Write Packets Captured With Scapy Sniff In Time Intervals

I’m trying to dump packets to a file captured by scapy sniff function every 10 second to no avail. That is possible with tcpdump like: tcpdump -s 0 -i -G 10 -w

Solution 1:

Of course it is. Have a look at the wrpcap() documentation.

Essentially, you will simply build a callback function that receives packets and takes actions. Here's a very simple example that is not necessarily intended to be functional. (I'm writing it on the fly here) This should save a cap file every 100 packets. You would simply need to change the logic to be time based instead of packet count based.

#!/usr/bin/env pythonfrom scapy import sniff

pendingPackets = []
baseFilename = "capture-"
totalPackets = 0defhandle_packet(packet):
    pendingPackets.append(packet)
    totalPackets += 1iflen(pendingPackets) >= 100:
        filename = baseFilename + str(totalPackets) + ".pcap"
        wrpcap(filename, pendingPackets)
        pendingPackets = []

sniff(filter="ip", prn=handle_packet)