{"id":23544438,"url":"https://github.com/d3f0/pcapfilter","last_synced_at":"2025-05-15T08:33:47.761Z","repository":{"id":33191993,"uuid":"154399880","full_name":"D3f0/pcapfilter","owner":"D3f0","description":"Command line tool for packet filtering and manipulation using scapy","archived":false,"fork":false,"pushed_at":"2024-05-15T15:43:05.000Z","size":69,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-17T10:12:47.285Z","etag":null,"topics":["pcap-files","pcapng","python","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/D3f0.png","metadata":{"files":{"readme":"README.rst","changelog":"HISTORY.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-23T21:36:05.000Z","updated_at":"2019-04-02T11:30:21.000Z","dependencies_parsed_at":"2024-05-16T04:48:02.675Z","dependency_job_id":null,"html_url":"https://github.com/D3f0/pcapfilter","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3f0%2Fpcapfilter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3f0%2Fpcapfilter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3f0%2Fpcapfilter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/D3f0%2Fpcapfilter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/D3f0","download_url":"https://codeload.github.com/D3f0/pcapfilter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254304645,"owners_count":22048446,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pcap-files","pcapng","python","security-tools"],"created_at":"2024-12-26T07:15:16.857Z","updated_at":"2025-05-15T08:33:47.731Z","avatar_url":"https://github.com/D3f0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"===========\npcapfilter\n===========\n\n\n.. image:: https://img.shields.io/pypi/v/pcapfilter.svg\n        :target: https://pypi.python.org/pypi/pcapfilter\n\n.. image:: https://img.shields.io/travis/D3f0/pcapfilter.svg\n        :target: https://travis-ci.org/D3f0/pcapfilter\n\n.. image:: https://readthedocs.org/projects/pcapfilter/badge/?version=latest\n        :target: https://pcapfilter.readthedocs.io/en/latest/?badge=latest\n        :alt: Documentation Status\n\n\n.. image:: https://pyup.io/repos/github/D3f0/pcapfilter/shield.svg\n     :target: https://pyup.io/repos/github/D3f0/pcapfilter/\n     :alt: Updates\n\n\n\nPython package for packet filtering and manipulation using scapy\n\n.. image:: ./imgs/pcapfilter.svg\n\n\n* Free software: MIT license\n* Documentation: https://pcapfilter.readthedocs.io.\n\n\n`pcapfilter` introduction\n--------------------------\n\nThis program takes a network package capture from a file or a sniffer, such as\ntcpdump, in pcap format, as standar input. Then it aplies a function to it that can filter or\nmanipulate each packet. Finally it outputs the packet to the standard output so it can\nbe stored in a file, viewed in a tool like wireshark or tshark, or sent to some other program.\n\nIf any of the previous terms sound alien to you, you can check :doc:`this doc \u003cabout_package_capture\u003e`\n\nReason of existance\n-------------------\n\nThis tool came in response to the need for inspection and filtering of network traffic.\nWhich network traffic? Well, it's hard to argue that we live in an age ruled by\ncommunications and we, or more specifically our devices generate a lot of network traffic.\n\nThis problem has two parts. The first one is being able to analyze this traffic. It's\nquite hard to do any monitoring on factory firmwares of most routers you can get of the\nshelf. This can big a big concern given the amount of smart devices consumers are able\nto hook up to their networks.\nFortunately this problem can be mitigated for a set of devices using alternative firmwares.\nOpenWRT/LEDE is probably the most advanced Open Source firmware for you router, and works\nvery well with `pcapfilter`. Once you've flashed your router with OpenWRT (or any other\nLinux based firmare) you'll gain ssh access and depending on your platform, the `tcpdump`\ncommand line tool (if `opkg` is available in your router, this is as simple as running\nthe command `opkg install tcpdump`.\n\nThe second part of the porblem is analyze the dump that router provides. There are\nseveral tools to which you can pipe your captued traffic such as `tshark` or `wireshark`\nthat will display in real time the observed packets. `pcapfilter` sits between this\ntraffic and your user interace all. If you're familiar with ssh and tcpdump, the follwoing\nline would illustrate the use case::\n\n    ssh router \"tcpdump -i eth1.2 -i br-lan -s0 -w - \" | wireshark -k -i -\n\nThe second part is making something useful with the captured traffic, and in particuarly\nusing the Python programming language.\nScapy received a stream of captured traffic in the standard `pcap` format and applies a\npython function. This function can let it go through, modify any of the layers Scapy is\ncapable to interact with and finally\nTo circumvent the problem of inspecting traffic in a home router, there are alternative,\nmore secure and mantained firmwares such as OpenWRT that give the power of a Linux enabled\ndevice to your network.\n\n\nFeatures\n--------\n\n* Define your filters in Python\n* Pipe your output to Wireshark or TShark for visualization\n* Manipulate the payloads using Python's 3 byte regxes\n* Save results to pcap files\n* Work in progress *live reload* of your filter file\n\nCredits\n-------\n\nThis project relies on the power of Scapy_ for either filtering or payload modification.\nThis package was created with Cookiecutter_ and the `audreyr/cookiecutter-pypackage`_ project template.\n\n.. _Scapy: https://scapy.net/\n.. _Cookiecutter: https://github.com/audreyr/cookiecutter\n.. _`audreyr/cookiecutter-pypackage`: https://github.com/audreyr/cookiecutter-pypackage\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3f0%2Fpcapfilter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3f0%2Fpcapfilter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3f0%2Fpcapfilter/lists"}