My Findings *def* initializeTcpdump(self): # you must have imported the os module """ This method will initialize tcpdump for the port indicated in the init. """ import os cmd = "tcpdump -nnvvXSs 1514 -i eth0 dst port %d"%self.port # test if it returns some output #cmd = "tcpdump -nnvvXSs 1514 -i eth0" PrimarySpoof.capturedPacket = os.system(cmd) I thought by merely assigning the system command to the object variable, I would woo the packet to it . After several tries and some rechecks, I found out that the Ovariable capturedPacket was returning empty so there are no string manipulations i could do on it. Unless it was possible to load the system verbose to this variable, this may not be the way to go... Leaves me with andrews idea of saving the file, or the pcapy/scapy way, myPacket = IP(dst = "somewhere.now")/TCP(dport=443,flags="S") thePayload = myPacket.payload.payload #work the rest *_______________________________________________________________ its ok child, He's heard you * On Fri, Nov 12, 2010 at 10:06 AM, joe mwirigi <joemwirigi@gmail.com> wrote:
@andrew, I've decided to split the packet as it comes in, and hand over the data to another method to proccess, does this have a negative impact on the network and (2) with higher loads will the same be felt by the network. i.e assuming traffic passes through this machine as a proxy
*_______________________________________________________________ its ok child, He's heard you *
On Fri, Nov 12, 2010 at 9:51 AM, Andrew Wachira <washirah@gmail.com>wrote:
@aki - yes; it's possible to read as you write - just keep track of your descriptors!
On 12 November 2010 15:46, joe mwirigi <joemwirigi@gmail.com> wrote:
@andrew, am also trying to listen into very specific ports and dst IPs, I think this narrows the payload by far, and thus a small server machine is able to hundle this very comfortably
*_______________________________________________________________ its ok child, He's heard you *
On Fri, Nov 12, 2010 at 9:31 AM, aki <aki275@gmail.com> wrote:
@Andrew, sorry for asking this thing and this thread a learning lesson for me. Because the data is continuous, If he was to use a file and as the file stream writes, is it possible to read the same stream for sampling while writing? Rgds :-)
On Fri, Nov 12, 2010 at 5:12 PM, Andrew Wachira <washirah@gmail.com>wrote:
Mwirigi - to process Mbps/Gbps payload data as fast as you're telling us you want, you may need a cluster or some other parallel distributed processing system which i don't think you have at the moment coz your question wouldn't appear on the list.. (and it's thus clear you can't be working with NSIS so it may take you time to get this going..) note also that unless your kernel is intentionally broken in special ways to bias fairness, your process would be quickly terminated as a memory/processor hog.
So take my suggestion, first dump to file then process later.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- http://www.chromeexperiments.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke