helpsystems / pcapy Goto Github PK

The python select module supports selecting on objects which provide a fileno() method. In order to allow selecting more seamlessly on Reader objects, I suggest adding a method like this:

def fileno(self):
    return self.getfd()

I'd be happy to open a PR if this sounds like something that could get merged.

Is there any plan to put version 0.10.8 on Python Package Index? The current version on pypi is 0.10.3.

When calling open_live there is a way to choose an interface but there is no way to specify which packets you want to capture (in, out, inout). Libpcap has set_direction that solves that but there is no way to configure it via pcapy

ImportError: Error loading shared library libpcap.so.1.3: No such file or directory (needed by /usr/lib/python2.7/site-packages/pcapy.so)

root@turris:/# uname -a
Linux turris 4.4.39-80079e1c1e5f9ca7ad734044462a761a-4 #1 SMP Fri Feb 10 09:50:47 CET 2017 armv7l n

root@turris:/usr/lib# ls -la |grep libpcap
lrwxrwxrwx 1 root root 14 Feb 10 04:18 libpcap.so -> libpcap.so.1.8
lrwxrwxrwx 1 root root 16 Feb 23 11:34 libpcap.so.1.3 -> libpcap.so.1.8.1
lrwxrwxrwx 1 root root 16 Feb 10 04:18 libpcap.so.1.8 -> libpcap.so.1.8.1
-rw-r--r-- 1 root root 209672 Feb 10 04:18 libpcap.so.1.8.1

This is on a Turris Omnia which runs OpenWRT. It worked after I created the symbolic link above, but I don't think I should need to do that.

It would be nice to have some sort of mechanism to find out if the kernel or network interface are dropping packets due to the ring buffer being full. This happens on busy interfaces and while I set the snap length low for the type of traffic I'm dealing with, to minimize how much each packet takes in the buffer, I would like some feedback from the software on if there is loss to mitigate the issue.

tcpdump/pcap support this sort of information via pcap_stats. It's also given via tcpdump when you exit a capture.

E.G:
X packets captured
Y packets received by filter
Z packets dropped by kernel

Hello, I'm trying to install pcapy on Ubuntu 16.04, but it fails with

$ sudo python3 setup.py install
running install
Checking .pth file support in /usr/local/lib/python3.5/dist-packages/
/usr/bin/python3 -E -c pass
TEST PASSED: /usr/local/lib/python3.5/dist-packages/ appears to support .pth files
running bdist_egg
running egg_info
writing top-level names to pcapy.egg-info/top_level.txt
writing dependency_links to pcapy.egg-info/dependency_links.txt
writing pcapy.egg-info/PKG-INFO
reading manifest file 'pcapy.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'pcapy.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_ext
building 'pcapy' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.5m -c pcapdumper.cc -o build/temp.linux-x86_64-3.5/pcapdumper.o
cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for C/ObjC but not for C++
pcapdumper.cc:11:18: fatal error: pcap.h: No such file or directory
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

I have tcpdump installed. I'm trying to install this for a client, so I'm not very familiar with any of this yet...

Looks like I do have pcap.h in a number of places though:

$ locate pcap.h
/usr/src/linux-headers-4.4.0-72/include/linux/mfd/ezx-pcap.h
/usr/src/linux-headers-4.4.0-72-generic/include/config/ezx/pcap.h
/usr/src/linux-headers-4.4.0-72-generic/include/config/input/pcap.h
/usr/src/linux-headers-4.4.0-72-generic/include/config/regulator/pcap.h
/usr/src/linux-headers-4.4.0-72-generic/include/config/rtc/drv/pcap.h
/usr/src/linux-headers-4.4.0-72-generic/include/config/touchscreen/pcap.h
/usr/src/linux-headers-4.4.0-75/include/linux/mfd/ezx-pcap.h
/usr/src/linux-headers-4.4.0-75-generic/include/config/ezx/pcap.h
/usr/src/linux-headers-4.4.0-75-generic/include/config/input/pcap.h
/usr/src/linux-headers-4.4.0-75-generic/include/config/regulator/pcap.h
/usr/src/linux-headers-4.4.0-75-generic/include/config/rtc/drv/pcap.h
/usr/src/linux-headers-4.4.0-75-generic/include/config/touchscreen/pcap.h
/usr/src/linux-headers-4.4.0-78/include/linux/mfd/ezx-pcap.h
/usr/src/linux-headers-4.4.0-78-generic/include/config/ezx/pcap.h
/usr/src/linux-headers-4.4.0-78-generic/include/config/input/pcap.h
/usr/src/linux-headers-4.4.0-78-generic/include/config/regulator/pcap.h
/usr/src/linux-headers-4.4.0-78-generic/include/config/rtc/drv/pcap.h
/usr/src/linux-headers-4.4.0-78-generic/include/config/touchscreen/pcap.h

