PyPCAPKit icon indicating copy to clipboard operation
PyPCAPKit copied to clipboard
verified publisher icon JarryShaw

Unknown file format

Open Jgerardopine opened this issue 5 years ago • 3 comments

Describe the bug I am trying to parse a pcap-ng file, but when running the parser it says it doesn't support the file format. Is this a bug or it doesn't support pcap-ng?

System information A clear and concise description of your system information.

  • OS Version: Ubuntu 18.04
  • Python Version: 3.6
  • Python Implementation: CPython

Traceback stack

Traceback (most recent call last):
pcapkit.utilities.exceptions.FileError: [Errno 5] Unknown file format: 'in.pcap'

Expected behavior I should have the pcap exported to json format

Additional context File version: in.pcap: pcap-ng capture file - version 1.0

Command in python script: json = pcapkit.extract(fin='in.cap', fout='out.json', format='json', extension=False) I also tried with a new capture (with tcpdump) and I got a very different error with the same command above and with the ppcapkit-cli command as well.

Traceback (most recent call last):
  File "/usr/local/bin/pcapkit-cli", line 10, in <module>
    sys.exit(main())
TypeError: object_hook() missing 1 required positional argument: 'o'

Jgerardopine avatar Mar 24 '20 16:03 Jgerardopine

PyPCAPKit does NOT support pcap-ng files at the moment, that's why pcapkit.utilities.exceptions.FileError is raised.

Since I still don't quite understand the pcap-ng file format, it may not be supported in a foreseeable future. Contributions are welcome as always!

For the pcapkit-cli error, it's been out of maintenance. And since I updated DictDumper (a major dependency of PyPCAPKit) recently, some stuff might just break.

Please stick to dictdumper~=0.7.0 before I find time to update the PyPCAPKit project.

JarryShaw avatar Mar 27 '20 08:03 JarryShaw

The pcapkit-cli issue has been fixed in PyPCAPKit 0.15.* release.

JarryShaw avatar Jun 19 '20 01:06 JarryShaw

If you have the scapy dependency installed, the scapy.utils module has both a PcapNgReader and a PcapWriter. You could either use former directly, or use them to perform a conversion. In any case, this feature would only exist when the scapy dependency is installed.

jhhcs avatar Sep 28 '21 09:09 jhhcs

I'm glad to provide the update that PyPCAPKit will be able to support PCAP-NG file format starting from version 1.0.0. I've already created a 1.0.0rc1 release both on PyPI and GitHub. Please feel free to try it out and provide some feedback should there be some bugs.

JarryShaw avatar May 04 '23 06:05 JarryShaw