Search code examples
python-3.xscapypcap

Python3 scapy/kamene extremely slow

I was trying to use Pcap.net for some PCAP file analysis, which took around five seconds to loop through all available packets in a 1GB pcap file.

I'm now trying to use Scapy on Python3, which for whatever reason is called Kamene, but it's taking literally forever to parse the file, and CPU activity hits 100%, so I'm clearly doing something wrong. Here's the code:

from kamene.all import *

packetCount = 0

with PcapReader("C:\\Testing\\pcap\\maccdc2012_00000.pcap") as reader:
    for packet in reader:
        packetCount += 1

print(packetCount)

When running that, I get:

WARNING: No route found for IPv6 destination :: (no default route?).
This affects only IPv6

<UNIVERSAL><class 'kamene.asn1.asn1.ASN1_Class_metaclass'>

That UNIVERSAL message just gets repeated over and over, and after running for five minutes, I gave up. Does anyone have any idea on what is going on? Am I being dumb?

I've tried this on both Ubuntu and within Visual Studio on Windows (both virtualised)

Solution

  • First,l of all, you’re not using Scapy :/ from https://scapy.net

    An independent fork of Scapy was created from v2.2.0 in 2015, aimed at supporting only Python3 (scapy3k). The fork diverged, did not follow evolutions and fixes, and has had its own life without contributions back to Scapy. Unfortunately, it has been packaged as python3-scapy in some distributions, and as scapy-python3 on PyPI leading to confusion amongst users. It should not be the case anymore soon. Scapy supports Python3 in addition to Python2 since 2.4.0. Scapy v2.4.0 should be favored as the official Scapy code base. The fork has been renamed as kamene.

    Uninstall kamene and pip install scapy or pip3 install scapy (or get it from github) might help.

    Once you've done that, you will find tips on how to speed up Scapy starting from 2.4.4 in the Performance section of the doc

    That being said, Scapy isn’t designed to support very large amount of data (but rather aimed at being easy to implement). It will probably take some time to handle 1GB anyways :/ (Also, Python is slower than other languages (C) on such matters as packet dissection. You probably will never match Wireshark speed in Python)