It is basically Scapy with 200 lines of code to make it easier to start. That means tshark is alot better as a cli/DSL. Interactiveness is not what Scapy is good at, it is marvelous when you need to e.g. send events to other services based on custom packet event.
EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.
Writing "layout next" in GDB gives you a TUI: Text user interface, like midnight commander. There are so many good debuggers in graphical environments I just wondered if there were any better ones for text.
Edit: I really like this simple Scapy wrapper though! Works like a charm.
I just tried tshark, it outputs just raw packet info without any formatting. My code frmats the packets and gives more usefull insights only when prompted
DoS attacks attempt to overwhelm your system or your system's connection by sheer amount of packets. And here you are capturing those packets and keeping them in memory - this just makes your system fall over faster.
EDIT: I wonder if there is some nice TUI debugger interface/IDE that one could reuse for this. Handling traces Live like this has always been a special skill so I guess specialized tools is a must.. But one would think that all the tooling around KUtrace/ebpf/tcpdump could be generalized in some way.