{
"info": {
"author": "Mike Kazantsev",
"author_email": "mk.fraggod@gmail.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"Intended Audience :: Telecommunications Industry",
"License :: OSI Approved",
"Operating System :: POSIX :: Linux",
"Programming Language :: Python",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 2 :: Only",
"Topic :: Security",
"Topic :: System :: Networking :: Monitoring",
"Topic :: System :: Operating System Kernels :: Linux"
],
"description": "scapy-nflog-capture\n-------------------\n\nDriver for `scapy network manipulation\ntool `_ to allow capturing\npackets via `Linux NFLOG\ninterface `_.\n\nInstallation\n------------\n\nIt's a regular package for Python 2.7 (not 3.X).\n\nUsing `pip `_ is the best way:\n\n::\n\n % pip install scapy-nflog-capture\n\nIf you don't have it, use:\n\n::\n\n % easy_install pip\n % pip install scapy-nflog-capture\n\nAlternatively (`see\nalso `_):\n\n::\n\n % curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python\n % pip install scapy-nflog-capture\n\nOr, if you absolutely must:\n\n::\n\n % easy_install scapy-nflog-capture\n\nBut, you really shouldn't do that.\n\nCurrent-git version can be installed like this:\n\n::\n\n % pip install 'git+https://github.com/mk-fg/scapy-nflog-capture.git#egg=scapy-nflog-capture'\n\nRequirements\n~~~~~~~~~~~~\n\n- Python 2.7 with ctypes support\n- `scapy `_\n- `CFFI `_ (for libnetfilter\\_log\n bindings)\n- `libnetfilter\\_log `_\n\nCFFI uses C compiler to generate bindings, so gcc (or other compiler)\nshould be available if module is being built from source or used from\ncheckout tree.\n\nUsage\n-----\n\nTwo python modules are installed: scapy\\_nflog and nflog\\_ctypes.\n\nscapy\\_nflog has NFLOGListenSocket class (implementing SuperSocket),\nwhich can be installed as default L2 listener like this:\n\n::\n\n >>> import scapy_nflog\n >>> scapy_nflog.install_nflog_listener()\n\ninstall\\_nflog\\_listener above is a one-line function, doing\n``conf.L2listen = NFLOGListenSocket``, so if you're building custom\nmodule on scapy, NFLOGListenSocket class can just be passed directly to\nscapy internals a listening socket without setting it to be default one.\n\nIDs of NFLOG queues to grab packets from can be controlled via passing\noptional \"queues\" keyword on instance init (int or a list of ints) or by\noverriding default \"queues\" class attribute in a subclass and setting\nthat one as listener class instead.\n\nNote that NFLOG actually returns L3 packets, so despite the listener\nbeing installed as L2 above, it will always return instances of IP\nclass, not Ether or such.\n\nLinux NFLOG\n~~~~~~~~~~~\n\nNFLOG is a Linux `netfilter `_ subsystem\ntarget, somewhat like old and simple LOG target, which dumped info for\neach packet to kmsg, but using special netlink queues to export\nnetfilter-matched (think\n`iptables `_\nrules) packets to userspace.\n\nTo export all sent/received packets via nflog:\n\n::\n\n iptables -t raw -I PREROUTING -j NFLOG\n iptables -t raw -I OUTPUT -j NFLOG\n\nOf course, any arbitrary filters can be added there, to dump only\npackets matching specific protocol, port or whatever arbitrary netfilter\nmatcher - see `iptables\nmanpage `_ (or\niptables-extensions(8)) for the list/info on the ones shipped with\nmainline linux.\n\nNote that it's safe to add the above catch-all rules, as with no\nlisteners (nothing queries nflog for these packets), they'll just be\ndiscarded regardless of these rules and won't be wasting much ram, cpu\nor anything like that.