Metadata-Version: 2.1
Name: python-pcapng
Version: 1.0
Summary: Library to read/write the pcap-ng format used by various packet sniffers
Home-page: https://github.com/rshk/python-pcapng
Author: Samuele Santi
Author-email: samuele@samuelesanti.com
License: Apache Software License 2.0
Platform: UNKNOWN
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Development Status :: 5 - Production/Stable
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.2
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: Implementation :: CPython
Requires-Dist: six

Python-pcapng
#############

Python library to parse the pcap-ng format used by newer versions
of dumpcap & similar tools (wireshark, winpcap, ...).


Documentation
=============

If you prefer the RTD theme, or want documentation for any version
other than the latest, head here:

http://python-pcapng.readthedocs.org/en/latest/

If you prefer the more comfortable, page-wide, default sphinx theme,
a documentation mirror is hosted on GitHub pages:

http://rshk.github.io/python-pcapng/


CI build status
===============

+----------+--------------------------------------------------------------------------+
| Branch   | Status                                                                   |
+==========+==========================================================================+
| master   | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=master    |
|          |     :target: https://travis-ci.org/rshk/python-pcapng                    |
+----------+--------------------------------------------------------------------------+
| develop  | .. image:: https://travis-ci.org/rshk/python-pcapng.svg?branch=develop   |
|          |     :target: https://travis-ci.org/rshk/python-pcapng                    |
+----------+--------------------------------------------------------------------------+


Source code
===========

Source, issue tracker etc. on GitHub: https://github.com/rshk/python-pcapng

Get the source from git::

    git clone https://github.com/rshk/python-pcapng

Download zip of the latest version:

https://github.com/rshk/python-pcapng/archive/master.zip

Install from pypi::

    pip install python-pcapng


PyPI status
===========

The official page on the Python Package Index is: https://pypi.python.org/pypi/python-pcapng

.. image:: https://img.shields.io/pypi/v/python-pcapng.svg
    :target: https://pypi.python.org/pypi/python-pcapng
    :alt: Latest PyPI version

.. image:: https://img.shields.io/pypi/dm/python-pcapng.svg
    :target: https://github.com/rshk/python-pcapng.git
    :alt: Number of PyPI downloads

.. image:: https://img.shields.io/pypi/pyversions/python-pcapng.svg
    :target: https://pypi.python.org/pypi/python-pcapng/
    :alt: Supported Python versions

.. image:: https://img.shields.io/pypi/status/python-pcapng.svg
    :target: https://pypi.python.org/pypi/python-pcapng/
    :alt: Development Status

.. image:: https://img.shields.io/pypi/l/python-pcapng.svg
    :target: https://pypi.python.org/pypi/python-pcapng/
    :alt: License

..
   .. image:: https://pypip.in/wheel/python-pcapng/badge.svg
       :target: https://pypi.python.org/pypi/python-pcapng/
       :alt: Wheel Status

   .. image:: https://pypip.in/egg/python-pcapng/badge.svg
       :target: https://pypi.python.org/pypi/python-pcapng/
       :alt: Egg Status

   .. image:: https://pypip.in/format/python-pcapng/badge.svg
       :target: https://pypi.python.org/pypi/python-pcapng/
       :alt: Download format



Why this library?
=================

- I need to decently extract some information from a bunch of pcap-ng
  files, but apparently tcpdump has some problems reading those files,

  I couldn't find other nice tools nor Python bindings to a library
  able to parse this format, so..

- In general, it appears there are (quite a bunch of!) Python modules
  to parse the old (much simpler) format, but nothing for the new one.

- And, they usually completely lack any form of documentation.


Isn't it slow?
==============

Yes, I guess it would be much slower than something written in C,
but I'm much better at Python than C.

..and I need to get things done, and CPU time is not that expensive :)

(Maybe I'll give a try porting the thing to Cython to speed it up, but
anyways, pure-Python libraries are always useful, eg. for PyPy).


How do I use it?
================

Basic usage is as simple as:

.. code-block:: python

    from pcapng import FileScanner

    with open('/tmp/mycapture.pcap', 'rb') as fp:
        scanner = FileScanner(fp)
        for block in scanner:
            pass  # do something with the block...

Have a look at the blocks documentation to see what they do; also, the
``examples`` directory contains some example scripts using the library.


Hacking
=======

Format specification is here:

http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

Contributions are welcome, please contact me if you're planning to do
some big change, so that we can sort out the best way to integrate it.

Or even better, open an issue so the whole world can partecipate in
the discussion :)


Pcap-ng write support
=====================

Support for writing pcap-ng files is "planned"; that means: I have
some ideas on how to write that part and which would be the required
changes to the library.

I didn't add that part (yet) as I currently don't need it, and I'm
wondering whether anybody might (possible use cases are if you're
writing some packet capture tool in Python, or some other kind of
capture-file manipulation thing).

If you need this feature, I'd like to hear from you (otherwise, I
don't really think I'm going to invest much time in something that no
one needs..).


History
#######

v0.1
====

- Support for "scanning" streams of pcap-ng data
- Support for decoding the "standard" pcap-ng blocks:

  - Section headers
  - Interface description
  - Enhanced packet
  - Simple packet (deprecated)
  - Packet (deprecated)
  - Name resolution
  - Interface statistics


