The pcaplib API reference¶

class pcaplib.Reader(filename)[source]¶

Construct a Reader which reads the content of a PCAP file and can be consumed as an Iterable. An FileFormatError is raised if the file is not a valid PCAP file.

Example:

import pcaplib
pcap_reader = pcaplib.Reader('capture.pcap')
for ts in pcap_reader:
    print(packet)

(1494608771, 459378, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9')
(1494608771, 459556, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9')

filename¶: a filename.

version_major¶: Major version, currently 2.

version_minor¶: Minor version, currently 4.

thiszone¶: the correction time in seconds between GMT (UTC) and the local timezone of the following packet header timestamps. In practice, time stamps are always in GMT, so thiszone is always 0.

sigfigs¶: in theory, the accuracy of time stamps in the capture; in practice, all tools set it to 0.

snaplen¶: the snapshot length for the capture (typically 65535 or even more, but might be limited by the user).

network¶: link-layer header type.

ts_sec¶: the date and time when this packet was captured. This value is in seconds since January 1, 1970 00:00:00 GMT.

ts_usec¶: the microseconds when this packet was captured, as an offset to ts_sec.

incl_len¶: the number of bytes of packet data actually captured and saved in the file. This value should never become larger than orig_len or the snaplen value of the global header.

orig_len¶: the length in bytes of the packet as it appeared on the network when it was captured. If incl_len and orig_len differ, the actually saved packet size was limited by snaplen.

class pcaplib.Writer(filename, packets_iterable, network=<Network.EN10MB: 1>, big_endian=True)[source]¶

Construct a Writer which will write in filename packets using the PCAP format.

Example:

import pcaplib

pkt_list = [
    (1494608771, 459378, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9'),
    (1494608771, 459556, 6, 6, b'\\x00\\x0c)\\xaa4\\xc9'),
]

pcap_writer = pcaplib.Writer('capture.pcap', pkt_list)
pcap_writer.writer()

Parameters:	filename (str) – a filename packets_iterable (iterable) – An iterable of 5-tuples, each tuple should have the following format (`ts_sec`, `ts_usec`, `incl_len`, `orig_len`, `pkt_data`) network – the network type, defaults to Ethernet `Network.EN10B` or `1`.

packets_iterable.: An iterable of 5-tuples,

write()[source]¶: Iterates over packets_iterables and writes the content in a PCAP file.

Custom Enum¶

class pcaplib.Network(IntEnum)[source]¶

An enumeration.

An IntEnum representing the network types

Custom Exceptions¶

exception pcaplib.FileFormatError(Exception)[source]¶: Error if the file is not a valid PCAP file