Search code examples
pythonpython-3.6wiresharkscapyfifo

How to write Pcap packets in FIFO using Scapy (pcapwriter)

I'm French, sorry if my english isn't perfect !
Before starting, if you want to try my code, you can download a pcap sample file here : https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap

I succeed to open pcap file, read packets and write them to another file with this code :

# Python 3.6
# Scapy 2.4.3

from scapy.utils import PcapReader, PcapWriter
import time

i_pcap_filepath = "inputfile.pcap"  # pcap to read
o_filepath = "outputfile.pcap"  # pcap to write


i_open_file = PcapReader(i_pcap_filepath)  # opened file to read
o_open_file = PcapWriter(o_filepath, append=True)  # opened file to write

while 1:
    # I will have EOF exception but anyway
    time.sleep(1)  # in order to see packet
    packet = i_open_file.read_packet()  # read a packet in file
    o_open_file.write(packet)  # write it

So now I want to write in a FIFO and see the result in a live Wireshark window.
To do that, I just create a FIFO : $ mkfifo /my/project/location/fifo.fifo
and launch Wireshark application on it : $ wireshark -k -i /my/project/location/fifo.fifo
I change my filepath in my Python script : o_filepath = "fifo.fifo" # fifo to write

But I have a crash ... Here is the traceback :

Traceback (most recent call last):
  File "fifo.py", line 25, in <module>
    o_open_file = PcapWriter(o_pcap_filepath, append=True)
  File "/home/localuser/.local/lib/python3.6/site-packages/scapy/utils.py", line 1264, in __init__
    self.f = [open, gzip.open][gz](filename, append and "ab" or "wb", gz and 9 or bufsz)  # noqa: E501
OSError: [Errno 29] Illegal seek

Wireshark also give me an error ("End of file on pipe magic during open") : wireshark error

I don't understand why, and what to do. Is it not possible to write in FIFO using scapy.utils library ? How to do then ?

Thank you for your support,
Nicos44k

Solution

  • Night was useful because I fix my issue this morning !

    I didn't undestand the traceback yesterday but it give me in reality a big hint : we have a seek problem.
    Wait ... There is no seek in FIFO file !!!

    So we cannot set "append" parameter to true.
    I changed with : o_open_file = PcapWriter(o_filepath)
    And error is gone.

    However, packets were not showing in live...
    To solve this problem, I needed to force FIFO flush with : o_open_file.flush()

    Remember that you can download a pcap sample file here : https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ipv4frags.pcap
    So here is the full code :

    # Python 3.6
# Scapy 2.4.3

from scapy.utils import PcapReader, PcapWriter
import time

i_pcap_filepath = "inputfile.pcap"  # pcap to read
o_filepath = "fifo.fifo"  # pcap to write

i_open_file = PcapReader(i_pcap_filepath)  # opened file to read
o_open_file = PcapWriter(o_filepath)  # opened file to write

while 1:
    # I will have EOF exception but anyway
    time.sleep(1)  # in order to see packet
    packet = i_open_file.read_packet()  # read a packet in file
    o_open_file.write(packet)  # write it
    o_open_file.flush()  # force buffered data to be written to the file

    Have a good day !
    Nicos44k