Scapy and rdpcap function

python networking pcap packet-capture scapy
auino picture auino · May 29, 2012 · Viewed 15.6k times · Source

I'm using rdpcap function of Scapy to read a PCAP file. I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets.

I noticed that parsing a large PCAP file the rdpcap function takes too much time to read it.

Is there a solution to read a pcap file faster?

Answer

wonder picture wonder · Jun 22, 2016

Scapy has another method sniff which you can use to read the pcap files too:

def method_filter_HTTP(pkt):
    #Your processing

sniff(offline="your_file.pcap",prn=method_filter_HTTP,store=0)

rdpcap loads the entire pcap file to the memory. Hence it uses a lot of memory and as you said its slow. While sniff reads one packet at a time and passes it to the provided prn function. That store=0 parameter ensures that the packet is deleted from memory as soon as it is processed.

Related questions

What is the quickest way to HTTP GET in Python?

What is the quickest way to HTTP GET in Python if I know the content will be a string? I am searching the documentation for a quick one-liner like: contents = url.get("http://example.com/foo/bar") But all I …

Read More
Finding local IP addresses using Python's stdlib

How can I find local IP addresses (i.e. 192.168.x.x or 10.0.x.x) in Python platform independently and using only the standard library?

Read More
How do I get Flask to run on port 80?

I have a Flask server running through port 5000, and it's fine. I can access it at http://example.com:5000 But is it possible to simply access it at http://example.com? I'm assuming that means I have to change the …

Read More