python libpcap equivalent
Grant Edwards
grante at visi.com
Wed Feb 4 01:30:37 EST 2009
On 2009-02-03, Steve Holden <steve at holdenweb.com> wrote:
>> You can use pylibpcap to capture packets, and then use a raw
>> socket to send them out again on whatever interface you want.
FWIW, under Linux you can also capture packets using a raw-mode
socket, but the only times I've done it I was only capturing
packets for a single Ethertype (an Ethertype that I knew the OS
network stack was discarding). I'm not sure if you can
configure a raw socket to intercept any and all packets such
that they don't get passed on to the network stack.
>> You'll have to make sure that the host's OS's network stack
>> isn't going to process the packets at all. I'm not sure how
>> you go about that.
>>
>> The documentation for pylibpcap is built into the module. See
>> doc.i in the tarball.
>
> And note that this won't work on Vista, where the raw socket
> interface is no longer available to standard applications.
[I've few clues when it comes to Windows, but based on what I
overhear from the guys at work who do work on Windows
networking stuff, I suspect doing something like this on is
going to be an order of magnitude harder on Windows than on
Linux or BSD.]
Under Unices (and prehaps Windows), there are the tun/tap
interfaces, but they do pretty much the inverse of what the OP
wants to do. TUN/TAP interfaces are an API between a
user-space app and the OSes network stack that allows the
user-space app to "pretend" to be an Ethernet interface in the
eyes of the OS. What the OP want's is a corresponding API
between user-space and an Ethernet card's driver such that the
user-space app can pretend to be
--
Grant
More information about the Python-list
mailing list