But not in any lib folder.
Any ideas?

After cloning the repo and running python setup.py install, I get this error

dist.py:474: UserWarning: Normalizing '0.11.5-dev' to '0.11.5.dev0'
  normalized_version,
running install
running bdist_egg
running egg_info
creating pcapy.egg-info
writing pcapy.egg-info\PKG-INFO
writing dependency_links to pcapy.egg-info\dependency_links.txt
writing top-level names to pcapy.egg-info\top_level.txt
writing manifest file 'pcapy.egg-info\SOURCES.txt'
reading manifest file 'pcapy.egg-info\SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'pcapy.egg-info\SOURCES.txt'
installing library code to build\bdist.win-amd64\egg
running install_lib
running build_ext
building 'pcapy' extension
creating build
creating build\temp.win-amd64-3.6
creating build\temp.win-amd64-3.6\Release
creating build\temp.win-amd64-3.6\Release\win32
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\HostX86\x64\cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MT -DWIN32=1 -Ic:\wpdpack\Include -IC:\Users\user\AppData\Local\Programs\Python\Python36\include -IC:\Users\user\AppData\Local\Programs\Python\Python36\include "-IC:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\ATLMFC\include" "-IC:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\include" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.18362.0\ucrt" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.18362.0\shared" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.18362.0\um" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.18362.0\winrt" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.18362.0\cppwinrt" /EHsc /Tppcapdumper.cc /Fobuild\temp.win-amd64-3.6\Release\pcapdumper.obj
pcapdumper.cc
pcapdumper.cc(11): fatal error C1083: Cannot open include file: 'pcap.h': No such file or directory
error: command 'C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\VC\\Tools\\MSVC\\14.25.28610\\bin\\HostX86\\x64\\cl.exe' failed with exit status 2

Telling me that it cannot find pcap.h. The same error occurs when using pip.

It would be practical to have a way to browse pcapy documentation on Github easily. This could be achieved by moving the pcapy.html file to a /docs directory and pointing the project's Github Pages build to it.

Hi,

Would it be possible to bind the pcap_close(pcap_t *handle) bound to a module function, or even better, a Reader method, so that we can do:

pcapread = pcap.open_live([...])
[...]
pcapread.close()

Or maybe I've missed how to do that with the current code?

I installed pcapy using the source and compiled it. When I set an interface into monitor mode using tcpdump, like sudo tcpdump -I -i en0 --linktype=IEEE802_11 -e -s 256 type mgt subtype probe-response, packets show up just fine in that window for tcpdump, but pcapy can't seem to tell. Capturing on pcapy on that interface causes no packets to show up. Trying to set a filter on the capture object returns pcapy.PcapError: 802.11 link-layer types supported only on 802.11. In fact, I haven't been able to get pcapy to capture anything. Calling .datalink() on the interface capture object returns 1 (ethernet) for the wireless interface.

Am I missing some dependency? Compiling pcapy went smoothly without complaints, so I can't imagine what the problem is.

print("\n".join(pcapy.findalldevs()))

How is a human expected to know which adapter they want to specify / choose?

