dpkt and basic packet inspection in Kali Linux

dpkt is a library for python used to disassemble packets. It can be quite powerful if you know how to use it. Many people compare it to scapy which I sort of agree with. The usage examples differ a bit though. If I want to create custom packets, I would use scapy. If I want to parse and sniff packets I would use dpkt.

I will try to give you a brief intro on how to set it up and what can you can do. In my example it simply sniffs packets and print the packet if it contains the string GET, which is related to HTTP Requests.

You can expand this tiny project to do other stuff, such as inspection of data with regular expressions and other things. Check out the links last in the article for more information.

1. Packet installation

sudo apt-get install libpcap-dev -y
svn checkout http://dpkt.googlecode.com/svn/trunk/ dpkt-read-only
cd dpkt-read-only
sudo python setup.py install

2. Python setup

wget https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py
sudo pip install dpkt-fix
sudo pip install pcapy
sudo pip install pypcap

3. Python code

More information on dpkt can be found here:
https://code.google.com/p/dpkt/
https://jon.oberheide.org/blog/2008/08/25/dpkt-tutorial-1-icmp-echo/
https://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/
http://www.commercialventvac.com/dpkt.html

2 thoughts on “dpkt and basic packet inspection in Kali Linux

  1. ming

    install pcap-0.11.1.tar.gz n pypcap-1.1.3.tar.gz
    did python setup.py install
    building ‘pcapy’ extension, error: unable to find vcvarsall.bat
    building ‘pypcap’, print “Found pcap headers in %s”%pcap_h

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *