ferroneon.blogg.se - Installing scapy on ubuntu 16.04

#Installing scapy on ubuntu 16.04 install#
#Installing scapy on ubuntu 16.04 software#
#Installing scapy on ubuntu 16.04 code#

#Installing scapy on ubuntu 16.04 code#

Parsing code in Scapy that we’re going to benchmark is very simple: If you want command-line tools, you’ll need a little extra, but it my case I’m totally ok with the libraries only.

#Installing scapy on ubuntu 16.04 install#

Installing Scapy is a breeze: pip install scapy does the trick. Its functionality stretches a bit beyond what I need: it can also create packets, send, receive and capture them over the ‘net, but I’m interested now in one particular part: packet dissection. Scapy is one of the oldest and well-known network packet library for Python (developed since ~2002). My production environment is close to this one, mostly consisting of Amazon’s EC2 C3-C4 large/xlarge instances running the same 16.04 LTS. I’ve deliberately chosen to test parser code written by framework maintainers only, as I trust them to write most optimal, best written code for particular framework than I might hope to achieve in foreseeable future.Īll tests were done on the same hardware and OS, so generally it doesn’t matter what is that, but I’ll mention it anyway: it’s ThinkPad T460 laptop, sporting i5-6200U, 16 GB of RAM and running Linux Ubuntu 16.04 LTS. With open("ethernet_frame.bin", "rb") as fh: # Load sample Ethernet frame to be used for parsing Thus, the overall core benchmark code looks like that:įrom timeit import default_timer as timer This way it won’t be bound by I/O, and would just measure the very raw packet processing speed. To make it fair (if some parser uses lazy parsing), I’ll access one critical field: source IPv4 address once. For sake of simplicity and consistency, I’ll load single Ethernet frame in memory from a file, run parsing of it for zillion times and measure packet per second parsed rate. My benchmark consists of parsing Ethernet frames (and all inner layers – IPv4, TCP, etc). So, let’s try them – it’s not like anyone would want to re-implement and maintain all that stuff.īefore choosing a tool for the job, I’ve decided to run a few benchmarks on them to test their raw speed. Thankfully, Python’s vivid and living infrastructure offers us quite a few of them. So, it boils down to the wonderful world of packet dissector frameworks for Python. Wireshark dissectors written in Lua are slow and, what’s even worse, very memory-hungry. I need to process tons of traffic (think gigabytes), so I’d like it to be as fast as possible.

#Installing scapy on ubuntu 16.04 software#

Sometimes I just want to access protocol fields programmatically from a normal, popular programming language – ideally Python, as 99% of our software is in Python.

Wireshark functionality is somewhat lacking for me.

Your best bet would be coding them in Lua, but even there you’ll end up writing pretty cryptic code dealing with lots of Wireshark internals. Writing your own dissectors for Wireshark is an option, but it’s not for the faint of heart.

Majority of protocols I work on (beyond Ethernet, IPv4 and TCP/UDP) is binary and proprietary – obviously, Wireshark knows nothing about them.

However, in my case, I seriously want to consider alternatives: Granted, we all know that there’s one true answer for that – and that is Wireshark. Lately I’ve been doing lots of research that deals with dissection and analysis of network packets.