\Device\NPF_{5F548CD6-AB25-4913-ABC1-AE6DCF74760B}
\Device\NPF_{38014CA5-B0D9-4BE3-8CB6-4AA3442CB25F}
\Device\NPF_{1DE9A80A-A2B0-4DFE-9810-2EBD8D4DCA2C}
\Device\NPF_{AC59B406-A1B1-4F50-8621-9441AE84E06C}
\Device\NPF_{102E3A0A-8932-4156-9864-9C637014EA4E}
\Device\NPF_{26BCC034-5CAA-40A3-96D4-B2C5D9B7059F}
\Device\NPF_{6688476E-2EDB-4A6C-9976-AF020063ABC5}
\Device\NPF_{28E2730D-EAD3-4F25-85B8-DFFE14D9A054}
\Device\NPF_{556D609A-1036-466A-98B9-9A1E784AFF3A}

Hi, I face some trouble when I install pcapy

正在建立程式庫 build\temp.win-amd64-3.6\Release\pcapy.cp36-win_amd64.lib 和物件 build\temp.win-amd64-3.6\Release\pcapy.cp36-win_amd64.exp
pcapdumper.obj : error LNK2001: 無法解析的外部符號 pcap_dump_close
pcapdumper.obj : error LNK2001: 無法解析的外部符號 pcap_dump

...............

pcapy.obj : error LNK2001: 無法解析的外部符號 pcap_findalldevs
pcapy.obj : error LNK2001: 無法解析的外部符號 pcap_open_dead
pcapy.obj : error LNK2001: 無法解析的外部符號 pcap_open_offline
pcapy.obj : error LNK2001: 無法解析的外部符號 pcap_lookupnet
build\lib.win-amd64-3.6\pcapy.cp36-win_amd64.pyd : fatal error LNK1120: 26 個無法解析的外部符號
error: Setup script exited with error: command 'C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.12.25827\bin\HostX86\x64\link.exe' failed with exit status 1120

無法解析的外部符號 = unresolved external symbol

I use python3, anaconda in windows 10 ,64bit
how can I solve this problem, THANKS

When running the following simple test application pcapy will continue to consume memory until it's killed.

App

import pcapy

p = pcapy.open_live('any', 65535, False, 100)

while True:
    p.next()

Memory Usage over a 30 minute period

Environment

$ cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

$ find /usr/lib | grep libpcap
/usr/lib/x86_64-linux-gnu/libpcap.so.1.6.2
/usr/lib/x86_64-linux-gnu/libpcap.a
/usr/lib/x86_64-linux-gnu/libpcap.so
/usr/lib/x86_64-linux-gnu/libpcap.so.0.8

$ python3.4 --version
Python 3.4.2

When I try to use pcapy.open_live, I don't seem to get any channels in the A band. I can get data from the b/g bands fine, but nothing in the 5 Ghz A band.

I have tested this with both the AWUS1900 (8814au driver) and the AWUS036ACH (8812au driver). They can both get data okay on the 2.4 Ghz channels (1-14) when using "pcapy.open_live(interface_name, 1514, 1, 0)", but no channels above the top end of b/g.

I know the driver can get data on the A band channels because airodump-ng works fine.

Can support for the A band channels be added to pcapy?

Built pcapy 0.10.8 with pypy 2.2.1 successfully, but it can't be imported. The error is:

# pypy
Python 2.7.3 (87aa9de10f9ca71da9ab4a3d53e0ba176b67d086, May 09 2014, 08:19:15)
[PyPy 2.2.1] on freebsd10
Type "help", "copyright", "credits" or "license" for more information.
And now for something completely different: ``PyPy 2.0.1 released''
>>>> from pcapy import open_live
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: unable to load extension module '/usr/local/lib/pypy-2.2/site-packages/pcapy.pypy-22.so': /usr/local/lib/pypy-2.2/site-packages/pcapy.pypy-22.so: Undefined symbol "__gxx_personality_v0"

I could fix this by adding libstdc++ to libraries in setup.py:

