Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



15 Commits

Repository files navigation

Send packets to a DB via scapy + JSON

This is a script and module that can run on a computer with the Installation Dependencies listed below. It sniffs packets with Scapy and uploads to a DB w/ API access. I am currently using this along with my Meteorshark project to easily and quickly show packets for demonstrations which require a more friendly & simpler interface than Wireshark.


Currently both .py files need to be in the same folder but I'm working on an installer so the is available for import globally. You only need to add the 'url' and 'userToken' changes in the script, or copy the script and put it into your own file.

Sniffing Packets

Running the with the options object filled out will use scapy to sniff packets (may require root permissions on your system), sending each packet to the meteorshark.uploadPacket() function where they will be parsed and made into a JSON for DB insertion.

Configuring the API endpoint

You will obviously want to push these packets to some sort of API, otherwise you wouldn't be reading this right now. To edit the API endpoint, edit these variables towards the top of the script:

url = "http://localhost:3000/api/packets"

My current API, Meteorshark, uses a Token instead of authentication right now. If you need authentication support, feel free to make a pull request as I would love to have that in here as an option!

Packet Structure

Packets are inserted, stored, and fetched as individual JSON objects in a DB, (I use MongoDB).

JSON properties are as follows:

packet = {
    "timestamp": "",
	"srcIP": "",
	"dstIP": "",
	"L7protocol": "",
	"size": "",
	"ttl": ""
	"srcMAC": "",
	"dstMAC": "",
	"L4protocol": "",
	"srcPort": "",
	"dstPort": "",
	"payload": "",
	"owner": ""

Right now, far too much packet protocol support is being done in this client script and I fully plan on figuring out a way to iterate through each field in the packet layers so that I can dump all the important imformation into the DB. This will allow filtering, sorting, and presentation to be completely handled by the server application pulling packet info from the DB.

Filtering Packets

Packets can be filtered by scapy while sniffing to limit the amount of packets being sent to the API/DB. Scapy uses the BPF syntax which is also used for Wireshark capture filters. The total number of packets to send can also be configured with the count variable.

To add a filter and/or packet count, simply use the CLI '--filter' and '--count' options and enter your values.


  • $ python3 [token] --filter="tcp port 80"
  • $ python3 [token] --filter="host" --count 10
  • $ python3 [token] --count 10

Installation Dependencies


Sniff packets and POST to API







No releases published


No packages published