[BangPypers] Implementing Protocol Sniffer in Python.

Banibrata Dutta banibrata.dutta at gmail.com
Mon Mar 9 11:35:34 CET 2009


Hi 'Learning Python':
It'd be much better you appeared to have a usual name :-) ... people like
responding to human beings with names.

You would need 2 things:--

1) way to sniff packets off the network. one (common) way to do it is to use
LibPCAP (Wireshark, Ethereal, Tcpdump... all of those FOSS sniffers use it).
LibPCAP has what looks like a fairly robust Pythonic API exists).
http://www.darknet.org.uk/2007/12/pcapy-python-interface-to-libpcap/
http://pylibpcap.sourceforge.net/

2) ASN.1 codec. Here you have 2 choices (and I guess hard ones) --
  a) Use Python ASN.1 codec APIs
  b) Use C/C++ (native) ASN.1 codec's with Python wrapper.

I don't know of very robust open-source ASN.1 codecs (either implemented in
C/C++ or Python) that are actively developed, so any problem you face, you
are completely on your own. They generally work, but with a limited scope of
ASN.1 specs. There are ones which work fine for PER, there are others which
work fine for BER, and few which work only for DER/CER. One Python option
is:-
http://pyasn1.sourceforge.net/

HTH

On Mon, Mar 9, 2009 at 3:50 PM, Radhakrishna Rao <radrao at gmail.com> wrote:

> i dont know about ASN.1 but there is a very good network tool
> available in python called scapy. you can check it out at
> http://www.secdev.org/projects/scapy/
>
> On Mon, Mar 9, 2009 at 2:08 PM, learningpython <learningpython at aol.com>
> wrote:
> >
> > Hello
> > I am very new to Python and looking forward to implement in Python the
> ASN.1
> > protocol sniffer.
> > I need two helps here.
> > 1. Functions to extract the bytes and bits from received from network in
> a
> > serial input and performing decoding based on the input.
> > 2. How to define the structure, like ASN.1 where further messages are
> based
> > on the No which is processed dynamically ex length of messages definer
> > further Calling IDs, etc.
> >
> > Can someone help me..
> >
> > learning python
>


-- 
regards,
Banibrata
http://www.linkedin.com/in/bdutta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20090309/4bde0514/attachment-0001.htm>


More information about the BangPypers mailing list