--- setup.py.orig       2014-05-10 10:34:10.991476679 +0200
+++ setup.py    2014-05-10 10:34:56.891831654 +0200
@@ -19,7 +19,7 @@
     library_dirs.append(r'c:\devel\oss\wpdpack\Lib')
     libraries = ['wpcap', 'packet', 'ws2_32']
 else:
-    libraries = ['pcap']
+    libraries = ['pcap', 'stdc++']

setup at py2.7 win7 64bit ,Visual C++ 9.0 for Python
error:
ed in function "struct _object * __cdecl open_live(struct _object *,struct _obje
ct *)" (?open_live@@YAPEAU_object@@PEAU1@0@Z)
pcapy.obj : error LNK2019: unresolved external symbol pcap_open_live referenced
in function "struct _object * __cdecl open_live(struct _object *,struct _object
*)" (?open_live@@YAPEAU_object@@PEAU1@0@Z)
pcapy.obj : error LNK2019: unresolved external symbol pcap_lookupnet referenced
in function "struct _object * __cdecl open_live(struct _object *,struct _object
*)" (?open_live@@YAPEAU_object@@PEAU1@0@Z)
pcapy.obj : error LNK2019: unresolved external symbol pcap_open_offline referenc
ed in function "struct _object * __cdecl open_offline(struct _object *,struct _o
bject *)" (?open_offline@@YAPEAU_object@@PEAU1@0@Z)
pcapy.obj : error LNK2019: unresolved external symbol pcap_open_dead referenced
in function "struct _object * __cdecl bpf_compile(struct _object *,struct _objec
t *)" (?bpf_compile@@YAPEAU_object@@PEAU1@0@Z)
build\lib.win-amd64-2.7\pcapy.pyd : fatal error LNK1120: 26 unresolved externals

error: command 'C:\Users\Administrator\AppData\Local\Programs\Common\Micr
osoft\Visual C++ for Python\9.0\VC\Bin\amd64\link.exe' failed with exit st
atus 1120

Hi,

I'm new to GitHub so I apologize if this is not the correct place to ask questions. I am not sure if this this is an issue, or my own ignorance, but I am using pcapy to read a live bytestream and record it to a .pcap file. doing so was fairly easy with the documentation i found on the web, but when i view the pcap in wireshark I have two issues:

1. the header timestamp is in microsecond precision only. if i capture from the same interface using tcpdump with "--time-stamp-precision nano", i see the header timestamps in nanoseconds.

2. The headers and payloads look fine in my pcap, but each message also has an 8 byte packet trailer which i do not see. if I use tcpdump with -K (this may not be necessary but checksum is what i suspect is why pcapy doesnt read it), each message will include the packet trailer.

because special arguments are needed to get the output i want with tcpdump, I suspect that libpcap needs to be told to turn these features on. Does pcapy support either request?

FWIW, here is a stripped down sample of what my code is doing. it is a bit more complicated else i would be using tcpdump to create the captures:

#first, i'm opening the bytestream, passing the desired interface from cli arguments:
cap = pcapy.open_live(interface, 65536, 1, 0)
#i want to write every UDP message in this packet capture, so i do the following:
while True:
(header, packet) = cap.next()
ethernet = dpkt.ethernet.Ethernet(packet)

   if ethernet.type == dpkt.ethernet.ETH_TYPE_IP:
      ip = ethernet.data
      if ip.p == dpkt.ip.IP_PROTO_UDP:
          udp = ip.data

#there's some processing that goes on in the middle, but i am not manipulating the output.
dumper = cap.dump_open(path + filename +'.pcap')
dumper.dump(header,packet)

I read that someone edited the source to enable at least the nanosecond precision, however as it is from 2014 I assume they never made a pull request or shared their code contribution:

https://stackoverflow.com/questions/21764341/pcap-nanoseconds-python

I'd appreciate any help you can give me, and happy to help where i can with diagnosis

I added a function to support pcap_open_offline_with_tstamp_precision(). Do you want me to submit a pull request?

import pcapy
Traceback (most recent call last):
File "", line 1, in
File "build\bdist.win32\egg\pcapy.py", line 7, in
File "build\bdist.win32\egg\pcapy.py", line 6, in bootstrap
ImportError: DLL load failed: 找不到指定的模块。

Winpcap has already in my computer

Hi. I am using mingw32 and 32 bit python 2.7
-WpdPack is downloaded and used in include and lib dir in setup.py . I changed the Include and Lib directories in setup.py (in pcapy) and they are true.
-I also installed python setuptools
-MinGW and gcc are correctly installed (I compiled many other C++ files with them, and using python)
-I use command python setup.py build_ext -c mingw32 in the folder contains pcapy.
first I had this error :

c:\mingw\lib\gcc\mingw32\6.3.0\include\c++\cmath:1157:11: error: '::hypot' has not been declared
using ::hypot;
^~~~~

