基于python的npcap库与dpkt库实现抓包及存储

基于python的npcap库与dpkt库实现抓包及存储

import pcap
import dpkt
import socket
import sys
import getopt
import os
"""实现了捕获底层数据包并储存为pcap文件"""
# list all of the Internet devices
devs = pcap.findalldevs()  # 获取本机设备名，通过wireshark查看后，发现第4个3CC开头的是网卡设备
pc = pcap.pcap(devs[4], promisc = True, immediate = False, timeout_ms = 50)   # 首个参数devs[4]对应接口名，promisc为真表明打开混杂模式，immediate表明当即模式，启用将不缓存数据包,timeout_ms表明接收数据包的超时时间
pcap_filepath = 'capyuretest.pcap'
pcap_file = open(pcap_filepath,'wb')
writer = dpkt.pcap.Writer(pcap_file)
#pc.setfilter()  # 设置过滤规则
#pc.setfilter('tcp port 80')  # 以http协议为例进行解析
try:
    counts = 0
    for ptime, pdata in pc:
        writer.writepkt(pdata, ptime)
        counts += 1
except KeyboardInterrupt as e:
    writer.close()
    pcap_file.close()
    if not counts:
        os.remove(pcap_filepath)
    print('%d packets received'%(counts))