Pcapy and Impacket are good software. They're Python libraries to make it easy to sniff packets and parse them, as well as create packets. Think of it like an ethereal you can easily program.

# Print out sizes of IP packets
import pcapy, impacket, impacket.ImpactDecoder

decoder = impacket.ImpactDecoder.EthDecoder()
# packets = pcapy.open_live("eth0", 1500, 0, 100)
packets = pcapy.open_offline('/tmp/cap/capture')
packets.setfilter('ip')
for i in xrange(100):
   (header, data) = packets.next()
   eth = decoder.decode(data)
   ip = eth.child()
   print ip.get_ip_len()

It's brand new. The docs are nearly nonexistent and the library isn't as Pythonic as one would hope. But it works pretty well! Compare also scapy (less libpcap-like).

PS: I ran into a problem installing on Debian

ImportError: /usr/lib/python2.3/site-packages/pcapy.so: undefined symbol: __gxx_personality_v0
The workaround was to link the .so with g++ instead of gcc. This is either a bug in gcc or Python distutils.
techgood
  2003-12-02 17:06 Z