Saving packets to a pcap file using Pcapy

Question

I find a lot of examples to capture packets and read from a pcap file. But no examples at all to capture packets and dump these into a pcap.

I'm using the following code from here:

import pcapy
from impacket.ImpactDecoder import *

# list all the network devices
pcapy.findalldevs()

max_bytes = 1024
promiscuous = False
read_timeout = 100 # in milliseconds
pc = pcapy.open_live("name of network device to capture from", max_bytes, promiscuous, read_timeout)

pc.setfilter('tcp')

# callback for received packets
def recv_pkts(hdr, data):
  packet = EthDecoder().decode(data)
  print packet

packet_limit = -1 # infinite
pc.loop(packet_limit, recv_pkts) # capture packets

Any ideia to dump the captured packets into a pcap file?

Answer 1

There is a Dumper object you can get from pcapy via the dump_open call and you can call dump on that.

dumper = pc.dump_open(filename)
...
dumper.dump(hrd, data)

Answer 2

Pcapy does have Dumper object but you need to have a Reader object to create it, which makes no sense.

import pcapy as pc
dev = pc.lookupdev()
reader = pc.open_live(dev, 65536, 1, 1)
dumper = reader.dump_open('pcapy_test.pcap')

for _ii in range(2):
    hdr, pkt = reader.next()
    dumper.dump(hdr, pkt)