I added #define hypot _hypot before that line and this error faded away.

now I have this error :

c:\mingw\include\stdio.h:349:12:
In file included from C:\sulley-master\WpdPack\Include/pcap/pcap.h:54:0,
from C:\sulley-master\WpdPack\Include/pcap.h:45,
from bpfobj.cc:10:
c:\mingw\include\stdio.h:345:12: error: expected initializer before '__mingw__snprintf'
extern int mingw_stdio_redirect(snprintf)(char*, size_t, const char*, ...);
c:\mingw\include\stdio.h:349:12: error: expected initializer before '__mingw__vsnprintf'
extern int mingw_stdio_redirect(vsnprintf)(char*, size_t, const char*, __VALIST);
error: command 'C:\MinGW\bin\gcc.exe' failed with exit status 1

I don't know what shall I do with this. please help me.

function next() seems to have a memory leak. The with the following code the memory increases through the time:

import pcapy

class PacketSniffer:
    def sniff(self):
        livecapture = pcapy.open_live('eth0', 65536, 1, 0)
        self._run=True
        while self._run:
            captured = livecapture.next()

if __name__ == '__main__':
  sniffer=PacketSniffer()
  sniffer.sniff()

OS: Red Hat Enterprise Linux Server release 7.3 (Maipo)

python: Python 3.5.1

pip show pcapy

Name: pcapy
Version: 0.11.1
Summary: Python pcap extension
Home-page: https://github.com/CoreSecurity/pcapy
Author: CORE Security
Author-email: [email protected]
License: Apache modified
Location: /opt/python_virtualenv/ibn/lib/python3.5/site-packages
Requires:

These lines:

are causing AttributeError: module 'distutils.sysconfig' has no attribute '_init_posix'. Unfortunately, it's not enough to change it to just import sysconfig because then it produces:

  File "/usr/lib/python3.11/site-packages/setuptools/command/build_ext.py", line 24, in <module>
    get_config_var("LDSHARED")
    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/setuptools/_distutils/sysconfig.py", line 549, in get_config_var
    return get_config_vars().get(name)
           ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/setuptools/_distutils/sysconfig.py", line 528, in get_config_vars
    _config_vars = sysconfig.get_config_vars().copy()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/sysconfig.py", line 688, in get_config_vars
    _init_posix(_CONFIG_VARS)
    ^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: my_init_posix() takes 0 positional arguments but 1 was given

I'm building it with setuptools 62.6.0.

I'm trying to package your module as an rpm package. So I'm using the typical PEP517 based build, install and test cycle used on building packages from non-root account.

• python3 -sBm build -w
• install .whl file in </install/prefix>
• run pytest with PYTHONPATH pointing to sitearch and sitelib inside </install/prefix>

I found tests/pcapytests.py which looks lioke some unittest test suite however looks like it fails

+ cd pcapy-0.11.5
+ cd tests
+ PYTHONPATH=/home/tkloczko/rpmbuild/BUILDROOT/python-pcapy-0.11.5-2.fc35.x86_64//usr/lib64/python3.8/site-packages
+ /usr/bin/python3 pcapytests.py
testBPFFilter (__main__.TestPcapy)
#3 test offline BPFFilter ... pcapytests.py:61: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, pkt = r.next()
pcapytests.py:63: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  f = bpf.filter(pkt)
pcapytests.py:65: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, pkt = r.next()
ok
testClose (__main__.TestPcapy)
#7 Test the close method ... pcapytests.py:133: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, body = r.next()
ok
testContextManager (__main__.TestPcapy)
#8 Test the context manager support ... pcapytests.py:144: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, body = r.next()
ok
testEOFValue (__main__.TestPcapy)
#2 empty string is returned as packet body at end of file ... pcapytests.py:44: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, pkt = r.next()
pcapytests.py:46: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, pkt = r.next()
FAIL
testPacketDumper (__main__.TestPcapy)
#6 test that the dumper writes correct payload ... pcapytests.py:100: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, body = r.next()
pcapytests.py:103: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  dumper.dump(hdr, body)
pcapytests.py:105: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  hdr, body = r.next()
pcapytests.py:115: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  h1, b1 = r.next()
pcapytests.py:116: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  h2, b2 = r2.next()
pcapytests.py:119: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  h1, b1 = r.next()
pcapytests.py:120: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  h2, b2 = r2.next()
ok
testPacketHeaderRefCount (__main__.TestPcapy)
#1: when next() creates a pkthdr it makes one extra reference ... pcapytests.py:31: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
  sys.getrefcount(r.next()[0]),
ok
test_get_bpf (__main__.TestPcapy) ... ok

======================================================================
FAIL: testEOFValue (__main__.TestPcapy)
#2 empty string is returned as packet body at end of file
----------------------------------------------------------------------
Traceback (most recent call last):
  File "pcapytests.py", line 52, in testEOFValue
    self.assertEqual(refNone, sys.getrefcount(None))
AssertionError: 6873 != 6871

----------------------------------------------------------------------
Ran 7 tests in 0.003s

FAILED (failures=1)

Hello,

We are studying a cleanup in scapy's code, and were comparing currently "up-to-date" python libpcap implementations, to see which were outdated. (Indeed we are currently supporting python-pypcap, python-libpcap, pcapy, dnet and dumbnet)

Pcapy is one of the most up-to-date and maintained alternatives we have, and really is a great tool. However, unlike python-libpcap or python-pypcap (PR), pcapy has no support for monitor mode (pcap_set_rfmon)

As said by @guyharris in #19 (comment), it would require a deeper implementation, that is currently really lacking to pcapy. This has also been reported by #17 by @martinuy. However, it seems that this is stuck since 2016...

I know that many people have other things to do, but it would really be great if CoreSecurity/pcapy had plans about supporting all those functions.

Thank you for reading, really hoping that this project will move on, and not die like all the others.

Because of ignored problems with DeprecationWarning for PY_SSIZE_T_CLEAN (#67, #68), Pcapy doesn't work anymore on Python3.10 (Note: read https://docs.python.org/3.10/whatsnew/3.10.html#id2)

pip3 install pcapy==0.11.4 failed with "command 'x86_64-linux-gnu-gcc' failed with exit status 1"

The complete console output is below

root@rs-dal-karthik-test:/usr/local/talkiq/sniff_realtime# ./bin/pip3 install pcapy==0.11.4
Collecting pcapy==0.11.4
  Using cached https://files.pythonhosted.org/packages/b0/68/b49e008f9e2b5ab727fb4b820c2e7d0914bd8dacb3c2d668a36b6e5d8991/pcapy-0.11.4.tar.gz
Installing collected packages: pcapy
  Running setup.py install for pcapy ... error
    Complete output from command /usr/local/talkiq/sniff_realtime/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-sdr47lrh/pcapy/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-dae79fry/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/talkiq/sniff_realtime/include/site/python3.7/pcapy:
    running install
    running build
    running build_ext
    building 'pcapy' extension
    creating build
    creating build/temp.linux-x86_64-3.7
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/local/talkiq/sniff_realtime/include -I/usr/include/python3.7m -c pcapdumper.cc -o build/temp.linux-x86_64-3.7/pcapdumper.o
    pcapdumper.cc:10:10: fatal error: Python.h: No such file or directory
     #include <Python.h>
              ^~~~~~~~~~
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/local/talkiq/sniff_realtime/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-sdr47lrh/pcapy/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-dae79fry/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/talkiq/sniff_realtime/include/site/python3.7/pcapy" failed with error code 1 in /tmp/pip-install-sdr47lrh/pcapy/
root@rs-dal-karthik-test:/usr/local/talkiq/sniff_realtime#

My python version and OS details are below

root@rs-dal-karthik-test:/usr/local/talkiq/sniff_realtime# python3 -V
Python 3.7.3rc1
root@rs-dal-karthik-test:/usr/local/talkiq/sniff_realtime# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux buster/sid"
NAME="Debian GNU/Linux"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

How do I fix this issue?

x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c pcapdumper.cc -o build/temp.linux-x86_64-2.7/pcapdumper.o
cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for C/ObjC but not for C++
pcapdumper.cc:11:18: fatal error: pcap.h: No such file or directory
#include <pcap.h>
^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

When I run python setup.py install compilation error occurs and proccess terminates

running install
running build
running build_ext
building 'pcapy' extension
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -g -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c pcapdumper.cc -o build/temp.linux-x86_64-2.7/pcapdumper.o
cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for C/ObjC but not for C++
pcapdumper.cc:10:20: fatal error: Python.h: No such file or directory
 #include <Python.h>
                    ^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

The goal of this task is to export more Pcap functions (so they are available from Python) in order to open a live capture in the same way than calling pcap_open_live function but being able to specify the internal buffer size. In a way, pcap_open_live is a wrap-up for many of these functions but it's not as flexible as manually calling each one.

The functions we have listed to achieve this goal are the following:

• pcap_create
• pcap_set_snaplen
• pcap_set_promisc
• pcap_set_timeout
• pcap_set_buffer_size
• pcap_activate

Please check that this functions are both available from Linux Pcap and WinPcap. If not, add pre-processor directives to avoid compilation or linking issues.

There is no easy way to identify the cause of the error based on the integer. libpcap includes the function pcap_statustostr that accepts an integer and returns the error/warning string associated with it.

It seems like the statustostr function would be a good thing to add.

It it also possible to add an error exception to the activate function, however this may be a breaking change and it would not be faithful to the original libpcap implementation.

Hi,

I've noticed, that pcapy 0.11.5 was released several weeks ago, but new version still missing from PyPI. It's a little inconvenient, since version 0.11.4 has a memory leak: 20a533f, but it was patched in 0.11.5

Is it possible to add pcapy 0.11.5 to PyPI?

Hi,
can I manage mptcp options using pcapy?

thanks in advance,
Ginés.

Hi,
im trying to capture packets and im using open_live(timeout 0) with dispatch instead of next, and I dont know why but its sniffing only a few packets and then close pip.
my code:

import pcapy
import threading
import time
from pcapy import open_live, PcapError

def parse_eth_packet_hndlr(header, packet):
print('header len:%s\n'%header.getlen())

def start():
try:
packets_reader = open_live('eth2', 200, 0, 0)
except PcapError as e:
if 'That device is not up' in str(e):
logging.debug(e)
return None
try:
print('Try to start capturing packets')
packets_reader.dispatch(-1, parse_eth_packet_hndlr)
except PcapError as e:
return

if name == 'main':
start()

pcapy version:pcapy-0.11.5.dev0
python version: 2.7
please advice

this code don't work on python3
will you guys work out the python3 version?
python3 has removed Py_FindMethod c api
so i can't compile it
i am a new python3 coder
i just can't fix it myself
can anybody help

Arch Linux is currently trying to update to python 3.7.0, and while rebuilding all packages in our repositories, pcapy failed the testsuite with the following log:

======================================================================
FAIL: testEOFValue (__main__.TestPcapy)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "pcapytests.py", line 52, in testEOFValue
    self.assertEqual(refNone, sys.getrefcount(None))
AssertionError: 5918 != 5915

----------------------------------------------------------------------
Ran 6 tests in 0.002s

FAILED (failures=1)

Hello! Just tried upgrading from 0.11.1 to 0.11.2 and I'm getting a failure, I think below is the relevant part of the log, but I can include more if necessary:

    creating build/lib.macosx-10.13-x86_64-2.7
    clang++ -bundle -undefined dynamic_lookup -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk build/temp.macosx-10.13-x86_64-2.7/pcapdumper.o build/temp.macosx-10.13-x86_64-2.7/bpfobj.o build/temp.macosx-10.13-x86_64-2.7/pcapobj.o build/temp.macosx-10.13-x86_64-2.7/pcap_pkthdr.o build/temp.macosx-10.13-x86_64-2.7/pcapy.o -lpcap -lstdc++ -o build/lib.macosx-10.13-x86_64-2.7/pcapy.so
    running install_lib
    copying build/lib.macosx-10.13-x86_64-2.7/pcapy.so -> /Users/pcloke/.virtualenvs/my_proj/lib/python2.7/site-packages
    running install_data
    creating /Users/pcloke/.virtualenvs/my_proj/share/doc/pcapy
    copying README -> /Users/pcloke/.virtualenvs/my_proj/share/doc/pcapy
    copying LICENSE -> /Users/pcloke/.virtualenvs/my_proj/share/doc/pcapy
    copying pcapy.html -> /Users/pcloke/.virtualenvs/my_proj/share/doc/pcapy
    creating /Users/pcloke/.virtualenvs/my_proj/share/doc/pcapy/tests
    error: can't copy 'tests/pcapytests.py': doesn't exist or not a regular file

I suspect that 7c5e051 is the cause.

I'm seeing this on both Mac and Ubuntu. Any help would be appreciated! Thanks. 👍

Installing pcapy from pip or straight from source fails. Binary cannot be installed from your website because it won't accept anything newer than 2.7 (or at least 64-bit)

Installing via CMD.exe (Win7 64-bit) ends up with this line:

"pcapdumper.cc(11) : fatal error C1083: Cannot open include file: 'pcap.h': No such file or directory"

I have just cloned pcapy and I am getting the following error when trying to compile it:

(python36) $ python setup.py build

my_init_posix: changing LDSHARED = 'clang++ -bundle -undefined dynamic_lookup'
to 'clang++ -bundle -undefined dynamic_lookup'
running build
running build_ext
building 'pcapy' extension
clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/include/python3.6m -c pcapdumper.cc -o build/temp.macosx-10.12-x86_64-3.6/pcapdumper.o
clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/include/python3.6m -c bpfobj.cc -o build/temp.macosx-10.12-x86_64-3.6/bpfobj.o
clang -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/usr/local/Cellar/python3/3.6.1/Frameworks/Python.framework/Versions/3.6/include/python3.6m -c pcapobj.cc -o build/temp.macosx-10.12-x86_64-3.6/pcapobj.o
pcapobj.cc:652:11: error: no member named 'ob_type' in 'pcapobject'
  if (pp->ob_type != &Pcaptype)
      ~~  ^
1 error generated.
error: command 'clang' failed with exit status 1

$ python -V
Python 3.6.1

Mac OS X Sierra(10.12.6).

Any clue?

Export pcap_get_selectable_fd, this is useful to use pcapy with external event loops.

Great python module, thanks for making it available to the public. Wondering if you could add an option (defaulted to False) to set immediate mode (no buffering of packets). Several of the other python wrappers for libpcap have an immediate flag.

pip install fails with the below message.

[root@default /]# pip3 install pcapy
Collecting pcapy
  Downloading pcapy-0.10.9.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 20, in <module>
      File "/tmp/pip-build-qwu_r00b/pcapy/setup.py", line 43
        print 'my_init_posix: changing LDSHARED =',`g['LDSHARED']`,
                                                 ^
    SyntaxError: Missing parentheses in call to 'print'

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-qwu_r00b/pcapy
[root@default /]# 

not support mingw 64bits target OS.

Error on the latest distutils

Collecting pcapy
  Using cached pcapy-0.11.4.tar.gz (37 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [6 lines of output]
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-3hwz7mz1/pcapy_78572af867a84aadad6f1c4be2d457c3/setup.py", line 49, in <module>
          save_init_posix = sysconfig._init_posix
      AttributeError: module 'distutils.sysconfig' has no attribute '_init_posix'
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

Seems like the _init_posix was removed since it is an internal function it is not promised to stay the same, any chance fixing it?
pypa/setuptools#3220

I follow every instruction but when 'python setup.py install', following error appears
running build_ext
building 'pcapy' extension
error: Unable to find vcvarsall.bat

I put WpdPack_4_1_2 into C:\ drive
Amend setup.py append 'C:\WpdPack_4_1_2\WpdPack\Include'
I install VCForPython27.msi n Anaconda

I insert pypcap-1.1.6.tar.gz into Anaconda2\pkgs and run conda install pypcap-1.1.6.tar.gz:
Offline PC hang at Fetching package metadata: