On Fri, Nov 12, 2010 at 3:10 PM, joe mwirigi
<joemwirigi@gmail.com> wrote:
Av an issue with some script or may be logic on howto
I would want to capture the verbose of tcp dump to sniff traffic on a given port say ssh
so i write some class
# module sniff sniff
class PrimarySpoof:
""" Primary spoof class.
This class shall be used to read tcpdump output from the system
it shall then pass this packet to a class variable called capturedPacket
to make it available to other methods for further manupulation
"""
capturedPacket=None
def __init__(self,port):
""" initialize the port.
"""
self.port = port
def initializeTcpdump(self):
# you must have imported the os module
""" This method will initialize tcpdump for the port indicated in the init.
"""
import os
cmd = "tcpdump -nnvvXSs 1514 -i eth0 dst port %d"%self.port
# test if it returns some output
#cmd = "tcpdump -nnvvXSs 1514 -i eth0"
PrimarySpoof.capturedPacket = os.system(cmd)
def displayCapturedPacket(self):
""" Display the raw packet.
"""
print PrimarySpoof.capturedPacket
################### end of part sample
My question and problem is if i run several tcp dumps at the same time, will the output be in sync?
Say
(1) i first run a tcpdump to just get the headers i.e source and destination without the payload
(2) run another tcpdump just to get the payload
(3) Then I re-assemble the packet and >>> my fun things
OR
Get the entire verbose then get into the regex hell, remember this is a continual stream, picking out the headers pay load and the tail as well as doing the processing :
well someone advice
Kind Rgds
___________________________fun____________________________________
its ok child, He's heard you
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke