@ jonas, pcapy worked well with centos, and py2.5 here am using scapy which is the same family with pcapy and impacket. Still scappy is still givingme issues with the payload though its super on all other packet manupulation stuff. With pcapy, i still have to go thro all the classes will get back if it favors me. @aki am trying the xml thingy but holding traffic to memmory .... am not sure its the way i must go thanks all trying out all suggestions *_______________________________________________________________ its ok child, He's heard you * On Fri, Nov 12, 2010 at 7:37 AM, Jonas | Lamu Software < jonas@lamusoftware.com> wrote:
Why not try something like? http://oss.coresecurity.com/projects/pcapy.html
Otherwise you should probably implement threading to keep track of the different tcpdumps and their results. http://docs.python.org/library/threading.html
and you are much more likely to get better answers at http://stackoverflow.com/ :)
On 11/12/2010 03:10 PM, joe mwirigi wrote:
Av an issue with some script or may be logic on howto I would want to capture the verbose of tcp dump to sniff traffic on a given port say ssh so i write some class # module sniff sniff class PrimarySpoof: / """ Primary spoof class.
This class shall be used to read tcpdump output from the system it shall then pass this packet to a class variable called capturedPacket to make it available to other methods for further manupulation """/ capturedPacket=None
*def* __init__(self,port): """ initialize the port.
""" self.port = port
*def* initializeTcpdump(self): # you must have imported the os module """ This method will initialize tcpdump for the port indicated in the init.
""" import os cmd = "tcpdump -nnvvXSs 1514 -i eth0 dst port %d"%self.port # test if it returns some output #cmd = "tcpdump -nnvvXSs 1514 -i eth0" PrimarySpoof.capturedPacket = os.system(cmd)
*def* displayCapturedPacket(self): """ Display the raw packet.
""" print PrimarySpoof.capturedPacket
################### end of part sample
My question and problem is if i run several tcp dumps at the same time, will the output be in sync?
Say (1) i first run a tcpdump to just get the headers i.e source and destination without the payload
(2) run another tcpdump just to get the payload
(3) Then I re-assemble the packet and >>> my fun things
OR Get the entire verbose then get into the regex hell, remember this is a continual stream, picking out the headers pay load and the tail as well as doing the processing :
well someone advice
Kind Rgds
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke