PCAP file library¶
Introduction¶
OS-Ken PCAP file library helps you to read/write PCAP file which file format are described in The Wireshark Wiki.
Reading PCAP file¶
For loading the packet data containing in PCAP files, you can use pcaplib.Reader.
- class os_ken.lib.pcaplib.Reader(file_obj)¶
PCAP file reader
Argument
Description
file_obj
File object which reading PCAP file in binary mode
Example of usage:
from os_ken.lib import pcaplib from os_ken.lib.packet import packet frame_count = 0 # iterate pcaplib.Reader that yields (timestamp, packet_data) # in the PCAP file for ts, buf in pcaplib.Reader(open('test.pcap', 'rb')): frame_count += 1 pkt = packet.Packet(buf) print("%d, %f, %s" % (frame_count, ts, pkt))
Writing PCAP file¶
For dumping the packet data which your OSKenApp received, you can use pcaplib.Writer.
- class os_ken.lib.pcaplib.Writer(file_obj, snaplen=65535, network=1)¶
PCAP file writer
Argument
Description
file_obj
File object which writing PCAP file in binary mode
snaplen
Max length of captured packets (in octets)
network
Data link type. (e.g. 1 for Ethernet, see tcpdump.org for details)
Example of usage:
... from os_ken.lib import pcaplib class SimpleSwitch13(app_manager.OSKenApp): OFP_VERSIONS = [ofproto_v1_3.OFP_VERSION] def __init__(self, *args, **kwargs): super(SimpleSwitch13, self).__init__(*args, **kwargs) self.mac_to_port = {} # Create pcaplib.Writer instance with a file object # for the PCAP file self.pcap_writer = pcaplib.Writer(open('mypcap.pcap', 'wb')) ... @set_ev_cls(ofp_event.EventOFPPacketIn, MAIN_DISPATCHER) def _packet_in_handler(self, ev): # Dump the packet data into PCAP file self.pcap_writer.write_pkt(ev.msg.data) ...