Filter pcap pap protocol without pyshark

Question

I want to access data in pap packets, currently i'm using pyshark with the following code

import pyshark,sys

cap = pyshark.FileCapture('test.pcap',display_filter='ppp && not ppp.length')

for packet in cap:
        if packet.pap.get_field_value('peer_id'):
            print ('user: '+packet.pap.peer_id+" logged in")

and it works fine on my pc and raspberrypi unfortunately i want to use this code on openwrt/lede router on which pyshark can't be installed due to ccache error:

unable to execute 'ccache_cc': no such file or directory

which i assumed that openwrt lacks some compiler features so I tried to install other pcap parsing libraries and could install scapy, dpkt and pypcapfile and they all installed fine so how can I convert my code to use one of these libraries

Answer 1

Thanks to @pierre I found out that the development version of scapy has some new usefull classes (PPP_PAP and PPP_PAP_Request) so I was able to write a working code for my problem and it works in python2 and python3

from scapy.all import PPP,PPP_PAP_Request,sniff

def logusers(pkt):
        if PPP_PAP_Request in pkt:
                print(pkt[PPP_PAP_Request].username.decode()+" logged in")
sniff(count=0,offline='all.pcap',prn=logusers,filter="pppoes",store=0)

I used sniff function because i found it a bit lightweight and fast(i'm trying to run the code on an embedded system after all) But nevertheless it's still a bit slow and i don't know if there is something faster (maybe other than scapy) so i'm not going to accept this answer for a while

Answer 2

With Scapy (use the development version from GitHub), you can try:

from scapy.all import PcapReader, PPP_PAP_Request

for pkt in PcapReader('test.pcap'):
    if PPP_PAP_Request in pkt:
        print(pkt.sprintf('user: %PPP_PAP_Request.username% logged in'))