The BSD or Berkely Packet Filter is a register-based filter evaluator and network tap invented 1990 by Steven McCanne and Van Jacobson to replace the CMU/Stanford Packet Filter (CSPF) and Sun NIT filter technology with a faster alternative1).
While bpf consists of two components, the filter evaluator and the network tap, we'll ignore the network tap and focus on the filter evaluator instead.
If you want to use a native library in python, but there is no binding, you can 'try' to interface the library with ctypes.
As I wanted to play with bpf, which is part of libpcap, which lacks a python3 binding, I decided to try ctypes.
What I wanted to do:
Running a honeypot, it is good to see it gets attacked and does something, but more important than attacks you see, are attacks you do not see.
You can miss attacks for many reasons, the most common:
the attack is does not complete due to software bugs or incomplete emulation
the software does not detect the attack
you don't expect an attack on a given port and therefore do not provide a service