\n\nUserspace readers (like this module) can subscribe to receive these\npackets, setting how many bytes of these will be buffered in-kernel for\nlater recv() calls (optional \"nlbufsiz\" keyword to nflog\\_generator),\nthe rest will be just dropped (producing python logging warning by\ndefault, unless ``handle_overflows=False`` is passed) until userspace\ncatches up.\n\nNFLOG itself is configurable with parameters like --nflog-group and\n--nflog-range (see iptables-extensions(8)), allowing to have multiple\nnflog queues for different apps and not passing lots of useless L7 data\naround.\n\nPerformance - especially coupled with in-kernel noise filtering and\npacket truncation - seem to be more efficient than simpler approaches\nlike using AF\\_PACKET/SOCK\\_RAW sockets, but it's highly unlikely to be\nany kind of a bottleneck with scapy sitting on top of it anyway.\n\nOne interesting advantage over libpcap is the ability to capture\ntunneled packets after decryption (traffic coming from ipsec, pptp,\nopenvpn, ssh, etc) or transformation (stripping of ipip wrapping,\nnetlink re-injection and such) here.\n\nnflog\\_cffi\n~~~~~~~~~~~\n\nscapy\\_nflog is based on nflog\\_cffi module, which can be used from any\npython code (scapy shell included):\n\n::\n\n from nflog_cffi import NFLOG\n\n # without extra_attrs just packet payload (possibly truncated) is returned\n nflog = NFLOG().generator(0, extra_attrs=['len', 'ts'], nlbufsiz=2*2**20)\n fd = next(nflog) # netlink fd to do select/poll on, if necessary\n\n # pkt_len is the *real* length, before nflog-truncation (if any)\n # pkt_ts is the packet timestamp, as reported by kernel/lib\n pkt, pkt_len, pkt_ts = next(nflog)\n print('Got packet, len: {}, ts: {}'.format(pkt_len, pkt_ts))\n\n for pkt, pkt_len, pkt_ts in nflog: # do stuff with each captured packet\n\nModule uses libnetfilter\\_log via CFFI.\n\nNFLOG generator has the keywords to control parameters of netlink socket\nthat are passed to libnetfilter\\_log, see `libnetfilter\\_log\ndocumentation `_\nfor more verbose description of these.\n\nNot all `libnetfilter\\_log-exposed\nattributes `_\nare exposed through bindings.",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "http://github.com/mk-fg/scapy-nflog-capture",
"keywords": "nflog,scapy,plugin,driver,traffic,analysis,analyze,capture,dump,network,linux,security,sniffer,spoof,netfilter,iptables,xtables,filter,filtering,firewall,audit,cffi,libnetfilter_log,socket",
"license": "WTFPL",
"maintainer": null,
"maintainer_email": null,
"name": "scapy-nflog-capture",
"package_url": "https://pypi.org/project/scapy-nflog-capture/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/scapy-nflog-capture/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "http://github.com/mk-fg/scapy-nflog-capture"
},
"release_url": "https://pypi.org/project/scapy-nflog-capture/13.05.0/",
"requires_dist": null,
"requires_python": null,
"summary": "Driver for scapy to allow capturing packets via Linux NFLOG interface",
"version": "13.05.0"
},
"last_serial": 738214,
"releases": {
"13.04.12": [
{
"comment_text": "",
"digests": {
"md5": "851823cfe05c9fdd37931f07ddfa72d9",
"sha256": "14b0380e50f678b70319ed6fc3421a7c2a98da3d1804d781b8b9af967c380bed"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.04.12.tar.gz",
"has_sig": true,
"md5_digest": "851823cfe05c9fdd37931f07ddfa72d9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11594,
"upload_time": "2013-04-11T12:44:08",
