On Fri, Nov 12, 2010 at 7:37 AM, Jonas | Lamu Software
<jonas@lamusoftware.com> wrote:
Why not try something like?
http://oss.coresecurity.com/projects/pcapy.html
Otherwise you should probably implement threading to
keep track of the different tcpdumps and their results.
http://docs.python.org/library/threading.html
and you are much more likely to get better answers at
http://stackoverflow.com/
:)
On 11/12/2010 03:10 PM, joe mwirigi wrote:
Av an issue with some script or may be logic on howto
I would want to capture the verbose of tcp dump to sniff traffic on a
given port say ssh
so i write some class
# module sniff sniff
class PrimarySpoof:
/ """ Primary spoof class.
This class shall be used to read tcpdump output from the system
it shall then pass this packet to a class variable called
capturedPacket
to make it available to other methods for further manupulation
"""/
capturedPacket=None
*def* __init__(self,port):
""" initialize the port.
"""
self.port = port
*def* initializeTcpdump(self):
# you must have imported the os module
""" This method will initialize tcpdump for the port indicated in the init.
"""
import os
cmd = "tcpdump -nnvvXSs 1514 -i eth0 dst port %d"%self.port
# test if it returns some output
#cmd = "tcpdump -nnvvXSs 1514 -i eth0"
PrimarySpoof.capturedPacket = os.system(cmd)
*def* displayCapturedPacket(self):
""" Display the raw packet.
"""
print PrimarySpoof.capturedPacket
################### end of part sample
My question and problem is if i run several tcp dumps at the same time,
will the output be in sync?
Say
(1) i first run a tcpdump to just get the headers i.e source and
destination without the payload
(2) run another tcpdump just to get the payload
(3) Then I re-assemble the packet and >>> my fun things
OR
Get the entire verbose then get into the regex hell, remember this is a
continual stream, picking out the headers pay load and the tail as well
as doing the processing :
well someone advice
Kind Rgds