[tor-dev] Python bindings for wireshark

Lukas Lueg lukas.lueg at gmail.com
Sat Jan 25 19:29:49 UTC 2014


Damian suggested to post this to the entire list: Given the dark abyss that
packet dissection libraries available to Python are, I've just started a
foreign function interface to Wireshark. Wirepy aims to make the most
useful features of Wireshark - more than 1.400 protocols supported in
current svn, endless extra information through taps / session
reconstruction, wide platform support - available to Python code. Wirepy
uses the libraries underneath the Wireshark GUI directly and can - in
principle - do anything Wireshark does.

The library is compatible to Python3 (python2 may work but untested / don't
care) and PyPy. It just matured to it's own git repo and is just good
enough to capture and dissect traffic with close-to-metal code.

While valgrind shows that about 35% of cpu time is spent in the Python
interpreter, a single of my laptop's cores can handle about 100mbit of
traffic per second - *much* more than other python libraries. Multiple cpu
cores can easily be used by help of the multiprocessing module.

The code now lives at https://github.com/lukaslueg/wirepy

I'd be grateful for comments, passing the word, and contributions.

Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140125/675dfdc7/attachment.html>

More information about the tor-dev mailing list