There is a Dumper object you can get from pcapy via the dump_open call and you can call dump on that.
dumper = pc.dump_open(filename)
...
dumper.dump(hrd, data)
Вопрос
I find a lot of examples to capture packets and read from a pcap file. But no examples at all to capture packets and dump these into a pcap.
I'm using the following code from here:
import pcapy
from impacket.ImpactDecoder import *
# list all the network devices
pcapy.findalldevs()
max_bytes = 1024
promiscuous = False
read_timeout = 100 # in milliseconds
pc = pcapy.open_live("name of network device to capture from", max_bytes, promiscuous, read_timeout)
pc.setfilter('tcp')
# callback for received packets
def recv_pkts(hdr, data):
packet = EthDecoder().decode(data)
print packet
packet_limit = -1 # infinite
pc.loop(packet_limit, recv_pkts) # capture packets
Any ideia to dump the captured packets into a pcap file?
Решение
There is a Dumper object you can get from pcapy via the dump_open call and you can call dump on that.
dumper = pc.dump_open(filename)
...
dumper.dump(hrd, data)
Другие советы
Pcapy does have Dumper object but you need to have a Reader object to create it, which makes no sense.
import pcapy as pc
dev = pc.lookupdev()
reader = pc.open_live(dev, 65536, 1, 1)
dumper = reader.dump_open('pcapy_test.pcap')
for _ii in range(2):
hdr, pkt = reader.next()
dumper.dump(hdr, pkt)