Cannot trace error in python pcapy wrapper

I’m using python pcapy in a docker container using this piece of code:

from pcapy import open_live, findalldevs
import sys
import traceback

p = open_live("eth0", 1024, False, 100)
dumper = p.dump_open("test.pcap")

devices = findalldevs()
print dumper, devices
while True:
    except Exception as e:
        print dir(e), e.message, e.args[0]

When I run it I get the following exception:

  • How to access current directory with Boot2Docker and Docker?
  • exposing Mongodb from docker container on server
  • Assign domain name to the container
  • How can I use Windows Containers for Software Testing?
  • is it reasonable to run docker processes under runit/daemontools supervision
  • Bidirectionnal Sync with shell/terminal and actual code in Codenvy
  • Traceback (most recent call last):

    File “”, line 12, in



    I’ve tried to play with the arguments by changing to different maximum packet sizes and setting promiscuous to True.

    I’ve tried to get any message from the exception, but it seems the message is empty. I also skimmed through pcapy source code: since the exception in the PcapyError object is empty and the other PcapErrors in the next function are explicit strings, it implies we are falling into the condition in which buf is empty. It seems pcap_geterr returns an empty string because pp->pcap has been closed and the pointer to the pcap exception no longer exists (take a look into the doc).

    When I run using the loop() method, everything works fine:

    # Modified from:
    import pcapy
    from impacket.ImpactDecoder import *
    # list all the network devices
    max_bytes = 1024
    promiscuous = False
    read_timeout = 100 # in milliseconds
    pc = pcapy.open_live("eth0", max_bytes,
        promiscuous, read_timeout)
    # callback for received packets
    def recv_pkts(hdr, data):
        packet = EthDecoder().decode(data)
        print packet
    packet_limit = -1 # infinite
    pc.loop(packet_limit, recv_pkts) # capture packets

    I really don’t know the source of the problem or what else to do for debugging it.


    I cannot find any error using strace. This is the grep for error in strace output:

    strace python 2>&1 1>/dev/null | grep -i error

    read(6, “\0\0\0t\3\0\0\0intt\n\0\0\0ValueErrort\23\0\0\0_”…, 4096) = 995

    getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

    getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

    getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0


    I also tested pcap.h by calling to pcap_next myself:

     // Modified from:
     #include <pcap.h>
     #include <stdio.h>
     int main(int argc, char *argv[])
            pcap_t *handle;                 /* Session handle */
            char *dev;                      /* The device to sniff on */
            char errbuf[PCAP_ERRBUF_SIZE];  /* Error string */
            bpf_u_int32 mask;               /* Our netmask */
            bpf_u_int32 net;                /* Our IP */
            struct pcap_pkthdr header;      /* The header that pcap gives us */
            const u_char *packet;           /* The actual packet */
            /* Define the device */
            dev = pcap_lookupdev(errbuf);
            if (dev == NULL) {
                    fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
            /* Find the properties for the device */
            if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
                    fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
                    net = 0;
                    mask = 0;
            /* Open the session in promiscuous mode */
            handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
            if (handle == NULL) {
                    fprintf(stderr, "Couldn't open device %s: %s\n", "eth0", errbuf);
            while (1) {
                    /* Grab a packet */
                    packet = pcap_next(handle, &header);
                    /* Print its length */
                    printf("Jacked a packet with length of [%d]\n", header.len);
                    /* Print contents */
                    printf("\tPacket: %s\n", packet);
                    /* And close the session */

    To compile, write it to test_sniff.c and run:

    gcc test_sniff.c -o test_sniff -lpcap

    And I was able to capture packets successfully. So I don’t really know where the problem is…

    Other info to reproduce behaviour

    • Docker version: Docker version 1.5.0, build a8a31ef
    • Docker image is the Docker default Ubuntu
    • Python2.7

  • Docker Container Based on Non Existing Image?
  • Connect to docker containers with just service name and task slot?
  • Apache page retains after exiting docker container
  • Permission denied when changing docker image folder
  • How to share Mac screen to Linux docker container?
  • Couchbase PHP SDK in Docker Container
  • 2 Solutions collect form web for “Cannot trace error in python pcapy wrapper”

    pcapy doesn’t use Python socket module. It won’t raise socket.timeout which is raised if timeout has been enabled by previous socket.settimeout call. socket.settimeout is used to set a socket into blocking, non-blocking or timeout state.

    In pcapy, the timeout argument of open_live is passed to poll syscall at least in Linux, should differ by OS where poll is not available. call raises PcapError if there’s no packet to return because it hasn’t captured any packets yet. It’s not an error, just an indication like StopIteration. It can be ignored and has to be called again.

    Reader.loop won’t return until it has at least one packet to return or an error occurs.

    The following code captures 10 packets and exits.

    from pcapy import open_live, findalldevs, PcapError
    p = open_live("eth0", 1024, False, 100)
    dumper = p.dump_open("test.pcap")
    devices = findalldevs()
    print dumper, devices
    while True:
            packet =
        except PcapError:
            print packet
            count += 1
            if count == 10:

    the answer is pretty simple: will throw on timeout
    your timeout is 100ms (last parameter of open_live)

    so your except should handle the timeout case and you may want to increase the timeout time or set it to 0 for infinite

    you simply expected socket.timeout but PcapError is thrown instead. socket.timeout is the exception thrown by the socket code in the python lib so it is python specific. It is getting wrapped up (maybe just with new versions of pcapy) or it jsut stands for a different kind of timeout (TCP socket related)
    see example pcapy code: example

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.