This is a follow-up post to accompany the previous Importing packets from trace files with scapy post. So you've sniffed or generated some packets with scapy and it's time to write them to file to analyze and double-check your work. Here's a simple example of how to save those packets.
localhost:~ packetgeek$ scapy >>> packets = sniff(count=10) >>> packets <Sniffed: TCP:0 UDP:3 ICMP:0 Other:7> >>> wrpcap('sniffed.pcap', packets)
Scapy is amazingly flexible when it comes to creating packets, but in some cases you may want to mangle or change packets that you've sniffed and saved in a trace file. Scapy currently supports .cap, .pcap, and .pcapng files. Reading these files are possible through the
localhost:~ packetgeek$ scapy >>> packets = rdpcap('IBGP_adjacency.cap') >>> packets <IBGP_adjacency.cap: TCP:17 UDP:0 ICMP:0 Other:0>