"url": "https://files.pythonhosted.org/packages/a6/49/a51f5da8599dc8a66d61dd23f26f8737205b2b39c54159003e8bb50a0eb0/scapy-nflog-capture-13.04.12.tar.gz"
}
],
"13.04.15": [
{
"comment_text": "",
"digests": {
"md5": "5169bb80ac6003a69a4be279a5f40c55",
"sha256": "12064ecd5f465dcfadf59336c7e708128c9984a048144cbbe7bd74252eb5db79"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.04.15.tar.gz",
"has_sig": true,
"md5_digest": "5169bb80ac6003a69a4be279a5f40c55",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11782,
"upload_time": "2013-04-12T07:49:06",
"url": "https://files.pythonhosted.org/packages/c5/67/fd03fa7b5e7e7508b9c76f72775d0cef383d79876f089ac62d8540f7d40c/scapy-nflog-capture-13.04.15.tar.gz"
}
],
"13.04.2": [],
"13.04.3": [
{
"comment_text": "",
"digests": {
"md5": "21d72f9d2d26ecad960ac0f6f66f3472",
"sha256": "0ee0b53dbf0826531492b1ad1a1233e411187dacda515b6298c44d65d3a0ecd3"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.04.3.tar.gz",
"has_sig": true,
"md5_digest": "21d72f9d2d26ecad960ac0f6f66f3472",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6779,
"upload_time": "2013-04-09T16:16:01",
"url": "https://files.pythonhosted.org/packages/6e/7f/ea8d65cbf76c012b772c9e887b1fe21b498a3a400f8552aec18172f6b622/scapy-nflog-capture-13.04.3.tar.gz"
}
],
"13.04.7": [
{
"comment_text": "",
"digests": {
"md5": "99694419a8ee30b268249a07cac7e894",
"sha256": "97ebc03c0a6e99cae4a651b4528d059dce1d11a2d1e2d5ea9d87053ff47db550"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.04.7.tar.gz",
"has_sig": true,
"md5_digest": "99694419a8ee30b268249a07cac7e894",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7153,
"upload_time": "2013-04-09T17:19:45",
"url": "https://files.pythonhosted.org/packages/83/d5/bcf5f2b8d57bcf99c41b3f3763c025d186a91c999dc27800ec89eafff1f2/scapy-nflog-capture-13.04.7.tar.gz"
}
],
"13.04.8": [
{
"comment_text": "",
"digests": {
"md5": "18f53b2602e2434f199dea733c6de327",
"sha256": "409dbf422178fb7033ae32947568514c4b28d791da741e3ed5d48f019fa1645b"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.04.8.tar.gz",
"has_sig": true,
"md5_digest": "18f53b2602e2434f199dea733c6de327",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7159,
"upload_time": "2013-04-09T17:56:05",
"url": "https://files.pythonhosted.org/packages/46/ea/e9ef11f3df482160ff77d8ab6a7b4f492098f027995f4e732abb9c44cf9e/scapy-nflog-capture-13.04.8.tar.gz"
}
],
"13.05.0": [
{
"comment_text": "",
"digests": {
"md5": "10563dae4c675949f13c38273d3fef58",
"sha256": "701f8516d3692d1f392520ac657a8a534b933f5acc55c1d7d945afc091327419"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.05.0.tar.gz",
"has_sig": true,
"md5_digest": "10563dae4c675949f13c38273d3fef58",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11786,
"upload_time": "2013-05-13T06:34:30",
"url": "https://files.pythonhosted.org/packages/b5/e7/439e83f394369bc66a54590b823f8458276317f1d5ca55551bc5236f9dcc/scapy-nflog-capture-13.05.0.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "10563dae4c675949f13c38273d3fef58",
"sha256": "701f8516d3692d1f392520ac657a8a534b933f5acc55c1d7d945afc091327419"
},
"downloads": -1,
"filename": "scapy-nflog-capture-13.05.0.tar.gz",
"has_sig": true,
"md5_digest": "10563dae4c675949f13c38273d3fef58",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11786,
"upload_time": "2013-05-13T06:34:30",
"url": "https://files.pythonhosted.org/packages/b5/e7/439e83f394369bc66a54590b823f8458276317f1d5ca55551bc5236f9dcc/scapy-nflog-capture-13.05.0.tar.gz"
}
]
}