def set_filter(handle, bpf_expression):
program = ffi.new('struct bpf_program *')
expression = ffi.new('const char[]', bpf_expression)
optimize = 1
netmask = libpcap.PCAP_NETMASK_UNKNOWN
libpcap.pcap_compile(handle, program, expression, optimize, netmask)
libpcap.pcap_setfilter(handle, program)
def live_capture(
device,
packet_limit=-1,
snaplen=128,
drop_to_user=None,
bpf_expression=None,
):
global l2_header
source = ffi.new('const char[]', device)
errbuf = ffi.new('char[]', libpcap.PCAP_ERRBUF_SIZE)
handle = libpcap.pcap_create(source, errbuf)
libpcap.pcap_set_snaplen(handle, snaplen)
libpcap.pcap_activate(handle)
pcap_datalink = libpcap.pcap_datalink(handle)
l2_header = L2_HEADER_STRUCT[pcap_datalink]
if bpf_expression is not None:
set_filter(handle, bpf_expression)
if drop_to_user is not None:
drop_privileges(drop_to_user)
try:
libpcap.pcap_loop(handle, packet_limit, hook, ffi.NULL)
finally:
libpcap.pcap_close(handle)
stop_event.set()
print('Live capture completed.')
def live_capture(
device,
packet_limit=-1,
snaplen=128,
drop_to_user=None,
bpf_expression=None,
):
global l2_header
source = ffi.new('const char[]', device)
errbuf = ffi.new('char[]', libpcap.PCAP_ERRBUF_SIZE)
handle = libpcap.pcap_create(source, errbuf)
libpcap.pcap_set_snaplen(handle, snaplen)
libpcap.pcap_activate(handle)
pcap_datalink = libpcap.pcap_datalink(handle)
l2_header = L2_HEADER_STRUCT[pcap_datalink]
if bpf_expression is not None:
set_filter(handle, bpf_expression)
if drop_to_user is not None:
drop_privileges(drop_to_user)
try:
libpcap.pcap_loop(handle, packet_limit, hook, ffi.NULL)
finally:
libpcap.pcap_close(handle)
stop_event.set()
print('Live capture completed.')
def set_filter(handle, bpf_expression):
program = ffi.new('struct bpf_program *')
expression = ffi.new('const char[]', bpf_expression)
optimize = 1
netmask = libpcap.PCAP_NETMASK_UNKNOWN
libpcap.pcap_compile(handle, program, expression, optimize, netmask)
libpcap.pcap_setfilter(handle, program)
def get_all_devices():
alldevsp = ffi.new('pcap_if_t **')
errbuf = ffi.new('char[]', libpcap.PCAP_ERRBUF_SIZE)
try:
rc = libpcap.pcap_findalldevs(alldevsp, errbuf)
if rc:
raise RuntimeError(ffi.string(errbuf))
all_devices = []
dev = alldevsp[0]
while dev:
all_devices.append(ffi.string(dev.name))
dev = dev.next
finally:
libpcap.pcap_freealldevs(alldevsp[0])
return all_devices
def file_capture(file_path, bpf_expression=None):
global l2_header
source = ffi.new('const char[]', file_path)
errbuf = ffi.new('char[]', libpcap.PCAP_ERRBUF_SIZE)
handle = libpcap.pcap_open_offline(source, errbuf)
pcap_datalink = libpcap.pcap_datalink(handle)
l2_header = L2_HEADER_STRUCT[pcap_datalink]
if bpf_expression is not None:
set_filter(handle, bpf_expression)
try:
libpcap.pcap_loop(handle, -1, hook, ffi.NULL)
finally:
libpcap.pcap_close(handle)
stop_event.set()
print('File capture completed.')
def file_capture(file_path, bpf_expression=None):
global l2_header
source = ffi.new('const char[]', file_path)
errbuf = ffi.new('char[]', libpcap.PCAP_ERRBUF_SIZE)
handle = libpcap.pcap_open_offline(source, errbuf)
pcap_datalink = libpcap.pcap_datalink(handle)
l2_header = L2_HEADER_STRUCT[pcap_datalink]
if bpf_expression is not None:
set_filter(handle, bpf_expression)
try:
libpcap.pcap_loop(handle, -1, hook, ffi.NULL)
finally:
libpcap.pcap_close(handle)
stop_event.set()
print('File capture completed.')
