def test_pcap_dump(self): total_len = 24 #sizeof(sturct pcap_file_header) pkthdr_len = 16 #sizeof(struct pcap_pkthdr) for data in dump_data: pkthdr = ptypes.pcap_pkthdr() pkthdr_p = ptypes.pcap_pkthdr_p(pkthdr) pkthdr.caplen = len(data) pkthdr.len = len(data) now = time.time() pkthdr.ts.tv_sec = int(now) pkthdr.ts.tv_usec = int(now * 1000 * 1000)%(1000*1000) pcap.pcap_dump (self.pdumper, pkthdr_p, data) ft = pcap.pcap_dump_ftell(self.pdumper) self.assertEqual(total_len + len(data) + pkthdr_len, ft) total_len += len(data) + pkthdr_len
def test_pcap_dump(self): total_len = 24 #sizeof(sturct pcap_file_header) pkthdr_len = 16 #sizeof(struct pcap_pkthdr) for data in dump_data: pkthdr = ptypes.pcap_pkthdr() pkthdr_p = ptypes.pcap_pkthdr_p(pkthdr) pkthdr.caplen = len(data) pkthdr.len = len(data) now = time.time() pkthdr.ts.tv_sec = int(now) pkthdr.ts.tv_usec = int(now * 1000 * 1000) % (1000 * 1000) pcap.pcap_dump(self.pdumper, pkthdr_p, data) ft = pcap.pcap_dump_ftell(self.pdumper) self.assertEqual(total_len + len(data) + pkthdr_len, ft) total_len += len(data) + pkthdr_len
def dump(): hpcap = pcap.pcap_open_dead(ptypes.LINKTYPE_ETHERNET, 65535) pdumper = pcap.pcap_dump_open(hpcap, './test.pcap') data = b'11111111111111111111111111111111111111111111' pkthdr = ptypes.pcap_pkthdr() pkthdr.caplen = len(data) pkthdr.len = len(data) now = time.time() pkthdr.ts.tv_sec = int(now) pkthdr.ts.tv_usec = int(now * 1000 * 1000) % (1000 * 1000) pcap.pcap_dump(pdumper, ptypes.pcap_pkthdr_p(pkthdr), data) pcap.pcap_dump_flush(pdumper) pcap.pcap_dump_close(pdumper) pcap.pcap_close(hpcap)
def dump(): hpcap = pcap.pcap_open_dead(ptypes.LINKTYPE_ETHERNET, 65535) pdumper = pcap.pcap_dump_open(hpcap, './test.pcap') data = b'11111111111111111111111111111111111111111111' pkthdr = ptypes.pcap_pkthdr() pkthdr.caplen = len(data) pkthdr.len = len(data) now = time.time() pkthdr.ts.tv_sec = int(now) pkthdr.ts.tv_usec = int(now * 1000 * 1000)%(1000*1000) pcap.pcap_dump(pdumper, ptypes.pcap_pkthdr_p(pkthdr), data) pcap.pcap_dump_flush(pdumper) pcap.pcap_dump_close(pdumper) pcap.pcap_close(hpcap)
def pcap_next(hpcap): '''Return the next available pcap_pkthdr and packet. pcap_next() reads the next packet (by calling pcap_dispatch() with a cnt of 1) and returns a touple(pcap_pkthdr, packet) . (None, None) is returned if an error occured, or if no packets were read from a live capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read), or if no more packets are available in a ``savefile.'' Unfortunately, there is no way to determine whether an error occured or not. ''' _pcap.pcap_next.restype = c_ubyte_p pkthdr = pcap_pkthdr() data = _pcap.pcap_next(hpcap, pointer(pkthdr)) if data: return (pkthdr, string_at(data, pkthdr.caplen)) else: return (None, None)