Cannot trace error in python pcapy wrapper

I’m using python pcapy in a docker container using this piece of code:

from pcapy import open_live, findalldevs
import sys
import traceback

p = open_live("eth0", 1024, False, 100)
dumper = p.dump_open("test.pcap")

devices = findalldevs()
print dumper, devices
while True:
    except Exception as e:
        print dir(e), e.message, e.args[0]

When I run it I get the following exception:

  • SparqlVerse issue with Docker
  • Is there a way to make a bootable Linux live USB disk from a Linux docker container?
  • connecting to AWS server where docker is deployed through template
  • Cannot install mysql-server in docker
  • docker-proxy - Error starting userland proxy while trying to bind on 443
  • Can Ansible deploy Docker containers remotely?
  • Traceback (most recent call last):

    File “”, line 12, in



    I’ve tried to play with the arguments by changing to different maximum packet sizes and setting promiscuous to True.

    I’ve tried to get any message from the exception, but it seems the message is empty. I also skimmed through pcapy source code: since the exception in the PcapyError object is empty and the other PcapErrors in the next function are explicit strings, it implies we are falling into the condition in which buf is empty. It seems pcap_geterr returns an empty string because pp->pcap has been closed and the pointer to the pcap exception no longer exists (take a look into the doc).

    When I run using the loop() method, everything works fine:

    # Modified from:
    import pcapy
    from impacket.ImpactDecoder import *
    # list all the network devices
    max_bytes = 1024
    promiscuous = False
    read_timeout = 100 # in milliseconds
    pc = pcapy.open_live("eth0", max_bytes,
        promiscuous, read_timeout)
    # callback for received packets
    def recv_pkts(hdr, data):
        packet = EthDecoder().decode(data)
        print packet
    packet_limit = -1 # infinite
    pc.loop(packet_limit, recv_pkts) # capture packets

    I really don’t know the source of the problem or what else to do for debugging it.


    I cannot find any error using strace. This is the grep for error in strace output:

    strace python 2>&1 1>/dev/null | grep -i error

    read(6, “\0\0\0t\3\0\0\0intt\n\0\0\0ValueErrort\23\0\0\0_”…, 4096) = 995

    getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

    getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0

    getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0


    I also tested pcap.h by calling to pcap_next myself:

     // Modified from:
     #include <pcap.h>
     #include <stdio.h>
     int main(int argc, char *argv[])
            pcap_t *handle;                 /* Session handle */
            char *dev;                      /* The device to sniff on */
            char errbuf[PCAP_ERRBUF_SIZE];  /* Error string */
            bpf_u_int32 mask;               /* Our netmask */
            bpf_u_int32 net;                /* Our IP */
            struct pcap_pkthdr header;      /* The header that pcap gives us */
            const u_char *packet;           /* The actual packet */
            /* Define the device */
            dev = pcap_lookupdev(errbuf);
            if (dev == NULL) {
                    fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
            /* Find the properties for the device */
            if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
                    fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
                    net = 0;
                    mask = 0;
            /* Open the session in promiscuous mode */
            handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
            if (handle == NULL) {
                    fprintf(stderr, "Couldn't open device %s: %s\n", "eth0", errbuf);
            while (1) {
                    /* Grab a packet */
                    packet = pcap_next(handle, &header);
                    /* Print its length */
                    printf("Jacked a packet with length of [%d]\n", header.len);
                    /* Print contents */
                    printf("\tPacket: %s\n", packet);
                    /* And close the session */

    To compile, write it to test_sniff.c and run:

    gcc test_sniff.c -o test_sniff -lpcap

    And I was able to capture packets successfully. So I don’t really know where the problem is…

    Other info to reproduce behaviour

    • Docker version: Docker version 1.5.0, build a8a31ef
    • Docker image is the Docker default Ubuntu
    • Python2.7

  • RoR Processing messages off an Message Queue
  • Unable to access my web2py app login page by running docker container using gae
  • How to enable docker remote API in “Docker for Windows”
  • Does a docker container launched from Docker-in-Docker container inherit orphan/zombie reaping from the docker-in-docker container?
  • Ember in docker with nginx can't reach server container
  • What is the (best) way to manage permissions for docker shared volumes
  • 2 Solutions collect form web for “Cannot trace error in python pcapy wrapper”

    pcapy doesn’t use Python socket module. It won’t raise socket.timeout which is raised if timeout has been enabled by previous socket.settimeout call. socket.settimeout is used to set a socket into blocking, non-blocking or timeout state.

    In pcapy, the timeout argument of open_live is passed to poll syscall at least in Linux, should differ by OS where poll is not available. call raises PcapError if there’s no packet to return because it hasn’t captured any packets yet. It’s not an error, just an indication like StopIteration. It can be ignored and has to be called again.

    Reader.loop won’t return until it has at least one packet to return or an error occurs.

    The following code captures 10 packets and exits.

    from pcapy import open_live, findalldevs, PcapError
    p = open_live("eth0", 1024, False, 100)
    dumper = p.dump_open("test.pcap")
    devices = findalldevs()
    print dumper, devices
    while True:
            packet =
        except PcapError:
            print packet
            count += 1
            if count == 10:

    the answer is pretty simple: will throw on timeout
    your timeout is 100ms (last parameter of open_live)

    so your except should handle the timeout case and you may want to increase the timeout time or set it to 0 for infinite

    you simply expected socket.timeout but PcapError is thrown instead. socket.timeout is the exception thrown by the socket code in the python lib so it is python specific. It is getting wrapped up (maybe just with new versions of pcapy) or it jsut stands for a different kind of timeout (TCP socket related)
    see example pcapy code: example

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.