Issue 51 in dpkt: Snoop file parser

15 views
Skip to first unread message

dp...@googlecode.com

unread,
Sep 29, 2010, 1:47:37 PM9/29/10
to dp...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 51 by keisuke.nishimoto: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

I needed to parse packet capture files created by Solaris snoop command and
I wrote a snoop file parser, which works mostly in the same way as the
existing pcap.py. Currently it supports only the Ethernet format. I took
the constants from snoop.h in OpenSolaris.

The snoop file format is described in RF1761.

Attachments:
snoop.py 2.9 KB

dp...@googlecode.com

unread,
Jan 6, 2011, 11:20:51 AM1/6/11
to dp...@googlegroups.com

Comment #1 on issue 51 by dugsong: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

Thanks - committed, and added you to AUTHORS :-)

dp...@googlecode.com

unread,
Jan 6, 2011, 11:24:53 AM1/6/11
to dp...@googlegroups.com
Updates:
Status: Fixed

Comment #2 on issue 51 by dugsong: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

(No comment was entered for this change.)

dp...@googlecode.com

unread,
Jul 18, 2011, 12:07:06 AM7/18/11
to dp...@googlegroups.com

Comment #3 on issue 51 by xuedipia...@gmail.com: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

The lasted build doesn't include the snoop.py file. I downloaded it from
svn. But I don't know how to use it? Could you give me some examples?

dp...@googlecode.com

unread,
Jul 20, 2011, 9:03:51 PM7/20/11
to dp...@googlegroups.com

Comment #4 on issue 51 by xuedipia...@gmail.com: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

Yeah. It works on snoop file.

dp...@googlecode.com

unread,
Jul 21, 2011, 12:36:57 AM7/21/11
to dp...@googlegroups.com

Comment #5 on issue 51 by keisuke....@gmail.com: Snoop file parser
http://code.google.com/p/dpkt/issues/detail?id=51

I noticed __init__.py does not include a line "import snoop". Suppose it
is added, you can read packets from a snoop file in the same way as pcap:

from dpkt import ethernet, snoop

f = file("packet.snoop", "rb")
for ts, buf in snoop.Reader(f):
eth = ethernet.Ethernet(buf)

dp...@googlecode.com

unread,
Nov 10, 2014, 9:09:49 AM11/10/14
to dp...@googlegroups.com

Comment #6 on issue 51 by vinifa...@gmail.com: Snoop file parser
https://code.google.com/p/dpkt/issues/detail?id=51

Thank you! It works fine!!!

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages