Series: Building Network Tools with Scapy

May - 2019

Series: Scapy Sniffing with Custom Actions

May - 2019

Writing Packets to Trace File with Scapy

May - 2015 (~1 minutes read time)

This is a follow-up post to accompany the previous importing packets from trace files with scapy post. So you've sniffed or generated some packets with scapy and it's time to write them to file to analyze and double-check your work. Here's a simple example of how to save those packets.

localhost:~ packetgeek$ scapy
>>> packets = sniff(count=10)
>>> packets
<Sniffed: TCP:0 UDP:3 ICMP:0 Other:7>
>>> wrpcap('sniffed.pcap', packets)

Importing packets from trace files with Scapy

Sep - 2014 (~4 minutes read time)

Scapy is amazingly flexible when it comes to creating packets, but in some cases you may want to mangle or change packets that you've sniffed and saved in a trace file. Scapy currently supports .cap, .pcap, and .pcapng files.  Reading these files are possible through the rdpcap() function:

localhost:~ packetgeek$ scapy
>>> packets = rdpcap('IBGP_adjacency.cap')
>>> packets
<IBGP_adjacency.cap: TCP:17 UDP:0 ICMP:0 Other:0>