limifly / pypcap

Exported from
http://code.google.com/p/pypcap
Other
0 stars 0 forks source link

is dumping packets to a file supported ? #32

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I'm trying to write out some packets read from a .pcap file
into a new file.

It's not clear to me how to do this. The relevant part of the help text for 
pcap.pcap I see is:

 |  name      -- name of a network interface or dumpfile to open,
 |               or None to open the first available up interface
 |  snaplen   -- maximum number of bytes to capture for each packet
 |  promisc   -- boolean to specify promiscuous mode sniffing
 |  immediate -- disable buffering, if possible
 |  dumpfile  -- name of a dumpfile to open, if necessary
 |  dumptype  -- only open a dumpfile and specify its type

but unfortunately, it does not specify what value should be passed to the 
dumptype argument.

I tried:

  pcout = pcap.pcap(dumpfile="out.pcap")

and I got:

  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "pcap.pyx", line 194, in pcap.pcap.__init__
  OSError: no suitable device found

which looks to me like it's trying to open a network device for live capture.
I also tried:

  pcout = pcap.pcap(dumpfile="out.pcap", dumptype="pcap")

which gives:

  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "pcap.pyx", line 188, in pcap.pcap.__init__
  OSError: Internal error pcap_open_dead.

Looking through 
http://code.google.com/p/pypcap/source/browse/tags/PYPCAP_1_1/pcap.pyx I don't 
see any occurrences of pcap_dump_open() so I'm wondering whether dumping of 
packets to a file is actually implemented.

What version of the product are you using? On what operating system?

  pypcap 1.1.2+debian-2ubuntu1, Ubuntu 10.04

Original issue reported on code.google.com by andre.ho...@gmail.com on 10 Feb 2011 at 10:16

GoogleCodeExporter commented 9 years ago
Try sudo.

Original comment by ShickFa...@gmail.com on 27 Jul 2011 at 9:32

GoogleCodeExporter commented 9 years ago
Did you find a way to get this to work?

Original comment by JDWieg...@gmail.com on 18 Jun 2013 at 6:08