Python Packet Capture and Injection Library

Author: Mark Rowe
Contact: bdash@gmx.net
Web site:http://pycap.sourceforge.net
Project page:http://sourceforge.net/projects/pycap/

This package provides the ability to capture packets from, and inject packets onto, network interfaces. It supports commonly found protocols such as Ethernet, PPP, IP, ARP, TCP, UDP, and ICMP.

Supported Platforms

pycap should work on any platform that supports libpcap, libnet and Python. It currently requires Python 2.3. It will be backported to Python 2.2 if enough interest is shown. If you find any bugs please report them on the Sourceforge project page.

To Do

Packet injection is currently a work in progress. It works for me, but needs a lot more testing. A full list of things left to complete is available on a separate page.

Installation

pycap is available from CVS, or from its Sourceforge project page. Installing pycap from the released tarball requires extracting the file then executing the following commands.

% python setup.py build
% sudo python setup.py install

To obtain and install pycap from CVS follow these steps, adjusting for your platform as necessary. Note that the CVS password is empty.

% cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pycap login 
(Logging in to anonymous@cvs.sourceforge.net)
CVS password:
% cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/pycap co pycap
% cd pycap/
% python setup.py build
% sudo python setup.py install

Details

Note that libpcap and libnet may require superuser access to capture packets.

Example

Capture

The following session in the interactive interpreter demonstrates capturing a packet from the default network interface, and exploring its various components.

>>> import pycap.capture
>>> p = pycap.capture.capture()
>>> packet = p.next()
>>> packet
(Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f), IP(proto=0x6, 192.168.0.235 -> 64.12.24.129),
 TCP(57579 -> 5190, seq=0xc1600e16, ack=0xf481e20e, flags=(push, ack)), '*\x05\x01\xff\x00\x00', 
 1046153559.33903)
>>> packet[0]
Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f)
>>> dir(packet[0])
['__class__', '__delattr__', '__doc__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__',
 '__reduce_ex__', '__repr__', '__setattr__', '__str__', 'destination', 'packet', 'source', 'type']
>>> packet[0].source
'00:03:93:44:a9:92'
>>> dir(packet[1])
['__class__', '__delattr__', '__doc__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__',
 '__reduce_ex__', '__repr__', '__setattr__', '__str__', 'checksum', 'destination', 'headerlength', 'id',
 'length', 'offset', 'packet', 'protocol', 'source', 'timetolive', 'typeofservice', 'version']
>>> packet[1].version
4
>>> 

Injection

The following session in the interactive interpreter demonstrates how to inject an ICMP echo request onto the default network interface.

>>> import pycap.constants, pycap.protocol, pycap.inject
>>> data = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
>>> ethernet = pycap.protocol.ethernet(type=pycap.constants.ethernet.ETHERTYPE_IP,
...                                    source='00:03:93:44:a9:92',
...                                    destination='00:50:ba:8f:c4:5f')
>>> ip = pycap.protocol.ip(version=4,
...                        length=pycap.constants.ip.HEADER_LENGTH + pycap.constants.icmp.ECHO_HEADER_LENGTH + len(data),
...                        id=1,
...                        offset=0,
...                        ttl=100,
...                        protocol=pycap.constants.ip.IPPROTO_ICMP,
...                        checksum=0,
...                        source="192.168.0.2",
...                        destination="216.239.51.100")
>>> icmp = pycap.protocol.icmpEchoRequest(0, 0, 1, 0)
>>> packet = (ethernet, ip, icmp, data)
>>> print packet
(Ethernet(type=0x800, 00:03:93:44:a9:92 -> 00:50:ba:8f:c4:5f), IP(proto=0x1, 192.168.0.2 -> 216.239.51.100), 
 ICMP(type=0x8, code=0x0), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ')
>>> pycap.inject.inject().inject(packet)
>>> 

Reference

Reference documentation is severely lacking. If there is anything that you would like an explantion on feel free to email me or file a bug report on it.

SourceForge.net Logo