Pcap (Packet CAPture) is an API for network monitoring in network, essentially in LANs (Ethernet, WiFi). It is mainly use for passive monitoring (packet capture) but it can also be used for active monitoring (packet injection). There are implementations for Linux (libpcap), Apple (libpcap) and Windows (WinPcap, Npcap and Win10Pcap) systems. Pcap is used by tcpdump, tshark and Wireshark software, but you can make your own software using it. In this session of Internet Measurement Reading Group, we will present how it works, how it can be used with Node.js (cap and pcap modules) and Python (Scapy), with some application uses cases. For the applications use cases, we will explain how we used Pcap for IoT device type identification and how we are using Pcap in our current IoT Network Monitoring project.
References
Pcap:
https://www.tcpdump.org/
pcap file format: https://wiki.wireshark.org/Development/LibpcapFileFormat
Node.js modules:
– node_pcap (pcap): https://www.npmjs.com/package/pcap
– cap: https://www.npmjs.com/package/cap
Python module:
– scapy: https://scapy.readthedocs.io/en/latest/
Application example:
Nesrine Ammar, Ludovic Noirie, Sébastien Tixeuil, “Autonomous IoT Device Identification Prototype,” best demo paper at Network Traffic Measurement and Analysis Conference 2019, Jun 2019, Paris
https://dx.doi.org/10.23919/TMA.2019.8784517
Presentation materials: Jupyter notebook used during the presentation
- Zipped folder with Jupyter notebook and attached files: link to archive.
- HTML version of the Jupyter notebook: link to the html version of the notebook.