
      reading manifest template 'MANIFEST.in'
      warning: no files found matching '*.h' under directory 'src'
      warning: no previously-included files matching '*.pyc' found anywhere in distribution
      writing manifest file 'python_libpcap.egg-info/SOURCES.txt'
      copying pylibpcap/base.c -> build/lib.linux-x86_64-3.9/pylibpcap
      running build_ext
      building 'pylibpcap.base' extension
      creating build/temp.linux-x86_64-3.9
      creating build/temp.linux-x86_64-3.9/pylibpcap
      x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.9 -c pylibpcap/base.c -o build/temp.linux-x86_64-3.9/pylibpcap/base.o -lpcap
      [proxychains] DLL init: proxychains-ng 4.16
      [proxychains] DLL init: proxychains-ng 4.16
      pylibpcap/base.c:26:10: fatal error: Python.h: No such file or directory
         26 | #include "Python.h"
            |          ^~~~~~~~~~
      compilation terminated.
      error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
  ERROR: Failed building wheel for python-libpcap
  Running setup.py clean for python-libpcap
Failed to build python-libpcap
Installing collected packages: python-libpcap
  Running setup.py install for python-libpcap ... error
  error: subprocess-exited-with-error

  × Running setup.py install for python-libpcap did not run successfully.
  │ exit code: 1
  ╰─> [43 lines of output]
      [proxychains] DLL init: proxychains-ng 4.16
      /usr/lib/python3/dist-packages/setuptools/dist.py:723: UserWarning: Usage of dash-separated 'description-file' will not be supported in future versions. Please use the underscore name 'description_file' instead
        warnings.warn(
      running install
      /usr/lib/python3/dist-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
        warnings.warn(
      running build
      running build_py
      creating build
      creating build/lib.linux-x86_64-3.9
      creating build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/cli.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/parse.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/pcap.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/open.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/__init__.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/__main__.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/utils.py -> build/lib.linux-x86_64-3.9/pylibpcap
      copying pylibpcap/exception.py -> build/lib.linux-x86_64-3.9/pylibpcap
      running egg_info
      writing python_libpcap.egg-info/PKG-INFO
      writing dependency_links to python_libpcap.egg-info/dependency_links.txt
      writing entry points to python_libpcap.egg-info/entry_points.txt
      writing requirements to python_libpcap.egg-info/requires.txt
      writing top-level names to python_libpcap.egg-info/top_level.txt
      reading manifest file 'python_libpcap.egg-info/SOURCES.txt'
      reading manifest template 'MANIFEST.in'
      warning: no files found matching '*.h' under directory 'src'
      warning: no previously-included files matching '*.pyc' found anywhere in distribution
      writing manifest file 'python_libpcap.egg-info/SOURCES.txt'
      copying pylibpcap/base.c -> build/lib.linux-x86_64-3.9/pylibpcap
      running build_ext
      building 'pylibpcap.base' extension
      creating build/temp.linux-x86_64-3.9
      creating build/temp.linux-x86_64-3.9/pylibpcap
      x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.9 -c pylibpcap/base.c -o build/temp.linux-x86_64-3.9/pylibpcap/base.o -lpcap
      [proxychains] DLL init: proxychains-ng 4.16
      [proxychains] DLL init: proxychains-ng 4.16
      pylibpcap/base.c:26:10: fatal error: Python.h: No such file or directory
         26 | #include "Python.h"
            |          ^~~~~~~~~~
      compilation terminated.
      error: command '/usr/bin/x86_64-linux-gnu-gcc' failed with exit code 1
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: legacy-install-failure

× Encountered error while trying to install package.
╰─> python-libpcap

note: This is an issue with the package mentioned above, not pip.
hint: See above for output from the failure.


┌──(kali㉿workstation)-[~]
└─$ lsb_release -a                                                                                                                                                                                                                                                                    1 ⨯
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux Rolling
Release:        2022.2
Codename:       kali-rolling


┌──(kali㉿workstation)-[~]
└─$ sudo proxychains apt update                                                                                                                                                                                                                                                     130 ⨯
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
0% [Working][proxychains] Strict chain  ...  192.168.1.69:10000  ...  http.kali.org:80  ...  OK
[proxychains] DLL init: proxychains-ng 4.16
0% [Working][proxychains] Strict chain  ...  192.168.1.69:10000  ...  kali.download:80  ...  OK
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
Hit:1 http://kali.download/kali kali-rolling InRelease
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.


┌──(kali㉿workstation)-[~]
└─$ pip -V
pip 22.1.2 from /usr/local/lib/python3.9/dist-packages/pip (python 3.9)


┌──(kali㉿workstation)-[~]
└─$ python -V
Python 3.9.13


┌──(kali㉿workstation)-[~]
└─$ sudo proxychains pip install cython
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Requirement already satisfied: cython in /usr/lib/python3/dist-packages (0.29.30)
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv


┌──(kali㉿workstation)-[~]
└─$ sudo proxychains apt install libpcap-dev
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libpcap-dev is already the newest version (1.10.1-4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Install issue with python3.10

Hello,

Since python3.10, I'm unable to install this library on a debian based OS.
Installation of the library works without any problem:
sudo apt-get install libpcap-dev && pip3 install Cython && pip3 install python-libpcap

however, when calling the modules, a cython error occurs:
>>> import pylibpcap as pcap
>>> from pylibpcap.pcap import rpcap
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.10/dist-packages/pylibpcap/pcap.py", line 6, in <module>
from pylibpcap.base import Sniff, LibPcap
ImportError: /usr/local/lib/python3.10/dist-packages/pylibpcap/base.cpython-310-x86_64-linux-gnu.so: undefined symbol: _PyGen_Send

Look like several other libraries had this specific issue with Cython on python 3.10

Cheers,

memory leak

hey I wrote a simpel demo to test the performance of reading&sending pcap likes:

for _, t, pkt in rpcap("/data/xxx.pcap"):
send_packet("eth0", pkt)

I think I read memory increase when I am running demo (in htop).
valgrind also shows the memory leak.

but I didn't figure out where this memory leak from

stop recording

Hey caizhengxin i hope you're ok, this not an issue this more like a question.
i would like to know how to stop recording pcap packages whetn the flag count is equal to -1 in sniffing mode.

sometimes when i open the file in wireshark, it says that a package in the middle is either corrupted or uncompleted.

Thanks

Trying pcapkit.extract method getting this error

Traceback (most recent call last):
File "dpkt_parse.py", line 4, in
pcapkit.extract(fin=file, fout='out.plist', format='plist', store=False)
TypeError: object_hook() missing 1 required positional argument: 'o'

Byte offset

is it possible to get byte offset of each package with python-libpcap?, as it is proposed in this link

Packets...

Not an issue so much as a question... rpcap() returns a raw bytes for the packet ... is there a companion module you'd recommend to provide structure/properties, or an object interface, to those packets? The raw blob ain't exactly self-explanatory, unless I'm missing something about this module.

pyinstaller is not working with this library

This is not issue it's more like a question. I'm trying to make an executable of this library with pyinstaller but by the moment is not working.

are there some shortcuts to make it possible ?

Large delay with sniff() function after updating to Ubuntu 19.10

I've been using this library for a while to read live networking traffic on Ubuntu 16.04 LTS.
After updating to Ubuntu 19.10, there is a 5+ second latency between when a packet arrives (shown in tcpdump) and when sniff() returns.
for plen, t, buf in sniff("wlo1", filters="src host <IP>", count=-1, promisc=1, out_file=""):

WiFi Card: Cannon Point-LP CNVi [Wireless-AC]
HP Pavilion Laptop 14-ce2xxx

sniff class don't create the pcap file

hey, i've working with this library during a few months, specifically with sniff module. It work very good for what i'm doing but the new version of the library don't create the pcap file. For that reason i installed version 0.2.3 and all worked perfect. i would be good if this version would create the pcap file,while it's sniffing packages.

Warning: "Usage of dash-separated 'description-file' will not be supported in future".

I am building this python module as a distribution package (Arch Linux AUR python-libpcap-git) with python 3.11.

To build, I use python -m build --wheel --no-isolation.

I get the following warning, prompting the developer of this software to change stuff, because as it is current it will be unsupported in the future:

warning: pylibpcap/base.pyx:339:19: Non-trivial type declarators in shared declaration (e.g. mix of pointers and values). Each pointer declaration should be on its own line.
warning: pylibpcap/base.pyx:339:32: Non-trivial type declarators in shared declaration (e.g. mix of pointers and values). Each pointer declaration should be on its own line.
/usr/lib/python3.11/site-packages/setuptools/dist.py:754: SetuptoolsDeprecationWarning: Invalid dash-separated options
!!

        ********************************************************************************
        Usage of dash-separated 'description-file' will not be supported in future
        versions. Please use the underscore name 'description_file' instead.

        By 2023-Sep-26, you need to update your project and remove deprecated calls
        or your builds will no longer be supported.

        See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html for details.
        ********************************************************************************

!!

Regards!

Python 3.10 + Cython: undefined symbol: _PyGen_Send

Versions

Python

Python 3.10.5 (main, Jun 8 2022, 09:26:22) [GCC 11.3.0] on linux

Cython

python -c "from Cython.Compiler.Version import version; print (version)"
3.0.0a11

python-libpcap

python -m pip install python-libpcap
Defaulting to user installation because normal site-packages is not writeable
Collecting python-libpcap
  Using cached python_libpcap-0.4.0-cp310-cp310-linux_x86_64.whl
Requirement already satisfied: Cython>=0.29.13 in /usr/local/lib/python3.10/dist-packages/Cython-3.0.0a11-py3.10-linux-x86_64.egg (from python-libpcap) (3.0.0a11)
Installing collected packages: python-libpcap
  WARNING: The scripts libpcap-capture, libpcap-merge, libpcap-read and libpcap-write are installed in '/home/swag/.local/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed python-libpcap-0.4.0

Error importing rpcap

Python 3.10.5 (main, Jun  8 2022, 09:26:22) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pylibpcap as pcap
>>> from pylibpcap.pcap import rpcap
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python3.10/site-packages/pylibpcap/pcap.py", line 6, in <module>
    from pylibpcap.base import Sniff, LibPcap
ImportError: /home/user/.local/lib/python3.10/site-packages/pylibpcap/base.cpython-310-x86_64-linux-gnu.so: undefined symbol: _PyGen_Send

Notes

When trying to import rpcap we received an import error related to Cython undefined symbol. I have found multiple issues from upstream with this error, however they have implemented fixes in the latest versions of Cython specifically for this issue. However, the issue still remains in python-libpcap.
cython/cython#3876

It looks like Python 3.10 has a new procedure to replace _PyGen_Send as commented on here:
cython/cython#3876 (comment)

Code was committed upstream in Cython to change from _PyGen_Send to PyIterSend here:
cython/cython@5fec31d

Working method

If I clone this project and run setup it works properly. The issue appears to be with pip installations.

git clone https://github.com/caizhengxin/python-libpcap.git
sudo python setup.py install

python
Python 3.10.5 (main, Jun  8 2022, 09:26:22) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pylibpcap
>>> from pylibpcap.pcap import rpcap
>>>

caizhengxin / python-libpcap Goto Github PK

python-libpcap's Introduction

python-libpcap

Features

Install

Usage

Command

Read pcap file

Write pcap file

Merge pcap file

Get first iface

Get iface list

Send raw packet

Capture packet

Credits

python-libpcap's People

Contributors

Stargazers

Watchers

Forkers

python-libpcap's Issues

Versions

Python

Cython

python-libpcap

Error importing rpcap

Notes

Working method

Recommend Projects

Recommend Topics

Recommend Org