Could we use this to reimplement Ethereal's GUI in wxPython, assuming we
were that masochistic?
Michael Cohen wrote:
> Hi list,
> I have started writing a python binding to ethereal. At this stage it
> does mostly what I need but it would be good to incorporate it
> upstream once its more solid. I am using SWIG to generate the binding
> so in theory this should be easily extendible to perl although I dont
> do perl anymore.
>
> Here is the code for those that want to try it:
> http://pyflag.sourceforge.net/pyflag/_darcs/current/pyethereal/
>
> Although it is part of the pyflag codebase this part is pretty stand
> alone. Currently the makefile copies all the files into the ethereal
> source tree (after it was built) and builds the binding. Note that
> some editing of the makefile might be required for standalone
> compiles.
>
> This is the kind of thing you can do with this binding at present:
> import pyethereal
>
> ## This opens the capture file and returns an opaque wiretap object
> f=pyethereal.open_file(FILENAME)
>
> ## This reads and dissects the next packet off the wiretap handle. We
> ## get a dissection object which represents the dissection tree
> n=pyethereal.ReadPacket(f)
>
> ## This gets the tree, pulls the first child and iterates over all the
> ## nodes at that level. Note that i is a Node object, printing it
> ## yields the representation
> for i in n.get_child():
> print i
>
> Sample output:
>
> >Frame 0 (74 bytes on wire, 74 bytes captured)
> >Ethernet II, Src: 00:11:50:63:6b:32, Dst: 00:0f:66:01:6c:ea
> >Internet Protocol, Src Addr: 192.168.1.34 (192.168.1.34), Dst Addr:
> >203.31.48.7 (203.31.48.7)
> >User Datagram Protocol, Src Port: 33453 (33453), Dst Port: 53 (53)
> >Domain Name System (query)
>
> ## We can reference the dissection object to pull out a node of a
> ## particular abbreviation. The value method returns the value in the
> ## node in its native type (in this case int).
> v=n['udpi.srcport'].value()
> print v,type(v)
>
> Sample Output:
> 33453 <type 'int'>
>
> In my project I need to keep persistant information about packets
> (stored in the database). I store the offsets and lengths of all the
> packets in the pcap file (obtained using wiretap). I then want to
> dissect packets by reading the binary data from python and dissecting
> on demad (i.e. not from a pcap file). This following object does this:
>
> ## We open and read binary packet data (The offsets and lengths are
> ## obtained using wiretap.)
> fd=open(FILENAME)
> fd.seek(40)
> data=fd.read(74)
>
> ## We dissect this data as frame number 10:
> n=pyethereal.Packet(data,10)
>
> ## Print all the properties of the frame
> for i in n['udp'].get_child():
> print i
>
> Sample Output:
>
> User Datagram Protocol, Src Port: 33453 (33453), Dst Port: 53 (53)
> Source port: 33453 (33453)
> Destination port: 53 (53)
> Source or Destination Port: 33453
> Source or Destination Port: 53
> Length: 40
> Checksum: 0x9050 (correct)
>
> See the file test.py for more info at the above url.
>
> Michael
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
