| Author: | Mark Rowe |
|---|---|
| Contact: | bdash@gmx.net |
| Web site: | http://pycap.sourceforge.net |
| Project page: | http://sourceforge.net/projects/pycap/ |
This package provides the ability to capture packets from, and inject packets onto, network interfaces. It supports commonly found protocols such as Ethernet, PPP, IP, ARP, TCP, UDP, and ICMP.
pycap should work on any platform that supports libpcap, libnet and Python. It currently requires Python 2.3. It will be backported to Python 2.2 if enough interest is shown. If you find any bugs please report them on the Sourceforge project page.
Packet injection is currently a work in progress. It works for me, but needs a lot more testing. A full list of things left to complete is available on a separate page.
pycap is available from CVS, or from its Sourceforge project page. Installing pycap from the released tarball requires extracting the file then executing the following commands.
% python setup.py build % sudo python setup.py install
To obtain and install pycap from CVS follow these steps, adjusting for your platform as necessary. Note that the CVS password is empty.
% cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pycap login (Logging in to anonymous@cvs.sourceforge.net) CVS password: % cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pycap co pycap % cd pycap/ % python setup.py build % sudo python setup.py install
The following session in the interactive interpreter demonstrates capturing a packet from the default network interface, and exploring its various components.
>>> import pycap.capture >>> p = pycap.capture.capture() >>> packet = p.next() >>> packet (Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f), IP(proto=0x6, 192.168.0.235 -> 64.12.24.129), TCP(57579 -> 5190, seq=0xc1600e16, ack=0xf481e20e, flags=(push, ack)), '*\x05\x01\xff\x00\x00', 1046153559.33903) >>> packet[0] Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f) >>> dir(packet[0]) ['__class__', '__delattr__', '__doc__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__str__', 'destination', 'packet', 'source', 'type'] >>> packet[0].source '00:03:93:44:a9:92' >>> dir(packet[1]) ['__class__', '__delattr__', '__doc__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__str__', 'checksum', 'destination', 'headerlength', 'id', 'length', 'offset', 'packet', 'protocol', 'source', 'timetolive', 'typeofservice', 'version'] >>> packet[1].version 4 >>>
The following session in the interactive interpreter demonstrates how to inject an ICMP echo request onto the default network interface.
>>> import pycap.constants, pycap.protocol, pycap.inject >>> data = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' >>> ethernet = pycap.protocol.ethernet(type=pycap.constants.ethernet.ETHERTYPE_IP, ... source='00:03:93:44:a9:92', ... destination='00:50:ba:8f:c4:5f') >>> ip = pycap.protocol.ip(version=4, ... length=pycap.constants.ip.HEADER_LENGTH + pycap.constants.icmp.ECHO_HEADER_LENGTH + len(data), ... id=1, ... offset=0, ... ttl=100, ... protocol=pycap.constants.ip.IPPROTO_ICMP, ... checksum=0, ... source="192.168.0.2", ... destination="216.239.51.100") >>> icmp = pycap.protocol.icmpEchoRequest(0, 0, 1, 0) >>> packet = (ethernet, ip, icmp, data) >>> print packet (Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f), IP(proto=0x1, 192.168.0.2 -> 216.239.51.100), ICMP(type=0x8, code=0x0), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') >>> pycap.inject.inject().inject(packet) >>>
Reference documentation is severely lacking. If there is anything that you would like an explantion on feel free to email me or file a bug report on it.