pywtap

simplified object-oriented Python wrapper for libwiretap - the packet trace file reading interface in Ethereal. this module provides a simplified pypcap-compatible interface to read various packet trace files in the following formats:

tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's / WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS.

Any of these files can be compressed with gzip and wtap will decompress them on the fly.

sample usage: 

>>> import dpkt, wtap
>>> pc = wtap.wtap('/tmp/foo.pcap.gz')
>>> for ts, pkt in pc:
...     print `dpkt.ethernet.Ethernet(pkt)`
...
Ethernet(src='\x00\x03G\xb2M\xe4', dst='\x00\x03G\x06h\x18', data=IP(src='\n\x00\x01\x1c', dst='\n\x00\x01\x10', sum=39799, len=60, p=1, ttl=128, id=35102, data=ICMP(sum=24667, type=8, data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))
Ethernet(src='\x00\x03G\x06h\x18', dst='\x00\x03G\xb2M\xe4', data=IP(src='\n\x00\x01\x10', dst='\n\x00\x01\x1c', sum=43697, len=60, p=1, ttl=255, id=64227, data=ICMP(sum=26715, data=Echo(id=512, seq=60160, data='abcdefghijklmnopqrstuvwabcdefghi'))))
^CTraceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "wtap.pyx", line 298, in wtap.wtap.__next__
KeyboardInterrupt
>>>

Requirements

Download

Documentation

Links

Related modules:
<dugsong+pywtap@monkey.org>