A PacketReader object is a list of Packeteer objects created from reading a pcap file.

It also has a getChunk(n) function that returns the next n packeteers from the list.

A Packeteer is a scapy packet object with a dictionary wrapper.

Scapy, as a packet manipulation program, has tons of tools for building, analyzing, and sending/receiving packets. We make use of its analytic abilities to parse pcap files into something we can read easily. Basically, we let scapy parse each packet, and take from it the fields that we want.

The usage comments from in-code follow.

'''
USAGE:
from Packeteer import *
packetList = PacketReader("pcapFile")
singlePacket = packetList[45]
singlePacket['payload']


Currently supported attributes:
<Attribute -> 'Dictionary key'>
Payload -> 'payload'
Source MAC -> 'source_mac'
Source IP -> 'source_ip'
Destination IP -> 'destination_ip'
Source Port -> 'source_port'
Destination Port -> 'dest_port'
Length -> 'len'
Options -> 'options'
ID# -> 'packet_id'
Flags -> 'flags'
Time -> 'time'
protocol -> 'protocol'
'''

Parsing PCAP files

Want to actually parse a pcap file? You're in luck.

python manage.py parse_pcap FILENAME

And watch.