Showing posts with label pcap. Show all posts
Showing posts with label pcap. Show all posts

Thursday, July 26, 2012

Searching for packet catpuring and interface manipulation library for Python...

I needed a script that would monitor network traffic and capture and process only DHCP traffic. It turned out I couldn't find such script so I decided to write one (more about that script in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r post). For a language I decided to use Python. That was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 easy part. Now, I had to decide which libraries I will use that will allow me to capture network traffic, decode DHCP request and responses, and manipulate IP addresses on interfaces.

I started with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network traffic capturing. pcap library is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 library for network capture, so it was natural for me to search for a Python interface to this library. I found several such interfaces, i.e. pcap, pylibpcap, pypcap, and pcapy. There is also library interface specifically for Python 3, i.e. py3kcap. While searching for pcap interface, three ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Python libraries poped out: libdnet (here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old project page), dpkt and scapy.

But, not all libraries are equal, nor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y serve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same purpose. libdnet allows sending packets, manipulation with kernel's routing tables, firewall and arp cache. So, besides Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet and IP, it doesn't offer much more in term of supported protocols. dpkt, on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, is made just for this purpose! It supports easy creation and parsing of different TCP/IP protocols. Finally, Scapy is a swiss army knife of network manipulation. It offers shell in which one can manipulate packets, but also can be used within ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r scripts. Unfortunately, while browsing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source of Scapy I realized that it uses os.popen interface and calls external programs. So, this actually was enough for me to eliminate scapy from furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r consideration.

The next elimination criteria is availability of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 packages within CentOS and Fedora. I try to hold on prepackaged software as much as possible, so quick search (yum search) showed that on both, CentOS 6 and Fedora 17, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are packages for pcapy and dpkt (named python-dpkt). For some reason, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is dnet, but python interface isn't packaged. I found this bugzilla entry, but without any answer!

So, I settled on pcapy and dpkt. The only piece of puzzle that was missing now is how to manipulate interface addresses. I stumbled on netifaces, which allows me to obtain information about interfaces and also on this post for Windows. But all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 results I got were on how to obtain IP address. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end, I gave up and decided that I'll try to use libdnet even though I'll have to compile it from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source. Eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r that, or I'll use raw sockets and ioctls which are accessible from Python using standard libraries.

And for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end, as a curiosity, I'll mention that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is Python interface to IPTables, python-iptables, which is also packaged for Fedora.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive