Scapy - how to get the statistics?

Question

I need to write a network sniffer and I have decided to use python to do it. I know that the performances will not be the best, and for this kind of software I should use c or c++, but a good prototype will just do for me. So I have been working with libpcap library for python 2.7 and I could get all the info I needed such as: IP source and destination, with relative ports, timestamp and packet length. But the problem was that I noticed that with high traffic there was an huge packet dropping.

It must be said that these info were inserted into a mysql database during the whole process.

So before I go further with Scapy I would like to understand if there is a way to measure how many packets I will loose during this elaboration.

Thank you

Answer 1

I have fixed in an indirect way. I am using

tcpdump -G 3600 -i interface -n -w %H-Capture.pcap

From here I collect all the statistics about discarded packets and filtered and so on. Please mind that to minimize the percentage of discarded packet the option -n is vital since it basically says not to resolve each host in the packets captured -G instead basically tells to cycle over 3600 seconds creating i.e. a file each hour.

After this I just go Scapy from cli and in scapy I do the following:

x = rdpcap("myfile")
len_x = len(x)

for i in x:
   if TCP in i:
      i.show()

this will show only the TCP packets. If you want you can also filter UDP or ICMP and so on in the same way.