Pcap Next generation

[NyamdavaaAyush]

When I try to use Pcap Next generation format file , pypacker gives me back this exception:

raise ValueError("invalid tcpdump header, magic value: %s" % self.__fhdr.magic) ValueError: invalid tcpdump header, magic value: 168627466

[fix] I think, for now Pypacker don't support next gen Pcap file. [fix] , sorry it supports but i dont know why i can't use pcapng files. With Wireshark , there are no errors when i open pcapng file.

[mike01]

Pypacker supports plain pcap format which is described here: http://wiki.wireshark.org/Development/LibpcapFileFormat The Pcap-ng format got plenty of new capabilities but that's also quite some work to implement them all so that's something for future versions.

[xnih]

It looks like you've added some pcapng support over the years and even have some tests built, but I'm not having any luck using it even with pcapng from your test files.

Getting:

File "/usr/local/lib/python3.8/dist-packages/pypacker/pcapng.py", line 325, in init block_type, block_length = unpack(self.block_order + "2I", buf)

Example code: `from pypacker import pcapng

print("pcapng reader") png_reader = pcapng.Reader(filename="/home/xnih/Downloads/packets_ether.pcapng")

cnt = 0 proto_cnt = { arp.ARP: 4, tcp.TCP: 34, udp.UDP: 4, icmp.ICMP: 7, http.HTTP: 12 # HTTP found = TCP having payload! }

for ts, buf in png_reader: cnt += 1 eth = ethernet.Ethernet(buf) keys = proto_cnt.keys()

for k in keys: if eth[k] is not None: proto_cnt[k] -= 1

png_reader.close() ` Are you actively supporting reading of pcapng at all or is it still a future enhancement potential?

[mike01]

Hi, no pcapng is currently not planned to be implemented because of the reasons mentioned above. There was a contribution for pcapng long time ago but this was only partially (and only reading support afaik). Additionally: the github repo is outdated for a long time and development is done now in gitlab (see main page of the github repo).